Audit committees became a vital component of Boards following the implementation of Sarbanes-Oxley, and they continue to play a pivotal role in corporate governance. The audit committee is charged with acting in a proactive manner to monitor and assess risk mitigation activities within the company. Members of the audit committee should ask hard questions of auditors and management and have the authority to effectively execute their charter.
An effective audit committee will begin with a well-thought-out charter that will define its authority, functions and mission. Weak charters define only the minimum duties, such as simply reviewing financial statements, whereas strong charters spell out committee responsibilities in detail and encourage member participation. Key areas of responsibility to include in the committee’s charter are as follows:
- Oversee the accounting and financial reporting processes and the financial statement audits of the organization.
- Appoint, compensate and oversee the external auditor and ensure that his or her skill set is matched commensurately with the complexity level of the organization.
- Establish procedures for receipt and treatment of complaints in accounting, internal control or auditing matters, including anonymous submissions from employees.
The charter should stop short of directing the committee on how to carry out its duties; members should use interpretation and judgment in executing the committee’s mission.
Selecting the Right Members
In a perfect world, the audit committee would be composed of individuals who have audit, accounting and industry knowledge, but in reality, most committees have a blend of members with different strengths. Members who don’t have industry or product knowledge should go through training so they understand the risks and the financial statements.
For example, audit committee members in a manufacturing company should understand the metrics for that industry, such as day’s sales in inventory and accounts receivable turnover, to assess if the company’s performance is in line with its peers. At least one member of the committee should be an independent financial expert who possesses the following attributes:
- Knowledge of GAAP and financial statements and the ability to use GAAP principles in connection with estimates, accruals and reserves
- Experience in preparing, auditing, analyzing or evaluating financial statements with a level of complexity that is comparable with the organization
- Understanding of internal control processes and audit committee functions
Structuring and Serving on an Effective Audit Committee
Audit committees have the responsibility of risk oversight. Members should focus on financial risk oversight and assessment and understand financial risk management policies and procedures. In addition, members should evaluate information technology risks, particularly those with financial statement impact. Audit committees should ask candid questions of the external auditors about their assessment of the skills, controls and attitudes of management and others within the organization. Every quarter, the committee should meet with the auditors without management present to ask questions and solicit opinions.
Members should feel confident that management is aware of the financial reporting risks, has instituted the necessary internal controls to mitigate those risks and has implemented monitoring procedures to ensure effective operation of those controls. The committee chair must establish a culture that allows each member to act independently so the members can ask the critical questions to assure the proper level of stakeholder security.
The ideal size of an audit committee is three to five members so that discussions and decision-making processes remain streamlined. Note that having an odd number of members is preferable for reaching a quorum. In public companies, the audit committee should meet at least quarterly so it can have the required communications with the external auditors and maintain its momentum and continuity.
Set an annual meeting schedule at the start of the year and send committee members the minutes prior to the meeting, along with the next agenda, two to three weeks before the next meeting. This practice ensures that discussions remain strategic and the committee spends less time on administrative tasks.
The committee should monitor its performance and assess its effectiveness at least annually, perhaps as part of a Board retreat, especially as it relates to the appropriateness of its charter in order to make recommended changes to the Board of Directors. In addition, the committee should review the performance of its individual members through self-evaluation checklists or by hiring an outside firm to perform an evaluation.
In private companies or nonprofit organizations, the committee usually conducts a self-assessment, whereby public companies often use an outside evaluator. The committee should use a continuous improvement process to implement changes after reviewing evaluation feedback.