Role of the audit committee in M&A



FW moderates a discussion on the role of the audit committee in M&A between Jack Capers, a partner at King & Spalding LLP, Jason Anglin a partner at KPMG LLP, and Brian Hoffmann, a partner at McDermott Will & Emery LLP.

FW: To what extent have the responsibilities of the audit committee changed in recent years? What does its typical role and remit look like today?

Anglin: Audit committees continue to evolve as risks to business and financial reporting change, and as new risk areas emerge. The traditional role of the audit committee, with oversight of financial reporting and internal and external auditing, now encompasses a much broader enterprise-wide view. It has grown from solely focusing on the financial statement risk to encompassing a holistic view of the risk to the enterprise and how those risks may materialise. Increasingly, audit committees also report having responsibility for a host of other major risks, from cyber security and emerging technologies to global compliance and supply chain risk. Furthermore, many boards are reassessing how they allocate risk, recognising that an overloaded audit committee is a less effective audit committee.

Hoffmann: The breadth and depth of audit committee responsibilities continue to expand. Today’s audit committee maintains its core mandate of audit and financial reporting oversight, but it also frequently evaluates enterprise risk in its myriad forms. It must tackle the demands of increasing complexity and diligence required of its core mandate, such as Sarbanes-Oxley compliance in the US, while also evaluating an ever changing list of enterprise risks, including newly ascendant risks such as cyber security. The role of the audit committee can be demanding, given the inherent limitations in time and areas of expertise among the members. Recognising this, many companies are opting to assign the risk assessment function to a separate risk committee, even in industries outside of finance. Subdividing risk assessment functions among multiple committees, based on expertise, is also a viable option. Here the audit committee might play a smaller, albeit crucial, role in risk assessment.

Capers: The responsibilities of the audit committee have changed dramatically over the last 10-12 years, as a result of a number of regulatory developments along with new rules and listing standards for public companies adopted by the SEC and stock exchanges. These new laws and listing standards have changed the qualifications of members of an audit committee, and have expanded their responsibilities in the corporate governance structure of public companies. Today, the audit committee of a US public company has a number of core responsibilities. Primarily, it must assist the board of directors in its oversight of the company’s financial statements and reporting. It must also assist with the company’s disclosure and internal controls, regulatory compliance and operational risk management, as well as the firm’s policies and codes of conduct and ethics. The independence, qualifications and performance of the company’s internal audit team and the independent auditor must also be handled by the committee.

Increasingly, audit committees also report having responsibility for a host of other major risks, from cyber security and emerging technologies to global compliance and supply chain risk.
— Jason Anglin

FW: In what way has the scope and influence of the audit committee expanded during the M&A process? What impact are they having, particularly from a corporate governance point of view?

Capers: Under state law, the decision of a corporation to engage in an M&A transaction is ultimately the responsibility of the full board of directors. In making these decisions, however, the board is entitled to rely on information, opinions, reports and statements provided by board committees. As boards have become more actively involved in overseeing strategic transactions, they have increasingly sought advice from audit committees in evaluating issues in M&A. A board may ask the audit committee of a company involved in an acquisition to evaluate and express an opinion on the quality of the financial statements and financial reporting of the target company, including their accounting policies as well as their internal and disclosure controls.

Hoffmann: The Sarbanes-Oxley regulations, an enhanced focus on the Foreign Corrupt Practices Act in the US and the Bribery Act in the UK, as well as new categories of risk like cyber security, all highlight the importance of audit committees and other risk-assessing committees. However, we must keep in mind that directors and executives have been dealing with increasing regulations and greater liability for some time. Committees act as surrogates of the full board of directors, and when board responsibilities increase, as they have in recent years, the scope and responsibilities of the audit committee and other board committees have also increased. To the extent the audit committee, or any other board committee, is involved in M&A, they should have a positive effect. Management can sometimes get caught up in the contest. Outside oversight can help management to focus on what they are trying to achieve strategically.

