Can COBIT 5 helps us in the challenges of Companies Act, 2013 ???

Co-written with Anish Jain.

INTRODUCTION

Change is a key to growth and success. The same is applicable to our enactments also. If enactments do not change with time, they will lose their value and effectiveness. We have already observed incidents that have been reported due to ineffective law effectiveness and enforcement. Talking of such change in regulations, there is a lot of buzz around the amendments and additions made in “THE COMPANIES ACT, 2013”. We are going to discuss the following: -

• What is COBIT 5?
• How COBIT 5 is related to Companies Act, 2013?
• What are the challenges posed by Companies Act, 2013?
• How COBIT 5 can be used to face those challenges?

INTRODUCTION TO COBIT 5

COBIT 5 (Control Objectives for Information and Related Technology) is a business framework for the Governance and Management of Enterprises IT (Information Technology) developed by ISACA. This framework assists the enterprises in achieving their objectives for the governance and management of enterprise IT. It helps enterprises create optimal value from IT by maintaining a balance between realizing benefits and optimizing risk levels and resource use. The framework has already been recognized throughout the world. It is based on the five generic principles namely: -

• Meeting stakeholder needs
• Covering the enterprise end-to-end
• Applying a Single, Integrated Framework
• Enabling a Holistic Approach
• Separating Governance from Management

Together, these five principles enable the enterprise to build an effective governance and management framework that optimizes information and technology investment and use for the benefit of stakeholders

RELATIONSHIP OF COMPANIES ACT, 2013 AND COBIT 5

Regulations like Companies Act, 2013 and other governs the operations of an enterprise by defining the limits or boundaries within which organization needs to operate. However, all the operations of the enterprise can be categorized in two categories i.e. IT related processes and Non-IT related processes. COBIT Framework governs and manages the IT related processes. For large companies, more than 70-80% of their processes are IT-enabled. Hence internal controls are automated or semi-automated to a large extent. COBIT framework can help to put a process to design, implement and monitor internal controls on a sustainable basis. So, what we conclude from here is an enterprise using COBIT Framework can operate in best possible manner within the boundaries defined by the regulation i.e. provisions of Companies Act, 2013 and that’s how they are related to each other.

CHALLENGES POSED BY COMPANIES ACT, 2013

Many amendments and additions have been made and posed challenges to enterprises in terms of timely compliance of the same. Here we are focusing on those which are related to IT related processes, i.e. as follows: -

1. a) There shall be attached to statements laid before a company in general meeting, a report by its Board of Directors, which shall include a statement indicating development and implementation of a risk management policy for the company including identification therein of elements of risk, if any, which in the opinion of the Board may threaten the existence of the company. (Sec-134(3n))
2. b) The Independent director shall help in bringing an independent judgment to bear on the Board’s deliberations on risk management resources and satisfy themselves that financial controls and the systems of risk management are robust and defensible. (Sec-149(8))
3. c) Every audit committee shall act in accordance with the terms of reference specified in writing by the Board which shall inter alia include evaluation of internal financial controls and risk management systems. (Sec-177(4)(vii))
4. d) Such class or classes of companies as may be prescribed shall be required to appoint an internal auditor, who shall either be a chartered accountant or a cost accountant, or such other professional as may be decided by the Board to conduct internal audit of the functions and activities of the company. (Sec-138(1))
5. e) The auditor’s report shall state that whether the company has adequate internal financial controls system in place and the operating effectiveness of such controls. (Sec-143(3)(i))

SOLUTION FROM COBIT 5 FRAMEWORK

COBIT 5 Framework while providing solution, works in a very unique manner i.e.

Solution for the given challenges is as follows: -

Step 1: Identify Stakeholder Drivers

All the regulatory requirements discussed above are the drivers for our stakeholders.

Step 2: Determine Stakeholder Needs

Stakeholder need is to comply with all the provisions.

Step 3: Relate Needs to Enterprise Goals

Based on needs, following enterprise goals have been identified: -

1. a) IT compliance and support for business compliance with external laws and regulations.
2. b) Managed IT-related business risks.
3. c) IT compliance with internal policies.

Step 4: Align IT-Related Goals with Enterprise goals

1. a) Compliance with external laws and regulations.
2. b) Compliance with internal policies.
3. c) Managed business risk (safeguarding of assets)
4. d) Business service continuity and availability.
5. e) Optimisation of service delivery costs.

Step 5: Select Processes based on IT-Related Goals

On the basis of above identified IT-Related Goals, we will identify the processes which will provide us the solution in the form of best management practices. Twenty-Six identified processes . To mention a few:

1. a) Ensure Governance Framework Setting and Maintenance.
2. b) Manage Service Agreements.
3. c) Ensure Risk Optimisation.
4. d) Ensure Stakeholder Transparency.
5. e) Manage the IT Management Framework.
6. f) Manage Risk.
7. g) Manage Security.
8. h) Manage Changes and many more….

Hence, COBIT 5 Framework proves to be the ideal framework for any enterprise to adopt and get the desired results (value creation) in form of:

• Benefits Realisation
• Risk Optimisation
• Resources Optimisation