- Audit committee
In a publicly-held
company , an audit committee is an operating committee of the Board of Directors, typically charged with oversight of financial reporting and disclosure. Committee members are drawn from members of the Company'sboard of directors , with a Chairperson selected from among the members. An audit committee of a publicly-traded company in the United States is composed of independent andoutside director s referred to as non-executive directors, at least one of which must be a financial expert. Audit committees are typically empowered to acquire the consulting resources and expertise deemed necessary to perform their responsibilities. The role of audit committees continues to evolve as a result of the passage of theSarbanes-Oxley Act of 2002. Many audit committees also have oversight of regulatory compliance and risk management activities.Not for profit entities may also have an audit committee.Responsibilities
Boards of Directors and their committees rely on management to run the daily operations of the business. The Board's role is better described as oversight or monitoring, rather than execution. Responsibilities of the audit committee typically include: [AICPA "The Audit Committee Toolkit" New York; 2004.] [ [http://www.nysscpa.org/cpajournal/2004/1104/essentials/p22.htm CPA Journal AC Responsibilities] ]
* Overseeing the financial reporting and disclosure process.
* Monitoring choice of accounting policies and principles.
* Overseeing hiring, performance and independence of the external auditors.
* Oversight of regulatory compliance, ethics, and whistleblower hotlines.
* Monitoring internal control process.
* Overseeing the performance of theinternal audit function.
* Discussingrisk management policies and practices with management.The duties of an audit committee are typically described in a committee charter, often available on the entity's website. [ [http://www.dell.com/content/topics/global.aspx/corp/governance/en/audit?c=us&l=en&s=corp Sample Charter] ]
Role in oversight of financial reporting and accounting
Audit committees typically review financial reports quarterly and annually in publicly-traded companies. In addition, members will often discuss complex accounting estimates and judgments made by management and the implementation of new accounting principles or regulations. Audit committees interact regularly with senior financial management such as the CFO and Controller and are in a position to comment on the capabilities of these managers. Should significant problems with accounting practices or personnel be identified or alleged, a special investigation may be directed by the audit committee, using outside consulting resources as deemed necessary.
External auditors are also required to report to the committee on a variety of matters, such as their views on management's selection of accounting principles, accounting adjustments arising from their audits, any disagreement or difficulties encountered in working with management, and any identified fraud or illegal acts. ["Audit Committee Effectiveness: What Works Best-2nd Edition." Institute of Internal Auditors and Price Waterhouse. Altamonte Springs, FLA; 2000.]
Role in oversight of the external auditor
Audit committees typically approve selection of the external
auditor . The external auditor (also called a public accounting firm) reviews the entity's financial statements quarterly and issues an opinion on the accuracy of the entity's annual financial statements. Changing an external auditor typically also requires audit committee approval. Audit committees also help ensure the external auditor is independent, meaning no conflicts of interest exist that might interfere with the auditor's ability to issue its opinion on the financial statements.Role in oversight of regulatory compliance
Audit committees discuss litigation or regulatory compliance risks with management, generally via briefings or reports from the General Counsel, the top lawyer in the entity. Larger corporations may also have a Chief Compliance Officer or Ethics Officer that report incidents or risks related to the entity's
code of conduct .Role in monitoring the internal control process
Internal control includes the policies and practices used to control the operations, accounting, and regulatory compliance of the entity. Management and both theinternal audit ing function and external auditors provide reporting to the audit committee regarding the effectiveness and efficiency of internal control.Role in oversight of risk management
Organizations have a variety of functions that perform activities to understand and address risks that threaten the achievement of the organization's objectives. The policies and practices used by the entity to identify, prioritize, and respond to the risks (or opportunities) are typically discussed with the audit committee. Having such a discussion is required for listing on the
New York stock exchange . Many organizations are developing their practices towards a goal of a risk-based management approach calledEnterprise risk management . Audit committee involvement in non-financial risk topics varies significantly by entity.Impact of the Sarbanes-Oxley Act of 2002
The
Sarbanes-Oxley Act of 2002 increased audit committees’ responsibilities and authority. It raised membership requirements and committee composition to include more independent directors and financial expertise. Further, theSecurities and Exchange Commission and thestock exchange s proposed new regulations and rules to strengthen audit committees.History
Below are a few key milestones in the evolution of audit committees [ [http://www.kpmg.com/aci/docs/practices/ACI_JourneyGlob_WEB.pdf KPMG AC Journey 2005-2006] ] :
*1939: TheNew York Stock Exchange (NYSE) first endorsed the audit committee concept.
*1972: TheU.S. Securities and Exchange Commission (SEC) first recommends that publicly held companies establish audit committees composed of outside (non-management) directors.
*1977: NYSE adopts a listing requirement that audit committees be composed entirely of independent directors.
*1988: AICPA issues SAS 61 "Communication with Audit Committees" addressing communications between the external auditor, audit committee and management of SEC reporting companies.
*1999: NYSE, NASD, AMEX, SEC and AICPA finalize major rule changes based on Blue Ribbon Committee on Improving the Effectiveness of the Corporate Audit Committee.
*2002:Sarbanes-Oxley Act is passed in the wake of corporate scandals and includes whistleblower and financial expert disclosure requirements for audit committees.Best practices
Managing the audit committee's agenda
Audit committees typically use a full year agenda to ensure coverage of the various topics they are required to address. The agenda for each meeting, which is typically quarterly or more often, is then adjusted as necessary. Establishing the agenda is a collaborative effort between the Board, senior management, legal counsel, and both the internal and external auditors. It is important that the committee have its own perspective on what key issues it should address and these should be reflected in the agenda.
Frequency of interaction with management
Many audit committee chairpersons conduct interim calls with key members of management between quarterly meetings. Key contacts may include the CEO, CFO, Chief Auditor, and external audit partner. Many boards also schedule dinners prior to formal meetings that allow informal interaction with management. Some companies also require their boards to spend a certain amount of time learning their operations beyond board meeting attendance.
Executive sessions
These are formally scheduled private meetings between the audit committee and key members of management or the external auditor. These meetings typically are unstructured and provide the opportunity for the committee to obtain the feedback of these managers in private. A key question audit committee members ask in such sessions is: "Is there anything you would like to bring to our attention?"
Evaluation
Audit committees should complete a self-evaluation annually to identify improvement opportunities. This involves comparing the committee's performance versus its charter, any formal guidelines and rules, and against best practices. Such a review is confidential and may or may not include evaluations of particular members. ["Audit Committee Effectiveness: What Works Best-2nd Edition" Institute of Internal Auditors and Price Waterhouse. Altamonte Springs, FLA; 2000.]
urvey results
Various consulting and public accounting firms perform research on audit committees, to provide benchmarking data. [ [http://www.kpmg.com/aci/docs/practices/ACI_JourneyGlob_WEB.pdf KPMG AC Journey 2005-2006] ] [ [http://www.kpmg.com/aci/docs/surveys/Global-2nd_ACI_Survey_HL-2007_POSTFNL.pdf KPMG AC Survey 2007] ] [ [http://www.kpmg.com/aci/docs/surveys/ACI_NACD_Journey07_08_POSTFINAL.pdf KPMG AC Study 2008] ] Some results are identified below:
*54% of committee members surveyed felt the audit committee was "very effective," while 38% indicated "somewhat effective."
*Risk management, internal control, and accounting estimates and judgments were the top priority areas for 2007.
*Most audit committees have 3-4 members and are usually chaired by persons with experience as a CFO, external auditor, or CEO.
*Audit committees meet 6-10 times per year, either face-to-face or via teleconference, with the former lasting from 1-4 hours and the latter 1-2 hours.
*Audit committee members devoted 50-150 hours to their responsibilities each year.
*The percentage of audit committees with oversight responsibility for: IT compliance (66%), business continuity (50%), and information security(45%).
*41% were "very satisfied" with the internal audit function, while 52% were "somewhat satisfied."
*Two-thirds felt the Chief Internal Audit position was for a professional internal auditor, rather than as a "stepping stone" to other roles.
*93% indicated the audit committee was "somewhat" or "much more" effective since theSarbanes-Oxley Act was implemented in 2002.
*58% of committee members were "somewhat satisfied" that they understood management's processes to identify and assess significant business risks.
*Only 17% of audit committees had primary responsibility for oversight of non-financial risk; the full board had this responsibility in 56% of companies.References
External Link
* [http://www.nacdonline.org National Association of Corporate Directors]
ee also
*
Corporate governance
*ISA 310 Knowledge of the Business
Wikimedia Foundation. 2010.