Anglin: Audit committees, because of their financial expertise and experience, have become more involved in the M&A lifecycle, from potential investment targets through due diligence to post-mortem analysis of a deal. Though the oversight of M&A will vary by company and industry, we generally see the board being responsible for the strategic alignment and value creation potential of a transaction, with the oversight of the execution and evaluation of a transaction delegated to the audit committee. For particularly large, complex or transformational transactions the board may consider forming a separate special committee. One emerging trend among companies that are serial acquirers, such as the large tech companies, is the evolution of an acquisition committee and finance and investment committees being tasked with M&A and divestiture oversight responsibilities.

FW: How are regulatory developments shaping this trend?

Hoffmann: Regulatory developments play a multifaceted part in expanding the role of audit committees. Firstly, regulations directly affect audit committees by requiring their independence, by enhancing reporting requirements and by increasing costs. Secondly, and perhaps more importantly, these regulations serve as fulcrums around the development of corporate governance trends. Sarbanes-Oxley requirements were enacted within a broader trend, an environment that also led to increased SEC enforcement actions and increased influence of institutional investors and proxy advisory firms. The SEC has clearly signalled a heightened focus on audit committees, with two actions filed against audit committee members in March 2014. These filings were also followed by a statement from SEC Chair Mary Jo White in May, regarding audit committee transparency. Public companies have followed suit by increasing the level of disclosure of audit committee activities beyond the minimum disclosure requirements. However, this increased SEC scrutiny is only a part of a broader push to hold audit committees accountable.

Anglin: Regulatory developments and shareholder scrutiny are certainly contributing to the increased involvement of the audit committee and other designated committees in the M&A lifecycle. Recently, we have seen numerous examples of regulators, such as the SEC and the Serious Fraud Office, involved in analysing the repercussions of a failed M&A deal. This increase in activity, combined with the amplified risk of lawsuits related to M&A activities, has forced many companies to revisit the level of board scrutiny on transactions, and ensure the alignment of the board’s vision to the target identification and transaction execution functions performed by management. One additional area that merits discussion is the focus by the US Public Company Accounting Oversight Board (PCAOB) on the audit procedures and internal controls around acquisitions. With this enhanced oversight, there is a need for a heightened level of scrutiny by the audit committee on these risk areas.

Capers: One of the responsibilities of an audit committee is to assist the board in overseeing the company’s regulatory compliance procedures. The increasingly complex regulatory environment for companies across a variety of industries has increased the level of oversight by boards and audit committees on matters relating to the company’s regulatory compliance practices. The audit committee of a company involved in an acquisition can assist management in evaluating the regulatory compliance of the target company as part of an assessment of the risks associated with the acquisition.

An audit committee, working in conjunction with other committees or the full board, can establish effective M&A risk management processes.
— Brian Hoffmann

FW: What are some of the pre-transaction activities an audit committee should be called upon to carry out?

Anglin: Before approving a deal, there are a number of areas in which the board and audit committee can help their organisation to better consider how to capture value in transactions. Boards should test the alignment of the deal with the company’s strategy, and challenge the deal’s value-creation potential, by asking a number of questions. Is the deal aligned with the long-term corporate strategy? Do the financial assumptions and economic impact justify the price? What are the other potential implications on the company’s cost of capital, balance sheet and also on the overall balance sheet? Due diligence processes should also be closely monitored before the deal completes. Due diligence has evolved beyond traditional red flags or a quality of earnings report. Balanced diligence should evaluate all aspects of the transaction, including the target’s financial, operational and market risks, and potential upside to the investment thesis.

Capers: The audit committee of an acquiring company may be asked to assist the full board in an M&A transaction with the evaluation of matters that are within the core area of expertise of the committee. For example, an audit committee may also assist the full board in evaluating the financial analysis of a proposed acquisition, including projections regarding the impact of the acquisition on the company’s financial results. In addition, the audit committee of an acquiring company are frequently briefed during the legal and financial diligence of a target company on any financial matters concerning the target and on other financial and risk management matters that fall within the responsibilities of the audit committee including matters which may become issues for the audit committee after closing. In an acquisition transaction where the consideration is stock of the acquiring company, the audit committee of the acquiring company typically will assist the full board in responding to diligence requests from the selling company.

