On 14 December 2015, the Ministry of Corporate Affairs (MCA) came out with a notification pertaining to reporting of frauds (Rule 13 to the Companies (Audit and Auditors) Amendment Rules, 20151). This notification also indicated what could be considered an acceptable threshold value of fraud loss from a reporting standpoint (individually an amount of rupees one crore or above, in this case) – an aspect of materiality that was until now left to the company's discretion.

MCA's notification on 'Reporting of frauds by auditor and other matters'

A brief outline

The notification states that if an auditor has "reason to believe" that fraud, which involves or could potentially involve individually an amount of rupees one crore or above, is being or has been committed against the company, the auditor needs to report the matter to the Central Government within 60 days of his or her knowledge of such a fraud. The process for doing this, includes reporting the matter to the company's Board or the Audit Committee within 2 days (of coming to know about the fraud), seeking a response from the Board or Audit Committee on the matter (within 45 days), and forwarding this response along with the auditor's own report to the Central Government (within 15 days). In case of no response from the Board or Audit Committee, the auditor's report along with the communication sent to the Board should be forwarded to the Central Government.

In case of a fraud involving amounts less than rupees one crore, the auditor needs to report the matter to the Audit Committee or the Board within 2 days of coming to know about the fraud.

To ensure further transparency, the MCA requires each of such frauds to be disclosed in the Board's Report. Contents of the auditor's report should include nature of the fraud and a brief description, approximate amount involved in the fraud and potential parties involved. Additionally, the Board's Report should also mention 'Remedial actions taken' in that regard.

Implications

Some implications of this notification on organizations – 5 considerations

While the MCA notification is a welcome addition to the plethora of measures taken in recent times by the government to tackle fraud, it leaves room for several clarifications.

1 Source: http://www.mca.gov.in/Ministry/pdf/Amendement_Rules_14122015.pdf

2 As per Rule 13 the Companies (Audit and Auditors) Amendment Rules, 2015 and also in line with the Revised Guidance note on fraud reporting issued by ICAI Guidance Note on Reporting on Fraud under Section 143(12) of the Companies Act, 2013 (Revised 2016).

3 At the time of writing this document, the MCA notification did not cover fraud or non-compliance by vendors and third parties who may have been acting on behalf of the company. A good practice nevertheless, is for companies and auditors to include these parties also in the ambit of fraud risk management.

Conclusion

The MCA notification is yet another push by the government to ensure that organizations have a functional fraud risk management framework in place that can detect fraud in the early stages. Those without such a framework are likely to struggle to investigate any suspicious incidents pointed out by auditors. Further, by indicating a threshold value for reporting fraud, the government is also encouraging companies to understand that losses due to fraud can make a significant dent in the company's operations and its reputation – an aspect that was hitherto not widely acknowledged by many organizations in public. While, it is early days since the notification, it will be interesting to note how organizations perceive and act on the issue of computing and reporting fraud loss.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.