Coal Gate Scam – Should Auditors Comment on Policy Decisions?

The Coal Gate Scam report has squarely put the loss of Rs. 1.86 lakh crores (USD 35. 097 billion) at the Prime Ministers door. Comptroller and Auditor General (CAG) report states that Prime Minister Manmohan Singh agreed to introduce competitive bidding for allocation of coal blocks way back in October 2004. However, his office indulged in delay tactics of approving the revised policy. This resulted in allocation of coal blocks according to the old policy introduced in 1993. Failure to use competitive bidding resulted in a loss of Rs. 1.86 lakh crores (USD 35.097 billion).

This raises interesting questions from the corporate sector perspective. Should auditors see the validity and applicability of policies? Alternatively, should they restrict their role to the compliance of existing policies?  What happens when a policy or standard operating procedure of an organization is redundant however is still being followed? If competitors are using better processes, technology and policies than the organization, what role should auditors play in it?

1.     Delaying Policies Becomes a Political Game

According to the CAG report, the Screening Committee allocated blocks and the process lacked transparency. Allegations are that private companies with political links benefited at the expense of others. However, competitive bidding policy could have been introduced with an amendment from the administrative desk. Prime Minister’s role becomes critical as he was also fulfilling the responsibilities of Minister of Coal. CAG says he made it into a bigger issue that the policy should be changed for all minerals and not just coal; hence the process for making such large-scale policy change was different. This allowed the coal ministry to follow the 1993 process.

This happens in the corporate sector too. For instance, an employee or a small group suggest a change to an existing control process that will take just one man-month effort. Some others with vested interests do not wish for the change to occur. However, they can’t reject the suggestion for strengthening controls without looking bad. Hence, to stall the project, they add a few more suggestions which make the project larger into 24 man-months effort. Now the change can only happen once the huge budget is approved. Since, the project is not priority; it stays on the bottom of the budget approval list. Hence, status quo remains and subsequently someone exploits the control weakness to conduct a fraud.

In such a situation, as an internal auditor would you highlight the initial attempt to strengthen controls and put responsibility on the other group for delaying the change? Do we as internal auditors go back in such depth to find out what projects or policies were kept pending approval and they had such a huge negative impact?

2.     Auditor’s Role in Policy Review

The Supreme Court has upheld CAGs power to comment on policies. Justices R M Lodha and A R Dave bench said “Do not confuse the constitutional office of CAG with that of an auditor of a company or corporation.” This response was in respect to a petitioner’s contention that CAG should restrict itself to auditing expenditure and not comment on the government’s rational of policy decisions. The bench had further added – “CAG is not the traditional Munimji to prepare only balance sheets. It is constitutionally mandated to examine the efficiency, effectiveness and economy of the decisions of the government in using resources. If the CAG will not do this, then who will?

This viewpoint raises some interesting points for internal auditors in the corporate world. Should auditors be commenting on strategic or policy decisions of the company?

For instance, the company decides to use print media for advertising open job positions. However, it is much cheaper to use job portals and social media. These significantly reduce the cost of recruitment. Should an auditor restrict himself to checking that all expenditure is authentic or question the hiring policy?

Another aspect is the strategy decisions. Let us say, Company A decided not to enter into the emerging markets, whereas Company B operating in the same industry entered the emerging markets and increased the profitability tremendously. Should an auditor audit strategic decisions, and not just say that it is management responsibility. Where is the line of demarcation drawn in respect of corporate internal audit?

Institute of Internal Auditors new standard applicable from 2013 ‘Achievement of the organization’s strategic objectives’ states that – “The internal audit activity must evaluate risk exposures relating to the organization’s governance, operations, and information systems regarding the achievement of the organization’s strategic objectives”.  Hence, should we conclude that evaluating strategic decisions comes under internal audit purview?

3.     Auditor’s Role in Calculating Presumptive Loss

The CAG audit reports on 2G licenses and Coal Block allocations have raised a storm due to the calculation of presumptive loss figures. The government’s contention is that CAG should not be calculating the opportunity loss, as policy decisions are taken to benefit the public.

CAG however, contended that – “We had never commented on government policies, neither did we ever say that auction was the only route or that all natural resources should be auctioned. In both 2G spectrum licences and coal block allocations, we had only commented on the ‘effectiveness or non-implementation’ of policies. The presumptive loss or windfall gain figures are only to highlight the serious issues of an act of commission during implementation of government policies.”

In the corporate world, internal auditors make an observation and restrict their recommendations to suggest improvements. In rare cases, a cost-benefit analysis is done on the impact of the control weakness. We generally fail to draw management attention to the seriousness of the issue, as they are no numbers given. Should corporate internal auditors change their approach to audit work to give a cost-benefit analysis for their observations? Will that garner more attention from the management and initiate action?

Closing Thoughts

These are questions worth debating about and there are no easy answers. The business world internal auditors can learn quite a few lessons from the government auditors. They are doing a good job of raising contentious issues. Below is a poll to assess your views.


  1. CAG not a ‘munimji’ of govt’s balance sheet: SC
  2. CoalGate: CAG does not let Manmohan, PMO off the hook
  3.  Performance Audit of Allocation of Coal Blocks and Augmentation of Coal Production (Ministry of Coal)

3 comments on “Coal Gate Scam – Should Auditors Comment on Policy Decisions?

  1. Read this discussion from Linkedin group Internal Auditors Group. Very interesting viewpoints are given so I thought I will share it with you all.

    1. Suresh
    Suresh P. • Yes they should. In fact, they should be part of committee to draft policies for business due to their overall multi department experience. The controls related to policy decision must be tested periodically to decide upon effectiveness of the policy and amendments to be done if any.

    2. Sonia
    Sonia J. • Interesting, if internal auditors draft policy, then won’t they lose their independence. Should it be that after a new policy is drafted, the internal auditor audit comments should be taken?


    3. Suresh
    Suresh P. • IA needs to be part of the committee to vet the policies, whereas drafting taken care of by the business. Otherwise, we will only keep handling post mortem and blunders. IA needs to take care of Advisory, Audit as well Assurance into the overall Audit/Control Framework.

    4. Theo-wiaplah
    Theo-wiaplah G. • Sonia,
    Thanks once more for posting such an important topic for discussion. The Supreme Court of India was not in error neither were the auditors wrong for the position they took regarding the policies. I would like to draw you attention to the two cardinal statements embedded in the definition of of internal auditing as authorized by the IIA “Helping the Organization Accomplish its Objectives” and
    “Evaluating and improving the effectiveness of risk management, control, and governance processes.” These statements create the firm basis upon which auditors perform their duties. In our quest to assist management in accomplishing it objectives we are under obligation to ascertain whether the policies and procedures management applied in a given situation was proper, fully adhered to and effective. It is managements duty to design those policies as owners of the processes, while it is our duty to evaluate it effectiveness and determine whether or not their adherence will bring improvement and the objectives of management will be achieved.

    5. Sonia
    Sonia J. • Theo-wiaplah, thank for the compliment. And both of you have raised interesting viewpoints. How about a team of internal auditors periodically/ annually review all the policies to see their relevance in the prevailing business climate. We make policies under certain circumstances, and when the situation changes we don’t change the policy.

    6. Theo-wiaplah, you bought out a relevant point on objectives. In the re-branding of internal audit, a gentleman gave a brilliant explanation. He said instead of Risk and Controls, what if say assurance on meeting objectives. That gives a positive spin to the function. Also, it puts light on the main task – help the organization achieve its objectives. When we say risk, the objective bit gets disconnected. So maybe we should try thinking differently.

    7. Suresh
    Suresh P. • With GRC softwares, we need to work online which applies to Policy drafting/approval process as well. The audits need to be designed and re-designed on weekly basis with the help of GRC. I think annual process is now outdated. Let’s replace words periodically/annually with online. The policy needs to define the sensors which need to be constantly tested for highlighting violations. Definition of sensors is the key as far as i understand.

    8. Sonia
    Sonia J. • Good point on making it online and realtime and the sensors. But is changing policy so frequently the right course of action?

    9. Suresh
    Suresh P. • Economic Times is full of policy changes everyday not to mention most of them affect the business policies and initiatives. Unfortunately, we have no choice it seems. Also it would depends on how professionally has the policy been drafted and the level of introspection.

    10. Jean-Louis
    Jean-Louis V. • Sonia, this article is most interesting, and I really encourage everyone to read it.
    The CAG (Comptroller and Auditor General) reply says it all: they never comment on a Policy, simply review its implementation. The Policy to submit large sales of assets (coal blocks, 2G licenses) through competitive bidding was taken in 2004, and it was not enforced. Therefore the Auditor role in highlighting this issue is clearly defined.
    But where this article becomes clearly interesting is about the delay tactics argued by the vested interests. Excuses are always easy to find. Again, the GAP came with the best tactics: they quantify the loss (although this may quickly become a complicated exercise) to draw maximum attention…. and sure they did!
    Therefore IMHO, this case does not highlight that the Auditor should help drafting Policies, but instead should have an independent reporting line, the competence to dig in those murky areas of selling coal blocks, and the guts to report them. And I can only say to this GAP: a job very well done!
    And finally, be warned: in similar cases, the vested interests may decide to get the Auditor on-board some committees for the Policy implementation, and will bombard them with delay tactics while diverting their audit attention and giving the false impression that Audit endorses the delays in implementing the Policy. IMHO, better to remain outside the role of drafting policies when one become suspicious that there is something fishy there (of course, we can always give some advice).

