Home > Risk > If I was Chair of the Audit Committee

If I was Chair of the Audit Committee

November 11, 2013 Leave a comment Go to comments

If I was asked to join a board and serve as the chair of the audit committee (which I am qualified to do), I would apply the lessons from what seems like a lifetime of working with audit committees. In most cases, the chair was excellent and I would hope to be as effective as they were.

After what I would assume would be a thorough and detailed orientation to the organization and its challenges by such key people as the CEO, CFO and her direct reports, General Counsel, Chief Operating Officer, Chief Accounting Officer, Chief Strategy Officer, Chief Information Officer, Chief Audit Executive, Chief Risk Officer, head of Investor Relations, Chief Information Security Officer, Chief Compliance Officer, Chairman of the Board or Lead Independent Director, lead external audit partner, and outside counsel (and others, depending on the organization), I would turn my attention to the following:

  • Do I now have a fair understanding of how the organization creates value, its strategies, and the risks to those strategies?
  • Do I have a sufficient understanding of the organization’s business model, including its primary products, organization and key executives, business operations, partners, customers and suppliers, etc.?
  • How strong is the management team? Are there any individuals whose performance I need to pay attention to, perhaps asking more detailed questions when they provide information?
  • Who else is on the audit committee and do we collectively have the insight, experience, and understanding necessary to be effective? Where are the gaps and how will they be addressed?
  • What are the primary financial reporting risks and how well are they addressed? What areas merit, if any, special attention by the audit committee? Who should I look to for assurance they are being managed satisfactorily? Who owns the compliance program (if any) on controls over financial reporting, and how strong is the assessment team?
  • What are the other significant financial and other risks (for which risk management oversight has been delegated by the full board) that merit special attention? Who should I look to for assurance they are being managed satisfactorily?
  • How strong is the external audit team and how well do they work with management and the internal audit team? What are their primary concerns? Is their fee structure sufficient or excessive? Is their independence jeopardized by the services they provide beyond the financial statement audit (even if permitted by their standards)?
  • How strong is the internal audit team and does the CAE have the respect of the management team and the external auditor? Are they sufficiently resourced? Are they free from undue management influence (for example, is the CAE hoping for promotion to a position in management, does he have free access to the audit committee, and is his compensation set by management or the audit committee)? What are their primary concerns? Do they provide a formal periodic opinion on the adequacy of the organization’s processes for governance and management of risk, as well as the related controls? How do they determine what to audit?
  • Who owns and sets the agenda for the audit committee? Is there sufficient time and are there enough meetings to satisfy our oversight obligations?
  • Do the right people attend the audit committee meetings, such as the general counsel, CFO, CAE, CRO, CCO, chief accounting officer, and the external audit partner?
  • How does the approval process work for the periodic and annual filings with the regulator (e.g., the SEC)?
  • How are allegations of inappropriate conduct managed? Who owns the compliance hotline, who decides what will be investigated and how, and at what point is the audit committee involved? Is there assurance that allegations will be objectively investigated without retaliation?
  • What concerns do the other members of the audit committee have? Does the former chair of the committee have any advice?

I have probably missed a few items. What would you add?

Please share your comments and views.

  1. November 14, 2013 at 2:08 AM

    Hello Norman

    The list definitely is pretty comprehensive and reflects the characteristics of an audit committee which can play a positive role in the preservation as well as creation of value for any organization.

    Couple of points which I would like to add :

    1.I would like to see the Governance policies of the organization and how they aid in the achievement of the objectives of the same.

    2. Business Continuity Plan of the organization.

    Would welcome any comments/feedback

    2

    Couple of points from my side :

  2. Dave Chapman
    November 14, 2013 at 7:21 AM

    Norman

    SOX made a very significant change of the audit chair’s responsibility. For public and some private companies the CFO not reports dotted line to the Audit chair. That means the board is has now new risks and responsibilities. So it means new demands on time knowledge and detail and SOX and accounting. So I would add connection to the Audit company and partner and to and here is the ugly one the Business Process from Revenue Recognition to inventory management. PACOB is also involved for SOX compliance so ;… demanding position and IFRS will add to the work load if it is approved by 50% or more

  3. Karl Green
    November 14, 2013 at 7:52 AM

    A fairly comprehensive list.
    If I were to add anything, it would be a deeper dive into the strength of financial / treasurer’s group. Does the finance group have the skills and resources to adequately handle its responsibilities, and including the degree the group exists within its own silo. My experience is that lack of communication between accounting/finance and operations/sales.

    Implicit in this conversation is to what degree is the Audit Committee responsible for oversight of non-financial audits performed within the entity such as EH&S.

  4. Tony Padilla
    November 14, 2013 at 10:22 AM

    A solid, pragmatic list I would expect most auditors to come up with. The one theme continually missed by those evaluating whether to join a board or become part of any Committee is the notion of a shared value system. While everyone has their own unique view of their roles and responsibilities on boards and committees, do those board members you will break bread with share your value system, your sense of business and personal ethics and are these people whom you can respectfully disagree with but can still arrive at “doing the right thing” in the end? When push comes to shove in the boardroom, a directorate’s ability to coalesce around a mutually understood and agreed upon set of values will do more to set the tone from the “Top-Top” to management and the organization than any discrete business decision.

  5. Norman Marks
    November 14, 2013 at 11:02 AM

    Tony, I’m not sure whether your comment “A solid, pragmatic list I would expect most auditors to come up with” is an insult or commendation. Smile

  6. November 14, 2013 at 11:03 PM

    I was on an audit committee for 8 years in an organisation without an internal audit function. We had a very good relationship with the external auditors, who coincidentally we were responsible for selecting. Our committee had 2 experts in the business concerned and myself, an accountant. I believe we had – between us – a very good understanding of how the business ran. We were also responsible for improvements to the control environment. The bottom line for me is that an audit committee can be a very positive force re keeping an organisation on the straight & narrow.

  7. David Willis
    November 20, 2013 at 8:40 AM

    How does one properly assess the effectiveness of an organization’s internal controls without an internal audit function? Why does a company have to have a compliance hotline? Is that mandated somewhere or can alternatives be put in place?

  1. November 18, 2013 at 8:32 AM

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: