Audit committee

From Wikipedia, the free encyclopedia

In a publicly-held company, an audit committee is an operating committee of the Board of Directors, typically charged with oversight of financial reporting and disclosure. Committee members are drawn from members of the Company's board of directors, with a Chairperson selected from among the members. An audit committee of a publicly-traded company in the United States is composed of independent and outside directors referred to as non-executive directors, at least one of which must be a financial expert. Audit committees are typically empowered to acquire the consulting resources and expertise deemed necessary to perform their responsibilities. The role of audit committees continues to evolve as a result of the passage of the Sarbanes-Oxley Act of 2002. Many audit committees also have oversight of regulatory compliance and risk management activities. Not for profit entities may also have an audit committee.

Contents

[edit] Responsibilities

Boards of Directors and their committees rely on management to run the daily operations of the business. The Board's role is better described as oversight or monitoring, rather than execution. Responsibilities of the audit committee typically include:[1]

  • Overseeing the financial reporting and disclosure process.
  • Monitoring choice of accounting policies and principles.
  • Overseeing hiring, performance and independence of the external auditors.
  • Oversight of regulatory compliance, ethics, and whistleblower hotlines.
  • Monitoring internal control process.
  • Overseeing the performance of the internal audit function.
  • Discussing risk management policies and practices with management.

The duties of an audit committee are typically described in a committee charter, often available on the entity's website.[2]

[edit] Role in oversight of financial reporting and accounting

Audit committees typically review financial reports quarterly and annually in publicly-traded companies. In addition, members will often discuss complex accounting estimates and judgments made by management and the implementation of new accounting principles or regulations. Audit committees interact regularly with senior financial management such as the CFO and Controller and are in a position to comment on the capabilities of these managers. Should significant problems with accounting practices or personnel be identified or alleged, a special investigation may be directed by the audit committee, using outside consulting resources as deemed necessary.

External auditors are also required to report to the committee on a variety of matters, such as their views on management's selection of accounting principles, accounting adjustments arising from their audits, any disagreement or difficulties encountered in working with management, and any identified fraud or illegal acts.[3]

[edit] Role in oversight of the external auditor

Audit committees typically approve selection of the external auditor. The external auditor (also called a public accounting firm) reviews the entity's financial statements quarterly and issues an opinion on the accuracy of the entity's annual financial statements. Changing an external auditor typically also requires audit committee approval. Audit committees also help ensure the external auditor is independent, meaning no conflicts of interest exist that might interfere with the auditor's ability to issue its opinion on the financial statements.

[edit] Role in oversight of regulatory compliance

Audit committees discuss litigation or regulatory compliance risks with management, generally via briefings or reports from the General Counsel, the top lawyer in the entity. Larger corporations may also have a Chief Compliance Officer or Ethics Officer that report incidents or risks related to the entity's code of conduct.

[edit] Role in monitoring the internal control process

Internal control includes the policies and practices used to control the operations, accounting, and regulatory compliance of the entity. Management and both the internal auditing function and external auditors provide reporting to the audit committee regarding the effectiveness and efficiency of internal control.

[edit] Role in oversight of risk management

Organizations have a variety of functions that perform activities to understand and address risks that threaten the achievement of the organization's objectives. The policies and practices used by the entity to identify, prioritize, and respond to the risks (or opportunities) are typically discussed with the audit committee. Having such a discussion is required for listing on the New York stock exchange. Many organizations are developing their practices towards a goal of a risk-based management approach called Enterprise risk management. Audit committee involvement in non-financial risk topics varies significantly by entity.

[edit] Impact of the Sarbanes-Oxley Act of 2002

The Sarbanes-Oxley Act of 2002 increased audit committees’ responsibilities and authority. It raised membership requirements and committee composition to include more independent directors and financial expertise. Further, the Securities and Exchange Commission and the stock exchanges proposed new regulations and rules to strengthen audit committees.

