PERSONAL FINANCE
+ Return to investing
+ US real estate
+ Post-work worries
+ More...
SMEs
+ Use your assets
+ Surviving in tough times
+ How CAs can add value
+ Entering foreign markets
+ Valuing small firms
+ Expanding the biz
+ More...
IFRS AND ISA
+ IFRS and Canadian GAAP
+ New auditing standards
+ Gauging ISA adoption
+ IFRS and audit firms
+ More...
TECHNOLOGY
+ ERP and PSA survey
+ BI/CPM survey
+ CRM survey
+ More...
WORKPLACE
+ Diversity in the profession
+ CSR is worth it
+ Health and productivity
+ Preventing fraud
+ Chronological resumes
+ Expense fraud on rise
+ Gen X, Gen Y
+ Meeting time-savers
+ Bonuses still top reward
+ More...
CA STUDENTS
+ Articling in industry
+ Destination: CA
EXPERTISE
+ Global transfer pricing
+ More...
The front line
By Rafal Kuczynski
Illustration: Blair Kelly
Audit committees are the cornerstone of financial reporting systems, and they have to ensure they remain efficient and effective
The Enron scandal and the US Congress’s robust response to this accountability fiasco in the form of the Sarbanes-Oxley Act was indisputably a watershed moment for the North American business world. The scandal’s impact on the entire financial system was so significant that references to the pre- and post-Enron era are now part and parcel of our vocabulary.
The various financial market regulatory and oversight organizations wasted no time in adopting a more rigorous framework and more stringent laws and regulations. A host of requirements, checks and balances, and oversight tools were developed to ensure transparency and re-inject confidence into the current financial reporting system.
The importance of the audit committee Within a very short time, the audit committee has become a front-line player, taking on a leading role in the process of communicating and reporting financial information. This increased prominence is not surprising given that the committee is, by its very nature, the cornerstone of the financial reporting system within any organization. It is its very raison d’être.
New realities
The audit committee’s responsibilities have become complex and extremely varied. Often seen as a necessary evil or an additional cost, audit committees have quickly become a value-added function for entities.
While previously passive or reactive to events impacting the business, and often confined to reviewing financial statements and reading other information documents, audit committees have now become committed players in the overall corporate governance process. They play a proactive role in risk management, not only from an accounting perspective but also in terms of business risks and fraud prevention.
A March 2008 survey conducted by the American Center for Audit Quality among audit committee members indicates that Sarbanes-Oxley has significantly changed their role by requiring them to commit more time to the committee, raising their level of responsibility and authority and increasing their interaction with external auditors. In addition, more than two-thirds of respondents reported that, as committee members, they were much more concerned about personal financial risk and litigation. Lastly, they believe that their increased oversight role (92%), the requirement to document and certify internal controls (87%), CEO/CFO sign-off (81%), and enhanced communication among committee members (85%) have all had a positive impact on investors.
Tone at the top
The effectiveness and success of the audit committee in performing its mission largely depends on the tone set by the board of directors. The importance the board attaches to the committee’s mandate will be reflected in the way the committee fulfills its responsibilities. The more seriously the committee is regarded, the more seriously it will accomplish its tasks. That is why it is imperative for the board to take the initiative and clearly express its interest in the committee’s work.
Charter of responsibilities
The audit committee’s charter of responsibilities is an accountability tool that the board cannot ignore. It defines and directs the committee’s work, determines its level of authority and identifies its sphere of action. The committee’s mandate, including various duties, obligations and limitations, should be confirmed in writing not only to ensure that it is clearly understood by all, but also to provide terms of reference for feedback and evaluation.
Code of ethics
Ethical values, business culture, acceptable and unacceptable behaviour, and possible sanctions in the event of noncompliance with established rules should be enshrined in a code of ethics to be communicated to all members of the organization. Whistleblowing, analysis of correspondence, asking questions of regulatory bodies and legal advisers, and a close business relationship with the external auditor are simple ways to identify any departures from prescribed values.
Audit committee chair
The board should apply a stringent and structured selection process in nominating an audit committee chair. This individual should have technical competencies in financial reporting and in-depth knowledge of the regulatory, legal and risk management environment and be able to play a leadership role at the head of the committee. The tone and the example the chair sets will guide and significantly influence the behaviour of the other committee members.
