Between April and June this year, audit and consulting firm EY conducted a survey of 80-odd companies and subsidiaries of multinational companies operating in India.
The survey covered a wide range of sectors, including banking & finance, manufacturing, media & entertainment, pharmaceutical, information technology-enabled services and automobiles.
The exercise was aimed at checking the level of compliance when it came to putting in place a whistle blower mechanism and a system to detect frauds, according to the requirement of Companies Act, 2013.
The anecdotal results confirmed the worst fears - only 13 per cent of the respondents indicated their whistle-blowing frameworks were fully compliant with the requirements of the Act, though 75 per cent said they had a formal fraud response system in place.
Reflecting India Inc's poor preparedness, 22 per cent of the respondents said they had implemented a structured whistle-blowing mechanism once they realised they didn't have one.
Just 57 per cent of the companies had hotlines as part of their response mechanism, considered a popular and effective channel for fraud detection globally.
In another low, 56 per cent of the respondents said they had a single channel for employees to report complaints.
Just 32 per cent outsourced their vigil mechanism to third-party service providers, seen as a sign for a business entity's commitment to fraud detection.
Directors' dilemma
Given India Inc's dismal track record in detecting and reporting frauds, many independent directors are being vocal about the need to put in place an effective vigil mechanism, before joining a board.
"Fraud is a big concern among many board members" admits Kiran Karnik, an independent director in several boards.
Karnik was chairman of the government-appointed board that oversaw the management of scam-hit Satyam Computer Services.
Corporate lawyers say the responsibilities and liabilities of a director, as stated in the Companies Act, 2013, in a fraud-hit company puts added pressure to ensure an effective vigil mechanism.
Many first-time independent directors Business Standard spoke to said a fraud-detection system, including the presence of a whistle-blower policy, was part of their due diligence before they decided to take up any board position.
The apprehension of directors with respect to fraud detection and internal controls isn't unjustified, says Arpinder Singh, partner and national leader (fraud investigation and dispute services), EY. "Overseeing the organisation's whistle-blowing framework forms an important aspect of their duties," he adds.
What is also making companies jittery is the scope of the definition of fraud under the new Companies Act is wide.
For instance, not disclosing a material claim by a customer at the time of applying for a bank loan might be construed as fraud, says Sai Venkateshwaran, partner and head (accounting advisory services), KPMG in India.
Auditors' take
According to the new law, auditors have to report all frauds detected during the course of an audit to the government, irrespective of the nature or the amount involved.
Rohit Mahajan, senior director and head, Deloitte Forensic, says a threshold for reporting frauds is required because reporting all frauds detected during the course of an audit could lead to practical challenges for companies, auditors and the government.
Auditors said under the draft rules of the Companies Act, 2013, only material frauds had to be reported.
However, the final rules did away with any distinction between material and immaterial fraud. And, auditors could be fined Rs 1-25 lakh for not reporting frauds.
In several global legislations, materiality is given preference over the value of fraud.
For instance, in the US, an auditor is expected to report findings to the board depending on the materiality, irrespective of the size or number of instances of fraud.
The UK specifically mandates auditors to report any fraud that could result in material misstatement, fraudulent financial reporting or misappropriation of assets, says Mahajan.
Audit firms want the reporting requirement to be limited to frauds that have been investigated and concluded, not mere allegations.
Following a representation by accounting and audit companies, the Ministry of Corporate Affairs has asked the Institute of Chartered Accountants of India to suggest a threshold for reporting of fraud to the government.
The way forward
Corporate lawyers and experts say the way forward for corporate India is to tighten its vigil mechanism and internal control systems.
Most companies are expected to adopt a risk-based approach to accounting and auditing.
"Companies should aim to integrate fraud risk management frameworks across all their processes so that it becomes easy to detect and tackle any wrongdoing at an early stage," says Mahajan.
The senior management should demonstrate its commitment to managing fraud risks, while communicating these efforts to employees.
"Companies should also have a strategy in place to deal with a situation when a fraud is detected," says Karnik.