All businesses face risks which need to be controlled. The audit committee is one such control and features in many Corporate Governance recommendations.
The audit committee is a committee of the board of directors consisting entirely of independent non-executive directors (NEDs) (at least three in larger companies), of whom at least one has had recent and relevant financial experience.
Roles of the audit committee
The key roles of the audit committee are 'oversight', 'assessment' and 'review' of other functions and systems in the company.
Most of the board objectives relating to internal controls will be delegated to the audit committee.
Factors affecting the role of the audit committee
The role of the audit committee was considered in the UK Corporate Governance Code (2010) and Sarbanes-Oxley (SOX). The King Report contains similar recommendations.
How effective the audit committee is in checking compliance and internal controls depends primarily on how it is constituted and the power vested in that committee. The following factors are relevant:
- The board should decide how much responsibility it wishes to delegate to the audit committee. The tasks of the committee will differ according to the size, complexity and risk profile of the company.
- The committee should meet as often as its responsibilities require, and it is recommended that there should be at the very least three meetings each year, to coincide with key dates in the audit cycle. (for example, when the annual audit plans are available for review, when the interim statement is near completion and when the preliminary announcement/full annual report are near completion).
- The audit committee should meet at least once a year with the external and internal auditors, without management present, to discuss audit-related matters.
- Formal meetings of the audit committee are at the heart of its work. However, they will rarely be sufficient. The audit committee chairman in particular will probably wish to meet informally with other key people, such as the board chairman, CEO, finance director, senior audit partner and head of internal audit.
- Any disagreement between audit committee members that cannot be resolved within the committee should be referred to the main board for a resolution.
- The audit committee should review both its terms of reference and its effectiveness annually, and recommend any necessary changes to the board. (The board should also review the effectiveness of the audit committee annually.)
- To do its work properly, the audit committee must be kept properly informed by the executive management. Management is under an obligation to keep the audit committee properly informed and should take the initiative in providing information, instead of waiting to be asked.
Obviously, the role of the committee becomes less important where the points made above are not dealt with correctly. For example, if the committee is denied access to executive management then the committee will be less effective.
The audit committee and compliance
One of the primary activities of the audit committee, particularly under SOX, is to check compliance with external reporting regulations. The audit committee normally has a responsibility to ensure that the external reporting obligations of the company are met.
The audit committee should review the significant financial reporting issues and judgements in connection with the preparation of the company's financial statements. Management is responsible for preparing the financial statements and the auditors are responsible for preparing the audit plan and carrying out the audit.
However, the oversight function can sometimes lead to more detailed analysis. For example, if the audit committee is not satisfied with the explanations of the auditors and management about a particular financial reporting decision, 'there may be no alternative but to grapple with the detail and perhaps seek independent advice'.
The audit committee needs to satisfy itself that the financial statements prepared by management and approved by the auditors are acceptable. It should consider:
- the significant accounting policies that have been used, and whether these are appropriate
- any significant estimates or judgements that have been made, and whether these are reasonable
- the method used to account for any significant or unusual transactions, where alternative accounting treatments are possible
- the clarity and completeness of the disclosures in the financial statements.
The committee should listen to the views of the auditors on these matters. If it is not satisfied with any aspect of the proposed financial reporting, it should inform the board.
The committee should also review the financial-related information that accompanies the financial statements, such as the information in the Business Review and the corporate governance statements relating to audit and risk management.
The audit committee and internal control
The board is responsible for the total process of risk management, which includes ensuring that the system of internal control is adequate and effective.
The board delegates this internal control responsibility to the audit committee.
In relation to internal controls, the audit committee should:
- review the company's internal financial controls
- monitor the adequacy of the internal control systems, with a specific focus on
- control environment
- management attitude
- management controls
- review compliance with regulations, legislation and ethical practices (such as environmental policies and codes of conduct), and ensure that systems are in place to support such compliant behaviour
- review the company's fraud risk management policy, ensuring that awareness is promoted and reporting and investigation mechanisms exist
- give its approval to the statements in the annual report relating to internal control and risk management
- receive reports on the conclusions of any tests carried out on the controls by the internal or external auditors, and consider the recommendations that are made
- where necessary, the committee may be required to supervise major transactions for appropriateness and validity.
