Education
In this context two important acts and their relevant provisions should
be understood;
1.
The companies act
2.
IT act
1.
The Companies Act, 2013
The Companies Act, 2013 has two very important Sections - Section 134 and Section 143, which have a direct impact on the audit and accounting profession.
Section 134
Section
134 of the Companies Act, 2013 on “Financial statement, Board’s report, etc.” states
inter alia:
The Directors’
Responsibility Statement referred to in clause (c) of sub-section
(3) shall state that:
(A) The directors had taken proper and sufficient care for the
maintenance of adequate accounting records in accordance with the provisions of
this Act for safeguarding the assets of the company and for preventing and
detecting fraud and other irregularities;
(B) The directors, in the case of a listed company, had laid down internal financial controls to be followed by the company and that such internal financial controls are adequate and were operating effectively.
Section 143
Section
143, of the Companies Act 2013, on “Powers and duties of auditors and auditing
standards” states inter alia:
Section 143(3) contains the auditor's
report which states:
“Whether the company
has adequate internal
financial controls system
in place and the
operating effectiveness of such controls”
Note: Adequacy and effectiveness: Adequacy of the control design and
whether control has been working effectively over the relevant financial year.
As per ICAI’s
“Guidance Note on Audit of Internal Financial Controls over Financial Reporting”:
Clause (i) of Sub-section 3 of Section 143 of the Companies Act, 2013 (‘the 2013 Act’ or ‘the Act’) requires the auditors’ report to state whether the company has adequate internal financial controls system in place and the operating effectiveness of such controls.
I.
Management’s Responsibility
The 2013 Act has significantly expanded the scope of internal
controls to be considered
by the management of companies to cover all aspects of the operations of the company.
Clause (e) of Sub-section 5 of Section
134: Requires the directors,
responsibility statement to state that the directors, in the case of a listed
company, had laid down internal financial controls to be followed by the company
and that such internal financial controls are
adequate and were operating effectively.
Clause (e) of Sub-section 5 of Section
134: Defines ‘internal financial
controls’ as ‘the policies and procedures adopted by the company for ensuring
the orderly and efficient conduct of its business, including adherence to
company’s policies, the safeguarding of its assets, the prevention and
detection of frauds and errors, the accuracy and completeness of the accounting
records, and the timely preparation of reliable
financial information.
Rule 8(5)(viii) of the Companies (Accounts) Rules, 2014: Requires the Board of Directors’ report of all companies to state the details in respect of adequacy of internal financial controls with reference to the financial statements.
II. Auditors’ Responsibility
The auditor’s objective in an audit of internal financial controls over financial reporting is to express an opinion on the effectiveness of the company’s internal financial controls over financial reporting and the procedures in respect thereof are carried out along with an audit of the financial statements.
Company’s internal controls can’t be considered effective if one or more material weakness exists, to form a basis for expressing an opinion, the auditor should plan and perform the audit to find sufficient evidence to obtain reasonable assurance about whether material weakness exist as of the date specified in management assessment.
A material weakness in internal financial control may exist even when the financial statements are not materially misstated.
III. Corporate Governance Requirements
Corporate Governance: It is the framework of rules and practices by which a board of directors ensures
accountability, fairness, and
transparency in a company’s relationship with its all stakeholders
(financiers, customers, management, employees,
government, and the community).
The corporate governance framework consists of:
I. Explicit and implicit contracts between the company and the stakeholders for distribution of responsibilities, rights, and rewards
II. Procedures for reconciling the sometimes-conflicting interests of stakeholders in accordance with their duties, privileges, and roles, and
III. Procedures for proper supervision, control, and information-flows to serve as a system of checks-and-balances.
2. Information Technology Act (IT Act)
· This Act aims to provide the legal infrastructure
for e-commerce in India. And the cyber laws have a major impact for
e-businesses and the new economy in India.
· It was introduced in 2000 and was amended in 2008.
Cyber-crime:
n Diagram
We can clearly see here that cybercrime is not different
than the traditional crime, but only difference is that in cyber-crime computer
technology is involved and thus it sis a computer related time.
IT Act,2000
Ø Information technology act
2000 is the primary Indian law dealing with cyber-crime and e-commerce.
Ø This act aims to provide the
legal infrastructure for e-commerce in India.
Ø Cyber-laws have major impact
for e-business and the new economy in India.
Ø It was amended in 2008 to
address issues like Child Pornography, Cyber terrorism and data protection etc.
Ø This act recognizes
electronic records, digital signatures and activities carried out by electronic
means like e-mail etc.
Ø The act states that unless
otherwise agreed, an acceptance of contract may be expressed by electronics
means of communication and the same shall have legal validity and
enforceability.
# some definitions of IT
Act:
Definitions mentioned below are useful to technically understand the concept of cyber-crime. The reason is simple- Object of offence or target in a cyber-crime are either the computer or data stored in it.
Sr. No. |
Terms |
Sections (Defined in) |
1. |
Access |
2(a) |
2. |
Computer |
2(i) |
3. |
Computer Network |
2(j) |
4. |
Data |
2(o) |
5. |
Information |
2(v) |
Detailed definitions of above mentioned terms as defined under section2 IT Act 2000:
Sr. No |
Terms |
Definition |
1. |
Access |
“Gaining entry
into, instructing or communicating with the logical, arithmetical, or memory
function resources of a computer, computer system or computer network.” |
2. |
Computer |
“Computer means
any electronic, magnetic, optical or other high speed data processing device
or system which performs logical, arithmetic and memory functions by
manipulations of electronic, magnetic or optical impulses, and includes all
input, output, processing, storage, computer software, or communication
facilities which are connected or related to the computer in a computer
system or computer network.” |
3. |
Computer Network |
Interconnection of
two or more computer or computer systems or communication device through:- a.
The use of
satellite, microwave, terrestrial line, wire, wireless or other communication
media;
And
b.
Terminals or a
complex consisting of two or more interconnected computers or communication
device whether or not the interconnection maintained continuously. |
4. |
Data |
It means a
representation of information, knowledge, facts, concepts or instructions which
are being prepared or have been prepared in a formalized manner, and is
intended to be processed, is being processed or has been processed in a
computer system or computer network and may be in any form (Including
computer printouts, magnetic or optical storage, punched cards, punched
tapes) or stored internally in the memory of the computer. |
|
|
|
5. |
Information |
Includes data,
message, text, images, sound, voice, codes, computer programmes, softwares
and database or microfilm or computer generated microfinche. |