Intrusion by Audit Committees

The primary purpose of an audit committee is to provide oversight of the financial reporting process. In doing so they may have oversight of the internal and external audit process and other compliance and risk related processes. When audit committees try to get into too many details and micro manage these processes, it’s considered intrusive. When the audit committees do not do enough, that’s called a ‘tick the box’ approach. Many would agree that a fine balance is required to be responsible and effective as an audit committee.

Oversight
Having oversight means being watchful and providing due care towards your responsibility. It can be similar to a watchdog or group of persons that act as a protector or guardian against unacceptable governance principles. The moment the audit committee treads into management areas, they lose their oversight responsibility and try to become management. This doesn’t augur well in terms of good governance, as management will do what the audit committee may request, to avoid being second guessed and consequently there will be no one to provide oversight over the reporting process which is directly influenced by the audit committee. The audit committee should be in a position to challenge appropriately and be a sounding board for management decisions.

Audit committee charter
An audit committee charter sets forth the general purpose, authority, composition and responsibilities of the committee. The charter should ensure that the oversight responsibility can be fulfilled by the audit committee and set out to determine that all responsibilities outlined in the charter have been carried out. For the audit committee members to remain effective the charter should require an annual evaluation of members’ performance.

General activities
The audit committee should review significant accounting policies and reporting issues and recent professional and regulatory pronouncements to understand the potential impact on financial statements. However, management should be held responsible to prepare this information and obtain concurrence about estimates and judgments made to comply with the pronouncements.

The committee should get an understanding of how management prepares interim financial information and assess whether they are appropriate.

Audit committees shall consider internal controls and review their effectiveness with the help of internal auditors. This may include controls over financial reporting, IT/cyber security and other operational controls that come under the purview of the committee. They have to be satisfied that the process is designed and operating effectively.

The committee reviews the results of the audit with management and external auditors, including matters required to be communicated to the committee under relevant auditing standards.

In fulfilling the audit committee responsibilities understanding of risks and the process that manages the risks becomes fundamental. Therefore, the responsibility for oversight on enterprise risk management may rest with the audit committee.

An effective audit committee should provide the required supervision without performing management tasks and be responsible to hold management accountable for execution.

Advertisements

About surenraj

“Views expressed are my own”
This entry was posted in Governance and tagged . Bookmark the permalink.

2 Responses to Intrusion by Audit Committees

  1. Richard Ebell says:

    Thanks Suren, for this thought-provoking post.

    I feel that the “line” between oversight and management involvement is difficult to discern (and therefore difficult not to cross).

    Where the Audit Committee believes there are inappropriate judgments or poor estimates in accounting, what should it do? Should it point this out, and expect management to address the concern (perhaps keeping the Board informed), or should it be more specific about what changes should be made? Is the latter to be seen as intrusion? Would the former not be inadequate in many circumstances??

    Similarly, to what extent should the Committee participate in formulating or streamlining processes or intervene in matters, say, connected with remaining a “going concern”, if they see involvement as the most practical way forward? It can seem (at least to the Committee!) that such involvement is necessary. To keep away for fear of crossing the line may be defensive and, in the end, counterproductive.

    Does it help at all if what is done in some respects is done as Directors rather than as members of the Committee? Or is that meaningless?

    Richard

    • surenraj says:

      Playing the oversight role is difficult. Crossing the line is tempting to audit committee members who are knowledgeable and responsible. For some others, they can’t be bothered!
      On the question of inappropriate application of a policy, the committee should point out and hold the CFO responsible for doing it right. The internal auditor can ensure it’s done properly. The audit committee May advice but should not decide on what should be done. If the committee makes such decisions then management may start delegating such activities to the audit committee without performing their job. I have experienced such behavior which is counter productive to achieving a good governance standard.
      Similar approach is required in applying the going concern assumption to preparing accounts. The committee may participate in formulating a process, but executing the required steps should be left to management. Otherwise, they can turnaround and say that the audit committee decided on the going concern application.
      The audit committee should act in their capacity as members of the audit committee when dealing with aspects of financial reporting.
      It’s like taking your car to the mechanic. If the mechanic is also the owner of the garage (or on the board of the company which operates the garage), in what capacity does he repair your car? Where “repair” means “oversight” for this purpose.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s