Audit committee
| by Peter Atrill 19 Oct 2006 Diploma in Financial Management Relevant to Module B |
|
Audit committees are now a vital element of the system of corporate governance for listed companies. The role of the audit committee, as set out in the Combined Code, places it at the heart of the financial reporting process. The responsibilities placed on the committee have become more onerous in recent years as a result of the introduction of International Financial Reporting Standards and the Sarbanes–Oxley Act in the US.
In this article, the role of the audit committee, as well as the ways in which it may fulfil this role, will be examined. Issues and problems that may undermine the effectiveness of this committee will also be explored.
The responsibilities of directors and auditors
To understand the role of the audit committee, we must first be clear about the roles and responsibilities of directors and auditors concerning the published financial statements. Company law requires that directors prepare annual financial statements that provide a true and fair view of the state of affairs of the company. This will involve:
- selecting suitable accounting policies and applying them consistently
- making estimates and judgements that are prudent and practical
- stating whether appropriate accounting standards have been adopted
- applying the going concern convention where it is appropriate to do so.
The annual financial statements prepared by the directors must be published and made available to shareholders, lenders, and others.
In addition to preparing the annual financial statements, the law also obliges the directors to keep proper accounting records and to safeguard the assets of the company. To help them in these tasks, the directors may appoint internal auditors. Their precise role will be determined by the directors and will vary between companies. However, it will usually involve monitoring the company’s accounting, risk and internal control systems, and reporting to the directors on their effectiveness and efficiency.
External auditors are appointed by, and report to, the shareholders to examine the annual financial statements that have been prepared by the directors. Their role is to assess the credibility of these statements by examining the underlying accounting records on which the statements are based and by reviewing the key assumptions and estimates used in their preparation. Following this, the auditors will provide shareholders with an independent opinion as to whether the financial statements provide a true and fair view of the state of affairs of the company and comply with legal and other regulatory requirements.
The role of the audit committee
There is always a risk that the role of the directors as preparers of the financial statements and the role of external auditor as ‘watchdogs’ will not be carried out satisfactorily. In recent years, there have been several accounting scandals involving directors preparing financial statements that portray the financial performance and position of a company in a way that bears little resemblance to economic reality. Furthermore, external auditors have failed to spot the irregular accounting practices used by directors to obscure the true financial health of the company. This has cast doubt over the quality of the audit process and, in some cases, over the independence of auditors. It has been argued that, where directors commission large amounts of non-audit services, such as consultancy, from the auditors, their ability to audit the financial statements on behalf of the shareholders could be compromised.
The audit committee is designed to deal with these issues. The Combined Code recommends that the board of directors should set up an audit committee with delegated authority for ensuring that financial reporting and internal control principles are properly applied and for maintaining an appropriate relationship with the external auditors. To provide an element of independence, the committee should consist of at least three, or in the case of smaller companies, two, independent non-executive directors. The Combined Code sets out the main role and responsibilities of the audit committee as follows:
- to monitor the integrity of the financial statements
- to review the company’s internal controls
- to make recommendations concerning the appointment and removal of the external auditor and to approve the terms of engagement
- to review and monitor the independence, objectivity, and effectiveness of the external auditor
- to establish and implement policies concerning the supply of non-audit services by the external auditor.
In addition to the duties identified above, the audit committee may also take responsibility for reviewing the risk management systems of the company where the board, or a separate risk committee, does not specifically address this issue (ref 1).
Fulfilling the role
The audit committee will receive its terms of reference from the board of directors, which, in practice, are normally in line with the recommendations set out in the Combined Code. Although the terms of reference will define its role and responsibilities, the board of directors must also ensure that the committee has the authority and resources to carry out its responsibilities: without these, the committee will have no real ‘teeth’.
It is vitally important to establish the right membership of the committee. It should consist of individuals with the integrity, judgement and strength of character to deal with the difficult issues that may have to be confronted. They must be prepared to pursue enquiries, even when faced with determined opposition from senior managers or executive directors. The Combined Code recommends that at least one member should have ‘recent and relevant financial experience’, however other members should also bring skills and experience that contribute to the work of the committee.
The committee should meet regularly and the time allocated to each meeting must be appropriate. Some of the meetings should be planned to coincide with important events such as the commencement of the annual audit, the publication of interim financial statements, and the announcement of the preliminary results for the year. In practice, it seems that audit committees of most FTSE100 companies meet at least four times a year. Those companies that are also registered with the US Securities and Exchange Commission (SEC) must comply with strict US requirements and are likely to meet more frequently than those companies that are not SEC registered. Figure 1 shows the frequency of meetings of SEC registered and non-SEC registered companies in the FTSE100 (ref 2).
If the committee is to be effective, clear lines of communication must be in place with key individuals such as the chief executive, the finance director, and the heads of the internal and external audit teams. These individuals should provide the audit committee with timely and relevant information and, where appropriate, attend meetings of the audit committee.
When reviewing internal controls, the committee should receive details on the effectiveness of the processes in place by both the internal and external audit teams. The committee must be satisfied that the internal controls have operated satisfactorily during the year and that any recommendations for improvement were implemented. There should be a code of conduct for employees as well as anti-fraud and anti-corruption policies in place. These must also be reviewed to see whether they are operating effectively.
When reviewing the company’s risk management systems, the committee will need to be satisfied that the key risk areas are being monitored and that any control failures or emerging risks are quickly identified and dealt with. The committee must also be satisfied that risk management is not seen as simply a ‘box-ticking’ exercise and that there is widespread recognition of its importance. The work of the committee may help to promote a sense of ownership by relevant employees towards the management of risk.
