Latest Blogs from SBS and Company LLP

    Key Topics Covered:

    Burdensome Compliance- Intimation of Estimated Tax Liability – New Rule 

    Contributed by CA Ramprasad T

    Risk Management :

     

    Risk management is an integral part of the group’s business control. Risks that may pose a threat to achieving business objectives are identified, and measures are implemented to mitigate and monitor the identified risks.

     

    Responsibility for Risk Management:

     

    The line organization has the primary responsibility for managing business risks. Line managers are responsible for identifying, monitoring, implementing measures and reporting all relevant business risks. The Chief Risk Officer is responsible for coordinating and monitoring the risk management processes in the group and consolidating the quarterly risk reports for Group Management and the Board of Directors. To support the Chief Risk Officer a Risk Management Committee has been established.

     

    Risk Areas

     

    The risk assessment and follow-up is divided into three areas;

     

    1. Business and financial risks: Business units and head office functions manage business continuity within their respective operational area of responsibility based on specified requirements. A process exists to regularly identify business and financial risks that could lead to material misstatements of financial information. The risks are reported by each sub-entity in a bottom-up process, and presented in quarterly business review meetings.

     

    1. Corporate responsibility: Corporate responsibility is integrated into the day-to-day business as well as M&A and strategic purchasing processes.

     

    1. IT and security: Within IT and security, potential threats to the IT environment are identified and plans are established to prevent problems in the continuity of the business. This area also covers preventive security measures and crisis management.

     

    Challenges in Control Environment:

     

    The control environment was not routinely discussed in executive or board discussions before the U.S. Sarbanes-Oxley Act of 2002 was enacted. Since that time, auditors have focused on evaluating the existence and execution of elements of the environment. Most discussions reflect how a positive control environment can strengthen the organization’s overall culture and ethics program. However, it can also be viewed in reverse — what risk does a poor control environment bring to the organization?

     

    “Tone at the top,” “management philosophy and operating style,” and “segregation of duties” are phrases commonly used to describe the control environment. These attributes are difficult to measure accurately. An environment that is not effectively evaluated, measured, and monitored may spawn many unacceptable internal and external risks.

     

     

    18  | P a g e


     

    SBS Wiki                                                                                                                                                      www.sbsandco.com/wiki

     

    As if the risk of an improperly functioning control environment is not enough, the concept is com- plicated when internal auditors attempt to communicate control environment weaknesses to management. Many organizations rely on questionnaires and anonymous surveys for their assessments. Organizations must proactively peer through these techniques and evaluate the overall transparency of their assessment methods.

     

    The subjective, non- transaction oriented nature of the control environment creates many challenges. Organizations establish policies, but as changes occur, those policies may no longer be effective. The control environment changes, as well. To address the risk of a poor control environment, organizations must evolve their assessment methods.

     

    1. Tone at the Top

     

    An organization’s tone is often interpreted as the tone conveyed by senior leaders. This makes evaluation a political hot potato. It can be perilous for internal auditors to advise management that certain actions may not be “setting the right tone.” Yet, to address the risk appropriately, auditors must provide assurance that the policies management has put in place are executed effectively. For example, Company A maintains an authorization policy for procurement professionals. On the surface, this appears to contribute to a strong control environment while mitigating the risk of conflict of interests. However, what if the policy does not cover strategic areas such as contract approvals, management overrides, and monitoring methods? Also, assume the policy was created strictly by the finance organization. Taken in the aggregate, each of these factors could create risk to the control environment.

     

    This situation creates a dilemma. How should theserisks be communicated to management? What if issues are communicated, but management concludes the gaps are not significant concerns? Management’s basis for this conclusion may be that no actual problems have been identified to date. To address the risk appropriately, auditors must ask, “If an issue has not yet come to light or been identified, should that fact minimize the finding?”

     

    What if the auditor’s opinion of the gap’s severity differs from management’s opinion? Organizational leaders may push back if they receive a poor control environment assessment. An obvious step for internal auditors may be to speak to the audit committee, but this can be challenging. It may be difficult to communicate a control environment gap to an audience that has been preconditioned by management’s view.

     

    To resolve these dilemmas, auditors can:

     

    Ensure they have authority to analyze and communicate the situation beyond just the existence of policies.

     

    Ensure management understands the difference between a control gap and a control failure. It is important to know whether the gap has created a failure, but just because it hasn’t failed to date should not minimize the impact of the gap. The inability to recognize this cause- and-effect relationship will put the control environment at significant risk

     

    Encourage independent communication with board members. If management and the auditor disagree about the severity of the issue, the board must be open to both sides of the argument.

