Can COBIT 5 helps us in the challenges of Companies Act, 2013?

By CA
Anand Prakash Jangid and CA Anish Jain

 INTRODUCTION

15.0pt;vertical-align:baseline’>Change
is a key to growth and success. The same is applicable to our enactments also.
If enactments do not change with time, they will lose their value and
effectiveness. We have already observed incidents that have been reported due
to ineffective law effectiveness and enforcement. Talking of such change in
regulations, there is a lot of buzz around the amendments and additions made in “THE
COMPANIES ACT, 2013”
. We are going to discuss the following: –

  • What is COBIT 5?
  • How COBIT 5 is related
    to Companies Act, 2013?
  • What are the challenges
    posed by Companies Act, 2013?
  • How COBIT 5 can be used
    to face those challenges?

15.0pt;vertical-align:baseline’>INTRODUCTION TO COBIT 5

  • Meeting stakeholder
    needs
  • Covering the enterprise
    end-to-end
  • Applying a Single,
    Integrated Framework
  • Enabling a Holistic
    Approach
  • Separating Governance
    from Management
  • 15.0pt;vertical-align:baseline’> 

    15.0pt;vertical-align:baseline’>Regulations
    like Companies Act, 2013 and other governs the operations of an enterprise by
    defining the limits or boundaries within which organization needs to operate.
    However, all the operations of the enterprise can be categorized in two
    categories i.e. IT related processes and Non-IT related processes. COBIT
    Framework governs and manages the IT related processes. For large companies,
    more than 70-80% of their processes are IT-enabled. Hence internal controls are
    automated or semi-automated to a large extent. COBIT framework can help to put
    a process to design, implement and monitor internal controls on a sustainable
    basis. So, what we conclude from here is an enterprise using COBIT Framework
    can operate in best possible manner within the boundaries defined by the
    regulation i.e. provisions of Companies Act, 2013 and that’s how they are
    related to each other.

    15.0pt;vertical-align:baseline’>CHALLENGES POSED BY COMPANIES ACT, 2013

  • a) There shall be
    attached to statements laid before a company in general meeting, a report
    by its Board of Directors, which shall include a statement indicating
    development and implementation of a risk management policy for the company
    including identification therein of elements of risk, if any, which in the
    opinion of the Board may threaten the existence of the company.
    (Sec-134(3n))
  • b) The Independent
    director shall help in bringing an independent judgment to bear on the
    Board’s deliberations on risk management resources and satisfy themselves
    that financial controls and the systems of risk management are robust and
    defensible. (Sec-149(8))
  • c) Every audit committee
    shall act in accordance with the terms of reference specified in writing
    by the Board which shall inter alia include evaluation of internal
    financial controls and risk management systems. (Sec-177(4)(vii))
  • d) Such class or classes
    of companies as may be prescribed shall be required to appoint an internal
    auditor, who shall either be a chartered accountant or a cost accountant,
    or such other professional as may be decided by the Board to conduct
    internal audit of the functions and activities of the company.
    (Sec-138(1))
  • e) The auditor’s report
    shall state that whether the company has adequate internal financial
    controls system in place and the operating effectiveness of such controls.
    (Sec-143(3)(i))
  • 15.0pt;vertical-align:baseline’>SOLUTION FROM COBIT 5 FRAMEWORK

    15.0pt;vertical-align:baseline’>Solution
    for the given challenges is as follows: –

    15.0pt;vertical-align:baseline’>Step 1: Identify Stakeholder Drivers

    15.0pt;vertical-align:baseline’> 

    15.0pt;vertical-align:baseline’>Stakeholder
    need is to comply with all the provisions.

    15.0pt;vertical-align:baseline’>Step 3: Relate Needs to Enterprise Goals

  • a) IT compliance and
    support for business compliance with external laws and regulations.
  • b) Managed IT-related
    business risks.
  • c) IT compliance with
    internal policies.
  • 15.0pt;vertical-align:baseline’>Step 4: Align IT-Related Goals with Enterprise goals

    1. a) Compliance with
      external laws and regulations.
    2. b) Compliance with
      internal policies.
    3. c) Managed business risk
      (safeguarding of assets)
    4. d) Business service
      continuity and availability.
    5. e) Optimisation of
      service delivery costs.

    15.0pt;vertical-align:baseline’>Step 5: Select Processes based on IT-Related Goals

  • a) Ensure Governance
    Framework Setting and Maintenance.
  • b) Manage Service
    Agreements.
  • c) Ensure Risk
    Optimisation.
  • d) Ensure Stakeholder
    Transparency.
  • e) Manage the IT
    Management Framework.
  • f) Manage Risk.
  • g) Manage Security.
  • h) Manage Changes and
    many more….
  • 15.0pt;vertical-align:baseline’>Hence,
    COBIT 5 Framework proves to be the ideal framework for any enterprise to adopt
    and get the desired results (value creation) in form of:

    • Benefits Realisation
    • Risk Optimisation
    • Resources Optimisation