Audit committee composition
To function effectively, the committee should include at least three independent members who possess financial skills, as well as sufficient knowledge of the industry, the entity and the various factors influencing it. They should also have relevant experience in the organization’s business. In addition, audit committee members should be able to commit sufficient time to carry out their duties appropriately. The board could also limit or prohibit members from sitting on too many committees.
Continuing education
To fully play their different roles and perform their responsibilities effectively and to the best of their ability, audit committee members should be sensitive to any changes that could influence the committee’s operation and its mandate. Members’ training should not be limited to public accountancy and financial reporting requirements alone. They should also undergo appropriate and ongoing training in such areas as business and industry development, information technology, internal processes and controls, the evolution of governance issues, risk management, and regulatory/legal compliance. Structured information sessions in the form of external courses, seminars, conferences or formal internal meetings constitute best practices in this respect.
Communication and meetings
Communication is of pivotal importance for the committee to function successfully. By discussing issues, asking questions, challenging ideas and actively listening to different stakeholders, the committee will be in a position to assess key issues and quickly identify potential problems and areas of risk. Whether it is a matter of complex accounting treatment, an item that calls for an estimate, an unusual transaction open to interpretation, or an issue on which management has some leeway in the accounting treatment, the committee should adopt an attitude of healthy skepticism toward management decisions. Accordingly, it should take possible management bias into account and assess the appropriateness of management’s conclusions.
Similarly, the committee should make enquiries of the external auditor respecting any grey areas surrounding estimates, discussions or conflicts. If the circumstances so require, the committee should ask management to obtain the opinion of an independent expert to support its position.
At regular meetings, any element considered important should be discussed in order to identify the issue and to make an enlightened decision.
Evaluation of the process
As the quality of information provided by management is based on an efficient and effective financial reporting process, the committee should periodically verify the adequacy of this process. By questioning management, the committee should determine whether the controls in place to collate, process and present the information are appropriate and functional. This analysis should focus on task selection, control environment review, IT controls, access to various accounting modules and applications, authorization and review levels and other considerations. Management’s responses should be easily confirmed or rejected by an external auditor.
Evaluation of management
The committee should regularly ensure that management has the necessary resources and competencies as well as sufficient knowledge to fulfil its obligations in respect of preparing financial statements and complying with regulatory and legal requirements. A key element in this evaluation will be to determine whether employees are well-informed and conform to the new regulations. A number of organizations have already introduced a formal and structured plan to identify any new requirements that could have a significant impact on their current or future position. Once again, feedback from an external auditor is an essential tool in such an evaluation.
Relations with the external auditor and use of specialists
As the audit committee is responsible for appointing the external auditor and approving the hiring of other specialists as needed, it should ensure that these individuals are independent and have the required skills, knowledge and expertise to perform their respective mandates. The committee should also develop a collaborative relationship with the external auditor. Good communication is critical to this professional relationship.
Evaluation
A self-evaluation and an evaluation by the board of directors should also be carried out from time to time to make certain the committee is satisfactorily discharging its duties and responsibilities. This evaluation should review the committee’s tasks and roles as described in its charter of responsibilities.
Priorities, present and future challenges
In a 2007 survey conducted by KPMG International, audit committee members identified critical accounting judgments and estimates, internal controls, risk management and information technology as their short-term priorities. In addition, respondents mentioned that improvements are needed in the following areas: the efficiency and effectiveness of communication, coordination, setting priorities, committee meetings, the self-evaluation process and risk management, particularly where information technology and the use of internal audit resources are concerned.
Conclusion
The post-Enron era is well underway and so far audit committees have successfully responded to their new roles and responsibilities. However, in a constantly changing regulatory environment, numerous challenges will have to be met in the coming years. Audit committees will be faced with new realities and requirements. They will also have to innovate to ensure their performance is efficient and effective.
Rafal Kuczynski, CA, is a manager at the Montreal office of RSM Richter
Technical editor: Yves Nadeau, CA, partner, RSM Richter in Montreal