Internal auditors should provide assistance to the audit committee by reporting on the effectiveness of internal control and risk management procedures. They can become the ‘eyes and ears’ of the audit committee and may prove invaluable in providing necessary assurances. The internal auditors can benefit from a close relationship with the audit committee because it can strengthen their independence and status within the company. The audit committee can help foster greater independence through meetings with the internal auditors where management is excluded. The audit committee can also strengthen the authority of internal auditors by insisting that management cooperates with them (ref 3).
When reviewing the external audit process, the committee should consider the experience and expertise of the audit team. The committee should also review the audit plans and procedures that are being proposed and should check to see that there is an appropriate fit with the work carried out by the internal audit team. The committee will need to check that the time devoted to the audit process is sufficient and that the key issues and risks will be addressed. To help monitor progress, meetings with the external auditor should take place during which a review of the auditor’s actual performance against earlier planned performance should be undertaken. The amount of non-audit services provided by the external auditors must also be reviewed on a regular basis to see whether their independence is being compromised. To help maintain a fresh perspective to the audit process, the committee may wish to ensure that the head of external audit and/or the audit firm is rotated on a regular basis.
When reviewing the financial statements, the committee should pay particular attention to the following:
- the accounting policies adopted and whether they conform to the industry norm
- any changes to accounting policies
- the estimates and judgements that have been made in key areas such as bad debts, provisions, depreciation, etc
- any unusual items, such as large write offs, or unusual relationships, such as a very high bad debts to sales
- any unusual trends in financial performance or position.
By examining the above, it may be possible to identify irregular accounting practices or fraudulent behaviour. Any questions arising from such an examination should be capable of being answered by the chief executive, finance director, and external auditors.
The audit committee will normally be expected to produce a report for shareholders to be contained within the annual report. In practice, the quality of these reports can vary considerably. In some cases they simply describe the main features of the committee such as its constitution and membership, its role, the names and qualifications of its members, the frequency of meetings and so on. This kind of information, however, offers little insight into the way in which the committee has gone about its work. Independent Audit Ltd, which is committed to improving corporate governance procedures, has argued: ‘Good committees don’t distinguish themselves by statements of compliance. They stand out by explaining to shareholders how they went about their duties, and by doing so in clear English which shows they are describing real activity rather than aspirations. They leave the reader with a sense that the committee understands its role and what being effective means, and that they care enough about what they have been doing to want the reader to understand it' (ref 2).
The audit committee report will be presented to the annual general meeting, which the chairman of the audit committee should attend. This will provide shareholders with the opportunity to question the chairman on any matters for which the committee has responsibility.
The audit committee should also review its own effectiveness. This should be done on a regular basis and, ideally, should involve external parties in the assessment process. It should involve a review of the terms of reference and the way in which the committee has carried out its responsibilities. The contribution of individual members should be assessed, which should include some assessment as to whether they have kept up to date with financial reporting and corporate governance issues.
Are audit committees worthwhile?
Audit committees are a relatively new addition to the corporate governance framework and it is difficult to assess just how effective they are in dealing with the problems identified earlier. It seems, however, that at least audit committee members believe that these committees are effective.
A recent survey by the Audit Committee Institute asked audit committee members of leading UK and US companies whether they believed that losses incurred by the high profile financial reporting scandals of the past few years could have been avoided, or reduced, if the financial and auditing processes of the company had been overseen by an effective audit committee. The results are shown in Figure 2.
We can see that roughly two-thirds of audit committee members believe that effective audit committees would have been beneficial. There seems to be little difference between the results between UK and US committee members4. Sceptics could argue that the survey results provide little more than self-justification. To vote against the proposition is really to cast doubt on the effectiveness of one of the key functions of the audit committee. Thus, the fact that roughly one-third of committee members voted against the proposition may be viewed as cause for concern. Only the passage of time, however, will reveal whether audit committees can really offer some protection from accounting scandals.
There are potential costs in placing heavy responsibilities on the audit committee and in scrutinising its activities and decisions. There is always a risk that such pressure will cultivate an increasingly cautious approach among committee members, which, in turn, may inhibit managers from taking risks. A ‘compliance’ mentality may develop that promotes conformity and caution at the expense of creativity and risk taking, which are essential to long-term prosperity (ref 5).
There is also a danger that the responsibilities placed on the audit committee, and the scrutiny to which its activities are subjected, may dissuade individuals from chairing, or even becoming a member of, the audit committee. A great deal of time and effort is normally required to carry out the committee’s work and there is considerable risk to an individual’s reputation if things go wrong. It is, perhaps, not surprising that a fairly recent survey has shown that
non-executive directors are increasingly reluctant to take on the role of chairing the audit committee (ref 6).
Summary
The audit committee is charged with monitoring the integrity of the financial statements, reviewing the internal controls of the company and managing the relationship with the external auditors. These are significant responsibilities that place the audit committee at the heart of corporate governance.
These responsibilities place a considerable burden on committee members and, in particular, on the chair of the committee. There is some concern that this may adversely affect the way in which the committee operates and make it difficult to recruit high-quality individuals to its membership.
References
1 The Combined Code, July 2003, p16, www.fsa.gov.uk
2 Independent Audit Ltd, Audit committee reporting in 2005. www.boydeninterim.co.uk
3 Haigney N, Relationship between audit committee and internal audit. HM Treasury, www.nationalschool.gov.uk
4 UK audit committees more confident and involved than US counterparts, Audit Committee Quarterly, issue 11. Audit Committee Institute.
5 Slkowicz K, New organisational and psychological challenges of the audit committee, Audit Committee Quarterly, issue 8. Audit Committee Institute.
6 Reported in Tucker S, UK chiefs reluctant to take on audit role, www.ft.com, 30 January 2005.
Peter Atrill is examiner for Module B of the Diploma in Financial Management