    11. Sonia
    Sonia J. • Jean_Louis, I suspect you are right. If the auditor gets involved in drafting policies, then they become part of the management games and lose their independence.

    I was wondering, keeping Suresh’s viewpoint in mind, should auditors obtain a list of the policies in draft stage and check out how long is it taking to issue and implement the same, and their impact on business. That would prevent management from delaying stuff and issuing the right kind of policies.


    12. Chetan
    Chetan L. • I would like to simplify the issue at hand here. The fundamental objective of any state function is to strive for the benefit of the general citizen at large. So every action of the function is to be measured using this context. For example, reservations in job and education are provided to certain sections of the society on the premise that the growth of this section of the society would ensure equality in the long term future, thereby reducing friction between different sections of the society. However an effected individual (who has lost out due to this reservation practise) may not agree to this; however the moot point is that this step is supposedly in line with the primarily objective.

    With regard to the issue at hand, the rationale behind the decision to allocate coal blocks has not been adequately explained. What is not clear is that whether this move would benefit the general public, whether it is by reduced electricity costs to the common man, increased employement, upliftment of an otherwise backward region, etc. If the Government can explain that the revenue loss would be compensated by corresponding benefits to the common, I do not think that CAG would have commented or should comment on such a decision. Because the primarily objective is not being met, I think the CAG is within its right to question a decision whether it is strategic or tactical.

    However in a Corporate environment, the objectives are translated into strategic decisions which is the pererogative of the Management. Basically, an corporate entity exists to take risks thereby bringing value to its owners. And to take advantage of such risks, the Management has to take strategic decisions for example to enter into a new market or start a entirely different product line. An auditor is in no position to comment on the logic of the strategic decision taken by the Management. At the most, the Auditor can comment whether a due process was followed, whether all relevant information was considered and whether such a decision was within the risk appetite of the Company. If an auditor contests strategic decisions, then the Auditor as well may start managing the Company; there will essentially be no different between the Auditor and Management.

    However an auditor can definately question the tactical decisions taken by Management i.e. whether these decisions are in line with strategic objectives. And it is very important to diffrentiate between strategic and tactical objectives.

    13. Chetan
    Chetan L. • While preparing and enforcing policies is the prerogative of the Management, an Auditor should assess whether such policies are in line with the primary or strategic objectives. It does not matter whether such policies are finalized or in a draft stage or are practised informally.Ultimately if the actions taken are contraty to the primary objectives, then the Auditor should flag this an issue.

    14. Jean-Louis
    Jean-Louis V. • Sonia, that’s a very good point indeed. Delaying the implementation of sound policies or finding exceptions to it is a time-honored tactics by vested interests, and indeed Audit should identify prime policies (in regard of fraud potential among else), and check their implementation progress.
    As for Chetan enlightened comment, also straight to the point: IMHO Audit should not have a say in strategic objectives, or many management decisions whatsoever. In the case of the coal blocks, the bidding Policy was established. However, if the integer corporate auditor sees that it is a Senior Management decision to have no transparent assets sales policy, he should just leave that rotten company. But the GAP reports to the general public, and is again right to highlight the issue.
    But I spoke enough and will take the backstage now, surely this issue will attract more comments from our distinguished profession.

    15. Sonia
    Sonia J. • This discussion is turning interesting, so many different views and all have valid points.

    Chetan, I understand the public good from government actions, but if a policy is used to benefit a select view, then public objective is betrayed. Overall, I agree with your viewpoint, but am surprised by the following statement:

    “An auditor is in no position to comment on the logic of the strategic decision taken by the Management”

    Why do you think an auditor cannot evaluate strategy. Now the focus is shifting that auditors and risk managers should actively participate in evaluating strategy.

    Jean-Louis also says – stay away from strategy, and now we have strategic risk management as a discipline.

    Should we be relooking at it?

    16. Chetan
    Chetan L. • The term ‘strategy’ itself implies a plan arising out of various courses of actions available. For example, an company may not enter a particular geography because of perceived corruption risks whereas another company with the same credentials may be willing to do so. Well,both the decisions are appropriate from their respective perspectives and nobody is right or wrong.

    As I reiterated earlier, an auditor cannot comment on the logic of a strategic decision; ultimately this is decision of the Management because the Managment will reap or bear the consequences of a decision. However an Auditor can do take part in the decision making process as an impartial observer and bring forth perspectives on whether the decision was taken in the right context and frame, whether risks were adequately considered and whether the decision was taken by appropriate personnel. However an auditor cannot question the decision just because he does not agree with it or has a different perspective.

    17. Sonia
    Sonia J. • Okay, let me play the devils advocate out here. The debate is absolutely brilliant.

    In an auditor is supposed to ensure that management takes all appropriate actions in respect of risk, controls and governance to meet the strategic objectives, then obviously the strategy itself comes in question.

    The second aspect is according to a McKinsey report, just about 6.5% of the organizations have a robust strategy development process. Most organizations assimilate annual business plans and pass it off as strategy. There is a huge difference between the two. So shouldn’t the strategy development process itself be audited?

    And is the strategy development process is not upto the mark, can we say strategic objectives were set right. Strategy is at the top, if that is wrong, all the operations, processes, and technology will not yield results. So why do we consider auditing strategy out of scope?

    18. Chetan
    Chetan L. • If strategic decisions go wrong, it is not implied that underlying decision was wrong in the context of the conditions which existed at the point of time at which the decision was taken. Take for example the case of Nokia or RIM; both companies were doing extremely well; Nokia with their strategy of selling low cost phones and RIM with strategy of concentrating in the business space. But down the lines things have gone wrong for them due to multiplicity of factors (such as advent of andriod, increasing use of smartphones and apps) which were not visible earlier. These factors caused a paradigm change in the market. Just because things did not turn out well does not mean the whole decision making process was wrong. There is a degree of uncertainity attached with any decision and more so when you are taking a strategic decision which spans across a longer period. For all you know,Apple, which is doing very well now, may not be visible 5 years down the line. Nobody is questioning their strategy now; but if things start going badly, then questions will be raised. It is always easy to point out the fallacies of a decision in retrospect.

    Failures in meeting objectives will occur because of uncertainty. If there was no uncertainty, everybody would follow the same path and take the same decision. As a corollary, we would not be having this discussion if everybody out here viewed and perceived the same things in the same manner. To digress, certainity and consistency kills creativity.

    With reference to the strategy development process, Internal Audit may have a role to play. To illutrate, IA may comment on whether strategies are reviewed consistently and communicated effecitvely, whether a consensus has been taken by the Senior Management, whether a structured decision making process has been followed and whether this strategy is in line with the ‘ DNA’ (culture and risk appetite) of the organization. Basically IA can comment on the underlying factors which lead to decision making but not the decision itself.

    But again, decision making per se does not adhere to a pre written check list or a standardized program. Its more of a art rather than an science. Every decision is unqiue and taken in a unique environment and the factors which contribute to decision making may exist in varying degrees or may not exist at all. For example, in critical information relevant to a decision may not be available, but Management will have to take a decision in its absence.Hence it will not very realistic to audit the decision making progress using a textbook approach.

    To put it in a nutshell, question a decision which was taken incompetently. But you cannot question a decision taken in the event of uncertainity,

    19. Sonia
    Sonia J. • Chetan,

    Kudos to you, a very well argued case. Agree with you completely.


    20. Ahmed
    Ahmed B. • Hi Sonia,
    The issue is very relevant. To my point of view and regarding to my experience in a government owned company, the answer depends to what level of authority the internal auditor is reporting. When the internal audit function is under the authority of management, the latter will not accept any interference of the IA (maybe some recommandations would be authorized if the IA prooved its competency and showed strong leadership). But when the internal audit is reporting beyond the top management i.e. to the stockholders (or to the governement if the latter owns the company), then the range of action of the IA is larger. But in all cases, the chart of the IA should define clearly what are his duties and assignments. This chart should be proposed by the IA and approved by the audit committee if there is one, or an adhoc committe of the stockholders. The IA should be very cautious when reporting directly and only to management. Otherwise, if independance criteria are not met, then it’s better to resign or at least negociate with management some adjustment of the assignments.

  2. Pingback: Ernst & Young Insight For Internal Audit Transformation | Sonia Jaspal's RiskBoard

  3. Pingback: Industry Disruption Risks | Sonia Jaspal's RiskBoard

Comments are closed.