Sarbanes-Oxley, Bill 198 and other regulatory changes have put tremendous demands on audit committees. They must learn how to work smarter and to allow enough time to complete their ever-lengthening list of duties, according to a new PricewaterhouseCoopers study. In fact, given their pumped-up workload, they are struggling to know what to put at the top of the list.
“Audit committees have a lot on their plates and so they need help to ensure they see the forest, not just the trees," says Catherine Bromilow, partner with the Corporate Governance Group of PricewaterhouseCoopers and chief author of the report, which was compiled for the Institute of Internal Auditors Research Foundation. “While they should review information carefully — and challenge management when necessary — they should not be resolving everyday issues or making management decisions. This study is meant to help them achieve what experienced directors describe as their role: 'noses in, fingers out.'"
According to the study, Audit Committee Effectiveness — What Works Best (3rd Edition), many leading audit committees are not just coping, but succeeding in discharging their evolving responsibilities. Here are some of its recommendations in 10 key areas, based on surveys and face-to-face input from experienced audit committee chairs and thought leaders around the world.
The fundamental raison d’être of audit committees is to oversee the integrity of financial statements. Committees need to review annual and interim financial statements carefully, understanding them, assessing the quality of earnings, and being comfortable with management’s conclusions. To do this effectively, they need to understand the accounting policies used. Leading committees are devoting considerable effort to this aspect of their work.
Risk management and internal control
SOX and Bill 198 have caused audit committees to be focused on understanding internal control in the organization. This is explicitly set out in SOX and Bill 198 as well as stock exchange listing requirements. The audit committee's involvement in risk management is not as clear in compliance regulations but in some respects, is more critical to managing the long-term success of the company in delivering against its strategy. Canadian corporate governance guidelines, effective this year, say the board is responsible for approving a strategic plan that takes principal risks into account. The board is also responsible for ensuring implementation of an appropriate risk management system. In the past, most boards have dealt with this aspect somewhat informally without drawing a clear line between their own responsibilities and those delegated to the audit committee.
Although audit committees are more focused on internal control, they are quickly learning they may lack the knowledge and expertise to provide appropriate oversight in certain areas such as IT and fraud — areas where management override of controls is most likely. The message should be "don't be shy" about engaging outside advisers or make sure committee members have the right skills.
Compliance and ethics
Most public companies are implementing codes of conduct in their SOX and Bill 198 efforts, or have already done so. Boards must oversee the code with appropriate monitoring functions. In Canada, continuous disclosure rules would consider a material amendment to code or an override by management or the board to be a material change, requiring a news release to be filed on SEDAR.
Oversight of management and internal audit
Audit committees function best when they have productive relationships with management and internal audit — with open, candid, and ongoing lines of communication. The most effective chairs commit the time needed between meetings to foster those relationships — meeting informally, talking on the phone, discussing issues, planning upcoming meetings. Committees need to have confidence in management’s competence and thus should have a voice in evaluating management.
Leading audit committees foster close relationships through frequent communication and private meetings, resulting in internal audit directors feeling comfortable calling the audit committee chair to provide information and to discuss issues they are concerned about.
Relationship with external audit
Audit committees are building trusting and professional relationships with the external auditors — while addressing responsibilities for selecting, compensating, evaluating and retaining them, as well as overseeing independence. Leading committees ensure they are satisfied with the auditors’ ability to clearly, candidly and effectively communicate issues and concerns, and with the lead partner’s diligence, capability and professionalism. They also communicate frequently with lead partners between meetings, reinforcing and further cementing the direct reporting relationship.
Resources and special investigations
SOX and Bill 198 both provide for the audit committee to hire their own advisers as needed. Audit committees must have access to adequate internal resources to support their objectives. They also need the indisputable authority to engage outside advisers and conduct special investigations whenever warranted. And committees that launch special investigations ensure they understand and apply essential elements for success — such as taking action quickly, considering the extent of management involvement, retaining the right advisers, experts and counsel, and ensuring appropriate communication both internally and externally.
Having the right directors on the audit committee — with mandated independence and financial literacy combined with integrity, healthy skepticism, judgment, knowledge of the company and industry, and the courage to challenge decisions — is an important driver of a committee’s effectiveness. But even the best individual members can’t succeed without the leadership of an effective chair — which the key to committee effectiveness in many experts’ view.
New audit committee members need a robust orientation program, allowing them to understand their role and the company’s financial reporting process, so they can add value sooner. Orientation programs should have appropriate participants and be long enough to sufficiently cover key topics (such as committee processes and key relationships). Continuing education, both formal and informal, for audit committee members is also important. Leading committees are creating a more integrated approach to training by clearly articulating at the start of the year the topics and time the committee will devote to continuing education, even incorporating selected topics into meeting agendas.
Although committee members and chairs are increasingly active between meetings, their core work is still conducted in meetings. So that time must be used effectively. Committees need to meet at appropriate times throughout the year, ensuring they have enough time to discuss issues fully. Chairs should drive meeting agendas, and appropriate information — at the right level of detail — should be distributed and reviewed beforehand. The right individuals should also be in attendance. Regular private sessions should be held with finance management, general counsel, the internal audit director, external auditors, the compliance officer and other appropriate managers. And committee members should meet by themselves to allow for frank and candid discussions about sensitive matters. While committee meetings are occurring more frequently and for longer periods, chairs should ensure the committee has time to reflect on issues and not just comply with requirements.
Charter and evaluation
A written charter that clearly articulates the committee’s purpose, composition, roles and responsibilities, authority and performance assessment plays a key role in directing the committee’s activities throughout the year and communicating to stakeholders, through disclosure on the company website and in regulatory filings. But such public availability makes it even more important for committees to evaluate regularly whether they are discharging all their responsibilities. Leading committees not only evaluate the committee as a whole but also each of the members.
For more PwC articles on relevant issues, visit www.pwc.com/ca/directorconnect. For copies of Audit Committee Effectiveness — What Works Best (3rd Edition), please contact us.
Article reprinted with permission from CA Magazine. This is an expanded version of a summary that originally appeared in the January/February 2006 issue.