Five simple words have created not just ripples – but waves – of audit committee activity.
Embedded within Section 301 of H.R. 3763, our nation’s 107th Congress set forth language amending the Securities and Exchange Act of 1934 by adding “Standards Relating to Audit Committees.”
While audit committees are not required for all organizations, those who use or plan to form such a committee should pay close attention to how the committee operates. The Sarbanes-Oxley Act of 2002 has resulted in significant governance reforms with respect to audit committees.
Merriam-Webster defines “charter” as a written document that creates and defines the franchises of an institution. An audit committee charter does just that, setting forth the general purpose, authority, composition and responsibilities of the committee. The document is not one-size-fits-all and should be tailored to the organization.
The overarching purpose of an audit committee involves oversight of the financial reporting process, the audit process, the system of internal control and compliance with laws and regulations.
The committee can expect to review significant accounting and reporting issues and recent professional and regulatory pronouncements to understand the potential impact on financial statements. An understanding of how management develops internal interim financial information is necessary to assess whether reports are complete and accurate.
The committee reviews the results of the audit with management and external auditors, including matters required to be communicated to the committee under generally accepted auditing standards.
Audit committees will consider internal controls and review their effectiveness. Reports on, and management responses to, observations and significant findings should be obtained and reviewed by the committee. Controls over financial reporting, information technology security and operational matters fall under the purview of the committee.
The committee establishes procedures for accepting confidential, anonymous concerns relative to financial reporting and internal control matters. Often referred to as a “whistle-blower policy,” the procedures allow individuals to bring questions and issues to light without fear of retribution.
The audit committee is responsible for the appointment, compensation and oversight of the work of the auditor. As such, CPAs report directly to the audit committee, not management.
Audit committees should meet separately with external auditors to discuss matters that the committee or auditors believe should be discussed privately. The committee will also review the proposed audit approach and handle coordination of the audit effort with internal audit staff, if applicable.
When an internal audit function exists, the committee will review and approve the audit plan, review staffing and organization of the function and meet with internal auditors and management on a periodic basis to discuss matters of concern that may arise.
Committee members can expect to participate in an executive session at each meeting. These sessions can be used to meet with auditors, key members of management or financial reporting staff and provide the opportunity to glean candid information on potentially sensitive topics.
A recent survey of audit committee members reveals that a key focus has become enterprise risk management (ERM). Those surveyed ranked the level of challenge related to ERM significantly above governance, risk management, financial reporting and internal audit.
The reason is simple. ERM embraces every risk perspective of an organization. While the entire board is responsible for enterprise risk management, the ownership of such focus may rest with the audit committee.
On an annual basis, the committee should determine that all responsibilities outlined in the charter have been carried out. In addition, the charter should be reviewed, and proposed updates presented to the board for approval.
While the charter must remain effective, so must committee members. Best practices include an annual evaluation of members’ performance.
Although audit committees may be reluctant to focus on self-measurement for fear of disclosing weaknesses, evaluation of committee activities is a key tool in achieving and maintaining a high degree of effectiveness.
Now is the ideal time to revisit audit committee focus, monitor effectiveness and set the course for future activities. Newly formed committees can benefit from the wealth of experience offered by those who have spent time in the trenches.