Hoffmann: An audit committee, working in conjunction with other committees or the full board, can establish effective M&A risk management processes. Depending on its assigned role, the audit committee can also assess a particular M&A transaction for its strategic rationale, cultural fit, synergies, downside risks and quality of earnings. The audit committee plays a critical role not only in financial due diligence, but increasingly in assessing operations, data infrastructure, vendor relationships, contracts and other due diligence matters. These matters should be assigned based on the composition and charters of the various committees, and the expertise of their members. For example, evaluating the data security protocols of target companies is an essential element of due diligence in most M&A transactions today. Whether this evaluation should be conducted by an audit committee, however, must be decided based on the qualifications of the audit committee members and the company’s overall M&A risk management framework.

FW: How important is it for the audit committee to approach its M&A-related duties with risk management in mind?

Capers: Today, risk management is a key responsibility of an audit committee. The role of the audit committee in an acquisition should include reviewing the target’s risk management policies and practices so that the audit committee can assist the full board in evaluating the operational risks of the target and potential challenges post-closing. This can be achieved by having the audit committee of the acquiring company work with the diligence team of the company to evaluate the operational risks of the target company, to assess the effectiveness of the risk management policies of the target company, and to quantify the operational risks at the target company that may be value-affecting issues for the acquisition.

Anglin: M&A transactions have an inherent degree of risk to them. It is imperative that the whole board and the audit committee understand the spectrum of risks and that act with management to appropriately consider how those risks can be mitigated. The acquirer becomes responsible for the results and activities of the target as soon as the transaction closes. Performing appropriate planning and ensuring the involvement of the audit committee as early in the deal cycle as possible will allow the committee to have a robust view of not only the transaction-related risks, but also the risk profile inherited with the newly acquired business. Regulatory concerns for the countries where the target operates can have far-reaching consequences for the audit committee and the way they on-board a newly acquired entity. Having an in-depth understanding of the risk profile of the company and country allows for appropriate risk management activities to be undertaken and for remedial activities to occur as close to transaction close as possible.

Hoffmann: Risk management typically dwarfs all other factors in an audit committee’s approach to its M&A duties. The downside risks to M&A transactions are well known, with over half of deals failing to provide the expected shareholder value. Competitive bidding for acquisitions might lead to losing an acquisition – or worse, overpaying for a target. A well intended acquisition might not pan out due to a host of factors. As management tends to overestimate the probability of a successful acquisition, the board and its committees must take care in keeping management focused on avoiding the downside risks of a proposed transaction, instead of viewing the transaction through rose-tinted glasses. Some sources of risk have received special attention in recent years, with cyber security and corruption being two prominent sources of risk. The expanding and changing nature of risks faced in an M&A transactions illustrates the importance of performing increasingly complex risk management functions.

A board should utilise the special skills of the audit committee in carrying out its responsibilities in connection with an M&A transaction.
— Jack Capers

FW: Could you provide an insight into the potential personal liabilities associated with a merger or acquisition, which might arise for audit committee members? What steps can the company, as well as the individuals themselves, take to mitigate such risks?

Hoffmann: For now, the risk of personal liability for audit committee members remains relatively low. PwC’s 2013 Securities Litigation Survey found that committee members were named as defendants in only 7 percent of federal securities class action lawsuits in 2013, whereas a chief executive officer was named in 91 percent and a chief financial officer in 76 percent. However, two SEC cases targeting audit committee members in 2014, albeit outside the M&A context, raise the spectre of personal liability in the future, especially as audit committee burdens continue to expand. Even if liability risks increase, however, companies already mitigate or eliminate potential personal liabilities of directors by using D&O insurance, indemnification clauses, and liability limitations such as the optional Delaware General Corporation Law § 102(b)(7) charter provision. Audit committee members should always be mindful of their duties of loyalty and care, adopt best practices to avoid conflicts of interest, keep themselves fully informed, perform reasonable analysis, and act in good faith.

