Regulatory & Compliance Requirements

In this context two important acts and their relevant provisions should be understood;


1.       The companies act

2.       IT act


1.       The Companies Act, 2013

The Companies Act, 2013 has two very important Sections - Section 134 and Section 143, which have a direct impact on the audit and accounting profession.

Section 134


Section 134 of the Companies Act, 2013 on “Financial statement, Board’s report, etc.” states inter alia:

The Directors’ Responsibility Statement referred to in clause (c) of sub-section (3) shall state that:


(A) The directors had taken proper and sufficient care for the maintenance of adequate accounting records in accordance with the provisions of this Act for safeguarding the assets of the company and for preventing and detecting fraud and other irregularities;


(B) The directors, in the case of a listed company, had laid down internal financial controls to be followed by the company and that such internal financial controls are adequate and were operating effectively.

Section 143

Section 143, of the Companies Act 2013, on “Powers and duties of auditors and auditing standards” states inter alia:

Section 143(3) contains the auditor's report which states:

“Whether the company has adequate internal financial controls system in place and the operating effectiveness of such controls”


Note: Adequacy and effectiveness: Adequacy of the control design and whether control has been working effectively over the relevant financial year.


As per ICAI’s “Guidance Note on Audit of Internal Financial Controls over Financial Reporting”:


Clause (i) of Sub-section 3 of Section 143 of the Companies Act, 2013 (‘the 2013 Act’ or ‘the Act’) requires the auditors’ report to state whether the company has adequate internal financial controls system in place and the operating effectiveness of such controls.

I.        Management’s Responsibility

The 2013 Act has significantly expanded the scope of internal controls to be considered by the management of companies to cover all aspects of the operations of the company.


   Clause (e) of Sub-section 5 of Section 134:  Requires the directors, responsibility statement to state that the directors, in the case of a listed company, had laid down internal financial controls to be followed by the company and that such internal financial controls are adequate and were operating effectively.


   Clause (e) of Sub-section 5 of Section 134: Defines ‘internal financial controls’ as ‘the policies and procedures adopted by the company for ensuring the orderly and efficient conduct of its business, including adherence to company’s policies, the safeguarding of its assets, the prevention and detection of frauds and errors, the accuracy and completeness of the accounting records, and the timely preparation of reliable financial information.


   Rule 8(5)(viii) of the Companies (Accounts) Rules, 2014: Requires the Board of Directors’ report of all companies to state the details in respect of adequacy of internal financial controls with reference to the financial statements.


II.      Auditors’ Responsibility

   The auditor’s objective in an audit of internal financial controls over financial reporting is to express an opinion on the effectiveness of the company’s internal financial controls over financial reporting and the procedures in respect thereof are carried out along with an audit of the financial statements.

   Company’s internal controls can’t be considered effective if one or more material weakness exists, to form a basis for expressing an opinion, the auditor should plan and perform the audit to find sufficient evidence to obtain reasonable assurance about whether material weakness exist as of the date specified in management assessment.

    A material weakness in internal financial control may exist even when the financial statements are not materially misstated.

III.    Corporate Governance Requirements

  Corporate Governance: It is the framework of rules and practices by which a board of directors ensures accountability, fairness, and transparency in a company’s relationship with its all stakeholders (financiers, customers, management, employees, government, and the community).


The corporate governance framework consists of:

          I. Explicit and implicit contracts between the company and the stakeholders for distribution of responsibilities, rights, and rewards 

         II. Procedures for reconciling the sometimes-conflicting interests of stakeholders in accordance with    their duties, privileges, and roles, and

         III. Procedures for proper supervision, control, and information-flows to serve as a system of checks-and-balances.

2.      Information Technology Act (IT Act)


·    This Act aims to provide the legal infrastructure for e-commerce in India. And the cyber laws have a major impact for e-businesses and the new economy in India.


·    It was introduced in 2000 and was amended in 2008.



n  Diagram

We can clearly see here that cybercrime is not different than the traditional crime, but only difference is that in cyber-crime computer technology is involved and thus it sis a computer related time.


IT Act,2000

Ø  Information technology act 2000 is the primary Indian law dealing with cyber-crime and e-commerce.

Ø  This act aims to provide the legal infrastructure for e-commerce in India.

Ø  Cyber-laws have major impact for e-business and the new economy in India.

Ø  It was amended in 2008 to address issues like Child Pornography, Cyber terrorism and data protection etc.

Ø  This act recognizes electronic records, digital signatures and activities carried out by electronic means like e-mail etc.

Ø  The act states that unless otherwise agreed, an acceptance of contract may be expressed by electronics means of communication and the same shall have legal validity and enforceability.


# some definitions of IT Act:


Definitions mentioned below are useful to technically understand the concept of cyber-crime. The reason is simple- Object of offence or target in a cyber-crime are either the computer or data stored in it.

Sr. No.


Sections (Defined in)








Computer Network








Detailed definitions of above mentioned terms as defined under section2 IT Act 2000:

Sr. No





“Gaining entry into, instructing or communicating with the logical, arithmetical, or memory function resources of a computer, computer system or computer network.”



“Computer means any electronic, magnetic, optical or other high speed data processing device or system which performs logical, arithmetic and memory functions by manipulations of electronic, magnetic or optical impulses, and includes all input, output, processing, storage, computer software, or communication facilities which are connected or related to the computer in a computer system or computer network.”


Computer Network

Interconnection of two or more computer or computer systems or communication device through:-

a.       The use of satellite, microwave, terrestrial line, wire, wireless or other communication media;




b.      Terminals or a complex consisting of two or more interconnected computers or communication device whether or not the interconnection maintained continuously.



It means a representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalized manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network and may be in any form (Including computer printouts, magnetic or optical storage, punched cards, punched tapes) or stored internally in the memory of the computer.






Includes data, message, text, images, sound, voice, codes, computer programmes, softwares and database or microfilm or computer generated microfinche.

Request for DEMO Talk to Our Expert