The primary purpose of an audit committee is to provide oversight of the financial reporting process. In doing so they may have oversight of the internal and external audit process and other compliance and risk related processes. When audit committees try to get into too many details and micro manage these processes, it’s considered intrusive. When the audit committees do not do enough, that’s called a ‘tick the box’ approach. Many would agree that a fine balance is required to be responsible and effective as an audit committee.
Having oversight means being watchful and providing due care towards your responsibility. It can be similar to a watchdog or group of persons that act as a protector or guardian against unacceptable governance principles. The moment the audit committee treads into management areas, they lose their oversight responsibility and try to become management. This doesn’t augur well in terms of good governance, as management will do what the audit committee may request, to avoid being second guessed and consequently there will be no one to provide oversight over the reporting process which is directly influenced by the audit committee. The audit committee should be in a position to challenge appropriately and be a sounding board for management decisions.
Audit committee charter
An audit committee charter sets forth the general purpose, authority, composition and responsibilities of the committee. The charter should ensure that the oversight responsibility can be fulfilled by the audit committee and set out to determine that all responsibilities outlined in the charter have been carried out. For the audit committee members to remain effective the charter should require an annual evaluation of members’ performance.
The audit committee should review significant accounting policies and reporting issues and recent professional and regulatory pronouncements to understand the potential impact on financial statements. However, management should be held responsible to prepare this information and obtain concurrence about estimates and judgments made to comply with the pronouncements.
The committee should get an understanding of how management prepares interim financial information and assess whether they are appropriate.
Audit committees shall consider internal controls and review their effectiveness with the help of internal auditors. This may include controls over financial reporting, IT/cyber security and other operational controls that come under the purview of the committee. They have to be satisfied that the process is designed and operating effectively.
The committee reviews the results of the audit with management and external auditors, including matters required to be communicated to the committee under relevant auditing standards.
In fulfilling the audit committee responsibilities understanding of risks and the process that manages the risks becomes fundamental. Therefore, the responsibility for oversight on enterprise risk management may rest with the audit committee.
An effective audit committee should provide the required supervision without performing management tasks and be responsible to hold management accountable for execution.