Capers: State law governs the potential liability of a member of an audit committee for acts or omissions related to a merger or acquisition. The two principal fiduciary duties of directors are the duty of care and the duty of loyalty. The duty of care requires directors to act on an informed basis after due consideration and appropriate deliberation, whereas the duty of loyalty requires that directors have no personal interest in the transaction, other than as a shareholder of the company. Absent a breach of the duty of loyalty by a director, members of boards of directors, including members of audit committees, are rarely found personally liable for acts or omissions related to an M&A transaction. In most states, courts will not find directors personally liable for a breach of the duty of care unless there is a finding that the acts or omissions of the directors constituted gross negligence or wilful misconduct. Audit committees can mitigate the risk of personal liability by periodically assessing their practices to make sure that they are effective and that they have in place best practices employed by audit committees in carrying out their responsibilities.

FW: What is your advice to companies on utilising audit committees to achieve M&A goals?

Anglin: The board, and particularly the audit committee, can help challenge management to drive value creation and risk mitigation in the M&A process. Being actively involved at all stages of the deal lifecycle can enhance the probability of success. Having an unbiased view of the deal’s value potential and risk profile can also allow the company to more clearly define its investment thesis and monitor the realisation of those expected returns on investment. It is imperative that those overseeing management’s handling of a transaction remain objective in their evaluation and are fully briefed on every major decision. Being able to say no to a deal often can help maintain shareholder value, rather than simply getting a deal done for the sake of doing a deal.

Capers: Audit committees have special skills that can be employed to help boards and management of acquiring companies evaluate a proposed merger or acquisition and make decisions on a variety of significant issues related to the target company. A board should utilise the special skills of the audit committee in carrying out its responsibilities in connection with an M&A transaction.

Hoffmann: Companies should ensure that audit committees have some M&A expertise. KPMG’s 2014 Global Audit Committee Survey found that among 487 respondents only 50 percent of US audit committees have a member with in-depth M&A expertise. That percentage drops to below 40 percent among 1410 respondents worldwide. An audit committee can be crucial in instituting effective M&A policies prior to a transaction. Furthermore, the tasks of assessing and minimising various M&A risks should be assigned among various committees based on a company’s specific goals, expertise, resources and organisational structure. A standing audit committee with some M&A experience might be suited for a lead role in an acquisition of a familiar counterparty involving diligence of tricky accounting matters, whereas a special M&A committee with more specialised expertise might lead in a deal requiring technical expertise for properly evaluating core intellectual property assets.

Jack Capers is a partner in the Atlanta office of King & Spalding and a member of the firm’s Corporate Practice Group. He has experience in a wide variety of corporate transactions, including domestic and international mergers, acquisitions, tender offers, exchange offers, spin-offs and divestitures, joint ventures, strategic alliances, strategic investments and leveraged buyouts. In addition, Mr Capers has advised boards of directors, board committees and investment banking firms on matters relating to corporate governance issues, M&A transactions and takeover defences. He can be contacted on +1 (404) 572 4658 or by email:

Jason Anglin is the global lead partner with KPMG in the US’s Accounting Advisory Services Pre/Post Deal reporting team. In 20-plus years with KPMG, Mr Anglin has advised numerous domestic and multinational companies and private equity funds in all areas of M&A, divestitures and joint ventures across a range of industries. He specialises in accounting for business combinations, cross-border transactions and accounting change projects. His experience spans over 15 years in advising companies in IFRS and US GAAP conversions and on SEC considerations and accounting and financial reporting. He can be contacted on +1 (203) 832 3103 or by email:

Brian Hoffmann is a partner at McDermott Will & Emery LLP, based in the firm’s New York office. He focuses his practice on a broad range of complex corporate matters, including hostile takeovers, proxy fights, sales and divestitures, cross-border transactions, management and leveraged buyouts, acquisitions of distressed companies and domestic and international capital markets fundraising activities. He has represented acquirers, targets, financial advisers, boards of directors, special committees and other parties across numerous industry sectors, including consumer goods, energy, healthcare, life sciences, technology, media and telecommunications. He can be contacted on +1 (212) 547 5402 or by email:

© Financier Worldwide



Jack Capers

King & Spalding LLP


Jason Anglin



Brian Hoffmann

McDermott Will & Emery LLP

©2001-2019 Financier Worldwide Ltd. All rights reserved.