How an effective audit committee can keep you out of the headlines
May 2015 | SPECIAL REPORT: OPERATING AN EFFECTIVE BOARD
Financier Worldwide Magazine
The complexity of business transactions, globalisation and continuous changes in technology mean that today’s companies must invest more than ever in compliance activities. Even as companies boost their compliance investments, corporate scandals continue to grab headlines and corporate boards are challenged with the task of overseeing increasingly complex risks. When these negative headlines arise, they not only damage a company’s reputation, but can also lead to a loss of customers, an economic loss to shareholders, added regulatory scrutiny, increased legal risks or fines and penalties – all of which may ultimately lead to a company’s failure. This complexity can cause confusion about the roles and responsibilities of different members of an organisation. The audit committee plays several unique roles related to a company’s compliance environment and also can positively influence the corporate governance structure of the entity.
Audit committees have responsibilities related to the oversight of the independent auditor, internal audit function and financial reporting; risk management evaluation and monitoring; and the process for investigating complaints, including suspected fraud. In addition to these responsibilities, audit committees can play a positive role in impacting corporate governance.
Oversight of external auditors
The audit committee is responsible for the appointment and oversight of the external auditor, including the approval of fees for both audit and non-audit services. The direct communications between the audit committee and the external auditor also enable the audit committee to gain additional insight into the operations of the company. Conversations with external auditors should go beyond a review of the financial statements and include obtaining the auditor’s perspectives on the tone at the top, assessment of significant risks, relevance of the internal audit plan, management’s awareness and focus on internal controls and the overall quality of the internal control structure, management’s coordination with the auditors, control deficiencies and difficulties obtaining audit evidence.
Oversight of internal auditors
While much of the same information is shared between management and both internal and external auditors, there are certain areas of focus for each. The audit committee should have direct interaction with and oversight of internal auditors. Audit committee members should be educated about the nature and purpose of the internal audit function and should clearly understand their role in monitoring internal controls and with the company’s fraud risk assessment, if any. Audit committee discussions with the internal audit team can address topics such as significant investments, pressures on management (earnings targets, performance measures, etc.), quality of internal controls, quality and depth of the accounting function and management’s awareness of and focus on internal controls.
Risk management evaluation and monitoring
The New York Stock Exchange’s corporate governance rules require audit committees of listed corporations to discuss risk assessment and risk management policies. The audit committee should possess knowledge of core risk management principles in order to effectively assess performance of internal controls.
Oversight of financial reporting
Audit committee members should be familiar with the fundamentals of accounting, critical accounting policies, significant and unusual transactions and estimates and your AS 16 letter. The audit committee is responsible for reviewing earnings releases; annual and interim financial statements and disclosures; and management’s discussion and analysis. In addition to the reviews of the financial information, the audit committee should evaluate whether management has established appropriate controls over financial reporting to accurately accumulate and prepare the financial information. These controls should relate to financial information in filings and press releases as well as other financial information disclosed to the public.
Process for investigating complaints, including suspected fraud
The audit committee should understand and be adequately involved with the company’s process to evaluate complaints or tips received regarding the quality of the company’s financial information. This could include the establishment of a whistleblower hotline, which allows for anonymous disclosure without retribution. It also may include direct involvement in investigations when fraud is suspected.
If the audit committee is involved in response to suspected fraud, integration with external parties such as legal counsel, law enforcement, regulators and forensic accountants may be needed.
Potential areas of focus
In addition to the core financial statement responsibilities outlined above, audit committees can also engage in dialogue with management and internal and external auditors to evaluate the strategic, operational and compliance risks. For example, the audit committee could assess these areas by asking several questions, such as, how does enterprise risk management advance the development and execution of corporate strategy, and improve operational and compliance structures? Who is ultimately responsible for these areas? What formal training and experience do these individuals have? How does the company monitor compliance with established risk management programs? How are non-compliance issues addressed? Does the company have strategic goals for corporate compliance and, if so, do these goals align with the corporate risk management strategy? The answers to these questions should give you a good idea of where the company is at with its compliance efforts – and where the audit committee might want to obtain more information or recommend additional programs be undertaken by management.
The company’s ability to comply with uncontrollable external factors such as competitive and economic conditions, government regulations, foreign operations, new technological advancements, industry accounting practices and changes in social attitudes are crucial to success. Equally as important are internal environmental factors such as organisational structure, objectives and policies, controls and procedures, legal obligations and management’s risk assessment process. Although the audit committee is required to focus on financial reporting, having an understanding and dialoguing with management on all of these factors enables it to provide insight into the risks that may impact the company as well as evaluating whether all known risks are appropriately addressed in the issued financial information.
An effective and efficient audit committee working with the management team and internal and external auditors increases the company’s transparency and provides additional awareness of the potential risks the company might face. When you’re more aware of potential risks, you’re more prepared to proactively manage them, which can help reserve those headlines for your company’s good news.
John Brackett is a partner at McGladrey LLP. He can be contacted on +1 (704) 442 3820 or by email: firstname.lastname@example.org.
© Financier Worldwide