     

    19 | P a g e


    The Risk In Control Enviornment

     

     

    SBS Wiki                                                                                                                                                      www.sbsandco.com/wiki

     

    1. Management Philosophy and Operating Style

     

    Philosophy and operating style include how management executes its day to day responsibilities and the manner in which executives provide overall direction. Consider an example of quarterly attestations and their impact on the control environment. These procedures often involve business-unit managers providing personal subcertifications on controls for their areas of responsibility.

     

    Assume the procedure for quarterly attestations was established several years ago. The subcertification states: “To the best of my knowledge, internal control procedures and financial information within my area of responsibility are accurate and complete.” The certification was originally accompanied by specific training for the business-unit leaders. Fast forward several years. Many personnel signing the attestations are individuals who have been promoted into new positions but have not been trained on the attestation requirements. New management views the process as a “step” they must complete each quarter because of compliance requirements. If the auditor assumes the standard process of attestation is effective, there may be a risk to the control environment. Because the attestation is a simple signature, the risk exists that management is simply following alegacy process and does not understand the need for disclosure controls. Outlining the risk may convince management to re-evaluate and solidify the process.

     

    1. Segregation of Duties

     

    A strong control environment can only be supported through appropriate segregation of duties. Segregation of duties assist in mitigating the potential for one person to maintain control over an entire process, thus having the opportunity to perpetrate some undesirable behavior. When evaluating the sufficiency of segregation of duties, internal auditors examine responsibilities around transaction authorization, recording, custody of asset, and reconciliation. Depending on organizational resources, it may not be possible for the organization to fully implement appropriate segregation of duties. In this situation, auditors must assess the risk embedded in the processes, attempt to quantify the risk, communicate to management their observations, and provide alternative methods in which management can monitor transaction activity or provide additional checks and balances for the process

     

    A Thorough Assessment of Control Environment

     

    The control environment is the foundation upon which an organization can effectively execute strategy. If management focuses only on “check the box” activities, it will miss critical attributes that may result in major gaps that ultimately impact the organization’s viability and control environment. That is why it is important for internal auditors to fully assess gaps or flaws and provide adequate assurance regarding the sufficiency of controls.

    Finance Act 2017 has introduced Section 45(5A) providing that income arising to individual or HUF from transfer of capital asset, being land or building or both under a specified agreement is chargeable to tax in the previous year in which certificate of completion for the whole or part of the project is issued by the competent authority.

     

    "Specified Agreement" refers registered agreement under which the owner of the land or building or both agrees to allow other person to construct property on it in consideration for share in the building or land or both in the project with or without payment of consideration in cash.- In common parlance referred to as " Joint Development Agreement" ( Simplified for understanding) .

     

    A new section194IC inserted providing for deduction of tax at source @ 10% on payment of any sum byway of monetary consideration under the agreement referred to in section 45(5A). The provisions of section 206AA will apply for failure on part of the payee to submit his PAN to the payer.

     

    The section 194IC is attracted to when the payment is made to resident under the agreement referred to in section 45(5A) by any person, resident or non-resident. There is no monetary limit set under the section for deduction of tax at source.

     

    The monetary limit mentioned in section 194IA is not applicable as the section194IC starts with ' notwithstanding anything contained in section 194IA'.

     

    If the payee is non-resident, tax has to be deducted U/S 195 and not U/S 194IC.

     

    The timing of deduction of tax at source would be earliest of credit of such sum to the account of the payee or payment thereof in cash1 or by way of issue of a cheque or draft or any other mode.

     

    Though the tax is deducted at the earliest of credit or payment under the agreement the income is chargeable to tax in the year in which certificate of completion for the whole or part of the project is issued by the competent authority. As a result the deductee has to carry forward the credit of tax to the previous year in which capital gain become taxable.

     

    As per section 199 read with rule 37BA(3)(I) credit for the tax deducted at source and paid to the Central Government shall be given for the assessment year for which such income is assessable.

     

     

     

     

     

     

     

     

     

     

    1Beware of provisions of section 269SS.

     

     

     

    16  | P a g e


     

    SBS Wiki                                                                                                                                                       www.sbsandco.com/wiki

     

    For the purpose of section 194IC the provisions of section 50C are not relevant as the section provides for deduction of tax at source on the monetary consideration paid under the specified agreement. The stamp duty value on the date issue of certificate of completion for whole or part of the project is relevant for computation of capital gains in the hands of land owner.

     

    Section 197 provides issue of certificate for deduction of tax at lower rate or non-deduction of tax by the Assessing Officer. However, section 197 has not provided for such benefit for the amount covered U/S 194IC.

    Subscribe SBS AND COMPANY LLP updates via Email!