The audit committee and internal audit
As part of their obligation to ensure adequate and effective internal controls, the audit committee is responsible for overseeing the work of the internal audit function.
The audit committee should:
- monitor and assess the role and effectiveness of the internal audit function within the company's overall risk management system
- check the efficiency of internal audit by, e.g. comparing actual costs and output against a target
- approve the appointment, or termination of appointment, of the head of internal audit
- ensure that the internal audit function has direct access to the board chairman and is accountable to the audit committee
- review and assess the annual internal audit work plan
- receive periodic reports about the work of the internal audit function
- review and monitor the response of management to internal audit findings
- ensure that recommendations made by internal audit are actioned
- help preserve the independence of the internal audit function from pressure or interference.
The Smith Guidance on audit committees recommends that the committee meet with internal auditors at least once a year, without management present, to discuss audit-related matters.
If the company does not have an internal audit function:
- the committee should consider annually whether there is a need for an internal audit function and make a recommendation to the board, and
- the reasons for the absence of an internal audit function should be explained in the relevant section of the annual report.
Review of internal audit
The audit committee, and the external auditor where they are relying on the internal audit department, will need to ensure that the internal audit department is working effectively. Such a review will normally involve four key areas, as outlined below:
The audit committee and external auditors
The audit committee is responsible for oversight of the company's relations with its external auditors. The audit committee should:
- have the primary responsibility for making a recommendation to the board on the appointment, re-appointment or removal of the external auditors
- 'oversee' the selection process when new auditors are being considered
- approve (though not necessarily negotiate) the terms of engagement of the external auditors and the remuneration for their audit services
- have annual procedures for ensuring the independence and objectivity of the external auditors
- review the scope of the audit with the auditor, and satisfy itself that this is sufficient
- make sure that appropriate plans are in place for the audit at the start of each annual audit
- carry out a post-completion audit review.
Post-completion audit review
Independence of external auditors
The independence of the external auditors
The audit committee should have annual procedures for ensuring the independence and objectivity of the external auditors.
The Smith Guidance suggests that the audit committee should:
- seek reassurance that the auditors and their staff have no family, financial, employment, investment or business relationship with the company (other than in the normal course of business)
- obtain each year from the audit firm information about its policies and processes for:
(1)maintaining its independence and
(2)monitoring compliance with relevant professional requirements, such as rules regarding the rotation of audit partners and staff.
- agree with the board and then monitor the company's policy on employing former employees of the external auditor. It should monitor how many former employees of the external auditor now hold senior positions in the company, and if appropriate consider whether, in view of the situation, there may be some impairment (or appearance of impairment) of the auditors' independence with regard to the audit
- develop and recommend to the board the company's policy on the provision of non-audit services by the external auditors. The provision of non-audit services must not impair the independence or objectivity of the auditors.
The audit committee should establish a policy that specifies the types of work:
- from which the external auditors are excluded.
- for which the external auditors can be engaged without referral to the audit committee.
- for which a case-by-case decision is necessary. In these cases, a general pre-approval might be given for certain classes of work, and if the external auditor is engaged to provide any such services, this should then be ratified at the next audit committee meeting.
The policy may also set fee limits generally or for particular classes of non-audit work.
A guiding set of principles is that the external auditor should not be engaged for non-audit work if, as a result:
- the external auditor audits work done by himself
- the external auditor makes management decisions for the company
- a mutuality of interest is created, or
- the external auditor is put in the role of advocate for the company.
Created at 8/20/2012 3:08 PM by System Account
(GMT) Greenwich Mean Time : Dublin, Edinburgh, Lisbon, London
Last modified at 9/27/2013 4:23 PM by System Account
(GMT) Greenwich Mean Time : Dublin, Edinburgh, Lisbon, London
Ratings & Comments
(Click the stars to rate the page)