[edit] History

Below are a few key milestones in the evolution of audit committees[4]:

  • 1939: The New York Stock Exchange (NYSE) first endorsed the audit committee concept.
  • 1972: The U.S. Securities and Exchange Commission (SEC) first recommends that publicly held companies establish audit committees composed of outside (non-management) directors.
  • 1977: NYSE adopts a listing requirement that audit committees be composed entirely of independent directors.
  • 1988: AICPA issues SAS 61 "Communication with Audit Committees" addressing communications between the external auditor, audit committee and management of SEC reporting companies.
  • 1999: NYSE, NASD, AMEX, SEC and AICPA finalize major rule changes based on Blue Ribbon Committee on Improving the Effectiveness of the Corporate Audit Committee.
  • 2002: Sarbanes-Oxley Act is passed in the wake of corporate scandals and includes whistleblower and financial expert requirements for audit committees.

[edit] Best practices

[edit] Managing the audit committee's agenda

Audit committees typically use a full year agenda to ensure coverage of the various topics they are required to address. The agenda for each meeting, which is typically quarterly or more often, is then adjusted as necessary. Establishing the agenda is a collaborative effort between the Board, senior management, legal counsel, and both the internal and external auditors. It is important that the committee have its own perspective on what key issues it should address and these should be reflected in the agenda.

[edit] Frequency of interaction with management

Many audit committee chairpersons conduct interim calls with key members of management between quarterly meetings. Key contacts may include the CEO, CFO, Chief Auditor, and external audit partner. Many boards also schedule dinners prior to formal meetings that allow informal interaction with management. Some companies also require their boards to spend a certain amount of time learning their operations beyond board meeting attendance.

[edit] Executive sessions

These are formally scheduled private meetings between the audit committee and key members of management or the external auditor. These meetings typically are unstructured and provide the opportunity for the committee to obtain the feedback of these managers in private. A key question audit committee members ask in such sessions is: "Is there anything you would like to bring to our attention?"

[edit] Evaluation

Audit committees should complete a self-evaluation annually to identify improvement opportunities. This involves comparing the committee's performance versus its charter, any formal guidelines and rules, and against best practices. Such a review is confidential and may or may not include evaluations of particular members.[5]

[edit] Survey results

Various consulting and public accounting firms perform research on audit committees, to provide benchmarking data.[6][7] Some results are identified below:

  • 54% of committee members surveyed felt the audit committee was "very effective," while 38% indicated "somewhat effective."
  • Risk management, internal control, and accounting estimates and judgments were the top priority areas for 2007.
  • Most audit committees have 3-4 members and are usually chaired by persons with experience as a CFO, external auditor, or CEO.
  • Audit committees meet 6-10 times per year, either face-to-face or via teleconference, with the former lasting from 1-4 hours and the latter 1-2 hours.
  • Audit committee members devoted 50-150 hours to their responsibilities each year.
  • The percentage of audit committees with oversight responsibility for: IT compliance (66%), business continuity (50%), and information security(45%).
  • 41% were "very satisfied" with the internal audit function, while 52% were "somewhat satisfied."
  • Two-thirds felt the Chief Internal Audit position was for a professional internal auditor, rather than as a "stepping stone" to other roles.

[edit] References

  1. ^ AICPA "The Audit Committee Toolkit" New York; 2004.
  2. ^ Sample Charter
  3. ^ "Audit Committee Effectiveness: What Works Best-2nd Edition." Institute of Internal Auditors and Price Waterhouse. Altamonte Springs, FLA; 2000.
  4. ^ KPMG AC Journey 2005-2006
  5. ^ "Audit Committee Effectiveness: What Works Best-2nd Edition" Institute of Internal Auditors and Price Waterhouse. Altamonte Springs, FLA; 2000.
  6. ^ KPMG AC Journey 2005-2006
  7. ^ KPMG AC Survey 2007

[edit] See also