United States: Five Tasks for the Effective Audit Committee

In the wake of high-profile company failures, most business organizations are self-examining their governance and reporting process. Management, the full board, board committees, and outside advisors are under review to answer questions that are central to a successful enterprise:

• How does a company insure that day-to-day functioning is consistent with board-approved plans and policies?
• How does the company identify and manage risk?
• How does the entity insure that financial statements fairly report what is working and what needs to be changed in its business model?
• How does the company establish and maintain a top-to-bottom ethical culture?

In our recent experience, the inquiry most often starts with, and by, the board Audit Committee. How good is its oversight of risk management and financial reporting? How good are the audit functions responding to the Committee?

Audit Committees are conducting forward-looking self-assessments, gauging their prior effectiveness and identifying ways they can improve. Most committees, after these reviews, implement or revised strategic plans, with task more clearly defined. Just as many Committees are also strengthening relationships with management, internal audit, outside accountants, and Committee financial and legal advisors.

Of course, no company environment is alike. There is no set formula that can be applied across varied business settings. A cookie-cutter adoption of another Audit Committee’s charter or operating practices is, at best, imprudent.

Yet, in the situations that we have considered, there are common organizational principles, though there are no short-cuts. Every Audit Committee member should be familiar with the commentary and lessons (even if not technically binding) from Delaware Chancery in Caremark International Inc. Derivative Litigation; from Judge Friendly in United States v. Simon; from the Public Oversight Board in its 1995 Report Directors, Management, and Auditor: Allies in Protecting Shareholder Interests; from the Blue Ribbon Committee commissioned by the NYSE and NASD in its 1999 Report and Recommendations on Improving the Effectiveness of Corporate Audit Committees; from the AICPA in SAS 61, SAS 89, and SAS 90; from the Independence Standard Board in Standard No. 1; from the NASD in Rule 4200 and Rule 4350(d); and from the New York Stock in Exchange in Rule 305.01 of the NYSE Listed Company Manual

These resources should not be consulted to determine the boundaries of merely acceptable Committee service. They are of greatest help to those Audit Committees – the overwhelming majority, we believe – that seek best practices, not the avoidance of liability.

In that vein, we suggest below five tasks that must be performed by any effective Audit Committee. This is only one shorthand way of looking at the Committee’s core functions. The tasks’ outline form suggests they are easier to execute than practice will show.

We do not suggest that effective performance of the five outline tasks is sufficient. In our judgment, though, performance of the tasks is necessary, and, as discussed, a good start towards being an effective Audit Committee.

The Audit Committee works as a delegate of the board of directors. Its work is defined by board-resolved charter, which, under Item 7(3) of Schedule 14A of the SEC proxy rules, must be shared with shareholders at least every three years.

The charter should be reviewed and revised regularly by the full board. A good Committee will lead the board in charter revision through recommendations made after an annual self-assessment..

The Audit Committee charter can be stated in different ways, but almost any governance alternative would seem to require that the Audit Committee assume special responsibility in overseeing:

• the effectiveness of the audit function;
• the fair presentation of operational results and financial standing;
• the efficacy of internal control structures;
• and the maintenance of corporate integrity.

The Audit Committee is required work closely with the other board committees and the full board, with the latter having plenary oversight. Working down into the organization, the Audit Committee itself assumes an oversight role. The members of the Committee must work though management, legal counsel, internal auditors, and outside accountants.

SEC regulations and accounting pronouncements confirm the direct reporting responsibility between outside accountants and the Audit Committee. The Committee is charged with checking both the formal independence and the functional objectivity of the outside auditors.

The outside accountants are to advise the Committee directly regarding accounting principle choices and changes, audit adjustments, and management estimates. An active dialogue is presumed. The Committee is to hear and probe the auditors’ reasoning in the many judgment calls they must make, with the standard being appropriateness, not what is allowable.

The Committee should have at least three and no more than six board members. All should be independent. None should be in management or be affiliated with a significant vendor or service provider to the entity. Finite service terms and staggered rotation may reenergize while maintaining continuity.

Each committee member should bring or gain and continue to have (i) substantial background knowledge regarding the primary; business sectors in which the company operates; (ii) financial statement literacy; and (iii) the ability to evaluate risk control decisions and systems. Orientations and ongoing training and exposure to recent risk and accounting developments are a must.

At least one member of the Committee should have past employment experience in finance or accounting. Ideally, his or her leadership skills will make appointment as Chair possible. The full board retains control over all Committee assignments, but the Committee, through recommendations to the board, should be proactive in shaping membership.

The Committee, with input from internal audit, outside accountants, and the Committee’s own financial and legal advisors, should develop an annual plan responsive to the committee responsibilities outlined in the Audit Committee charter. The plan should be reviewed and approved annually by the full board.

For most companies, quarterly meetings must be supplemented by full committee conference calls and subcommittee discussions with internal and outside audit personnel. Meetings and contacts will be more numerous in the quarterly and annual periods in which the Audit Committee is reviewing interim and final financial statements. The length of meetings is a function, of course, of their efficiency, which can be achieved through careful planning of agendas and reporting formats. Written materials, including key performance indicators and measures related to key business and financial risks, should be received by the Committee at least one week in advance of meeting dates or scheduled conference calls.

Direct reports should be limited. Risk control, compliance, and financial reporting are management functions and should not be linked directly to the Committee. Instead, the Audit Committee should work directly only with internal audit and outside accountants to monitor risk and reporting management functions. Management and audit should communicate, and not be adversarial, but the Audit Committee must be willing to probe and to ask tough questions of every manager from the CEO to the CFO to the general counsel.

It should be clear that the board, acting through the Audit Committee, and not the inside Treasury or CFO function, hires, fires, and is the direct report for both internal auditors and outside accountants. A central part of the continuing self-assessment the Committee undergoes should include an evaluation of the performance (effectiveness, objectivity, and independence) of the audit functions for which the Committee has responsibility. An annual internal audit plan should be approved by the Committee, and it should receive regular interim reports on how effectively the plan is being carried out.

The Committee must do more than just receive the formal written statement required of the external auditors by ISB standards. On an ongoing basis, the Committee should encourage and even require both internal and outside auditors to bring to the attention of the Committee relationships, services, or pressures that may affect auditor objectivity or independence.

The Committee should engage in continuing dialogue with internal and external audit regarding financial statement issues and risks, their impact or potential effect on reported financial information, the processes used by management to address such matters, related auditor views, and the basis for audit conclusions. Conservative accounting should be encouraged, and an acceptability standard put in permanent disfavor.

What is the quality of the financial reporting of the entity? There should be robust dialogue regarding both material judgment calls and estimates made in the presentation of results and financial position, as well regarding the adoption of new accounting policies or changes to existing ones.

Self-assessments are not easy, but they must be undertaken, and boards and their audit committees can organize such reviews around the five tasks outlined here. In assessing the Audit Committee, ask:

1. Is the Audit Committee role clearly defined? Is it continually reviewed?
2. Are the Audit Committee members independent and competent?
3. Does the Audit Committee meet regularly? Are its agendas and reports well-designed?
4. Does the Audit Committee control the outside and internal audit function?
5. Is the company’s financial reporting beyond "acceptable’? Is it fair and conservative?