By Adrian J. Mihalko, CPA
Audit committees face a tall order. They are tasked with promoting and effecting financial integrity, compliance, and risk management in an environment where increasingly complex regulations and growing threats challenge all organizations to do more with less. Audit committees serve as an important cornerstone in organizational governance and answer to a wide variety of stakeholders. As the work of the audit committee shifts from operational overseer to strategic partner, audit committee chairs and members must reconsider and evaluate the best practices for committee structure and function.
Forming a Comprehensive Charter
Every audit committee must develop a robust charter to guide its work. At a minimum, the charter should define the committee’s structure, roles, and responsibilities. Major responsibilities to be defined include the appointment of external auditors, approval of all attest and nonattest services, and acceptance of all fees, audit review, oversight of the internal audit function (whether insourced or outsourced), and assessment of whistleblower reports and instances of fraud. Certain states may have specific requirements with respect to the content of the charter. It is advisable to consult with in-house or external counsel to assist with addressing state-specific requirements. The charter may also extend the committee’s involvement to issues relating to information security, risk management, tax, and insurance matters.
Developing the Structure and Composition
An audit committee’s most important asset is its membership. In addition to being independent of management and the external auditors, committee members must display a commitment to integrity, high ethical standards, and an appropriate level of professional skepticism. They need to be ready, willing, and able to challenge management’s judgements. Independence is vital to the committee’s ability to hold management accountable for its actions without bias.
Although there is no requirement as to the exact number of committee members, having at least three individuals on the committee should promote effective deliberation and exchange of ideas. It is not necessary for all members to have financial or accounting backgrounds, but the committee should be composed of individuals with strong expertise in generally accepted accounting principles, generally accepted auditing standards, financial reporting, internal control, and risk management. Members should also demonstrate an understanding of the industry in which the organization operates, as well as the internal and external audit processes and roles of the respective auditors. Public companies should also be aware of the Sarbanes-Oxley requirement for at least one committee member to be a financial expert.
The audit committee chair should be a natural leader with the ability to engage members in discussion during meetings, and to encourage mutual respect, collaboration, and cooperation among all parties. Depending on the industry expertise of committee members, the chair should ensure the committee as a whole is educated on both industry-specific accounting and auditing nuances as well as unique organizational issues. Given their day-to-day industry insight, management, internal audit, and external auditors should be empowered to assist the audit committee in this regard, particularly with emerging issues.
Audit committee and board leadership must not overlook the value of succession planning for both leadership roles and committee membership as a whole. Identifying potential members who have the requisite knowledge and skill sets affords them an opportunity to learn about the organization gradually and become comfortable with the broader industry issues prior to being thrust into a leadership role.
Meetings and Decision-Making
Effective communication among senior financial management, internal audit, and the external auditors is key to ensuring the audit committee addresses the topics requiring its attention at each meeting. With input from these groups, the committee chair should be responsible for developing an agenda in advance of each meeting. Ideally, the audit committee should plan to meet at least two or three times per year for purposes of hiring the external auditors; discussing the nature, timing, and scope of the external auditors’ work in advance of the annual external audit; and reviewing the results of the external audit.
Additional meetings may be scheduled to deliberate and approve the internal audit plan, to review the results of internal audits, to be briefed on matters of importance (such as whistleblower complaints, fraud, and emerging accounting and industry issues), and to discuss other topics under the committee’s responsibility according to the audit committee charter.
Keep minutes of each meeting and share them with committee members in advance of the next meeting. All meetings should begin with a motion to accept the minutes of the last meeting, and save any proposed revisions. It is also helpful to close each meeting with a review of deliverables assigned to management, committee members, and internal and external auditors.
The audit committee also must be confident that a robust process exists for allegations of fraud and misappropriation of assets to reach the committee’s ears. The organization’s stakeholders (employees, shareholders, customers, etc.) rely upon the committee’s oversight to address issues that could be detrimental to the organization. The direct reporting line between internal audit and the audit committee is essential in this regard.
Audit committees can bring a strong sense of integrity, objectivity, and oversight to the governance process. Following best practices with respect to committee organization and leadership ensures the enterprise is primed to confidently address a variety of challenges in today’s complex and ever-changing business world.
Adrian J. Mihalko, CPA, is the controller of the University of Scranton in Scranton, Pa. He can be reached at firstname.lastname@example.org.