Audit committees step up: Financial Executives Research Foundation (FERF) interviews with audit committee members find that audit committees are more proactive than ever in governing their organizations--regardless of their company's size.For a typical audit committee, workload, time commitment and communication with senior management and auditors are on the rise. In the era of Sarbanes-Oxley, audit committees clearly have more responsibility and authority. By hiring experts with accountability to the board, not management, and by selecting, monitoring and overseeing the external auditors The examples and perspective in this article or section may not represent a worldwide view of the subject. Please [ improve this article] or discuss the issue on the talk page. , instead of rubber-stamping the process, audit committees are increasingly proactive in fulfilling their fiduciary duties Noun 1. fiduciary duty - the legal duty of a fiduciary to act in the best interests of the beneficiary legal duty - acts which the law requires be done or forborne to shareholders. Though Sarbanes-Oxley and other reforms don't pertain to pertain to verb relate to, concern, refer to, regard, be part of, belong to, apply to, bear on, befit, be relevant to, be appropriate to, appertain to privately held companies privately held company A firm whose shares are held within a relatively small circle of owners and are not traded publicly. , in order to stay competitive for funding, even committees from private companies are acting, seeking more answers from--and fostering more candid can·did adj. 1. Free from prejudice; impartial. 2. Characterized by openness and sincerity of expression; unreservedly straightforward: In private, I gave them my candid opinion. , open relationships with--management and auditors. In recent interviews with audit committee members and senior financial executives, Financial Executives Research Foundation (FERF FERF Financial Executives Research Foundation FERF Far End Reporting Failure FERF Far End Receive Failure ) identified common practices for audit committees--the only board committee, notes Barbara Hackman Franklin, current audit committee chair at Dow Chemical Co. and Aetna Inc., that monitors what is done all the time. "Thus, it must do its best to monitor the integrity of both the financial statements and the process that produces them," says Franklin. Structure and Composition Under the revised New York Stock Exchange New York Stock Exchange (NYSE) World's largest marketplace for securities. The exchange began as an informal meeting of 24 men in 1792 on what is now Wall Street in New York City. listing standards, audit committees must consist of at least three independent directors who are financially literate. In addition, at least one member must have accounting and financial management expertise, qualifying as an audit committee financial expert as defined by Item 401(e) of Securities and Exchange Commission (SEC) Regulation S-K. Thomas L. Ringer, who chairs the audit committees of two small- to medium-sized Nasdaq-listed companies, has encouraged his fellow board members to recruit an additional financial expert for one of the companies, since some industry-specific issues can be complicated. Though Ringer himself qualifies as the expert, he feels the company would be better served by having another expert. Ringer expects more rigorous requirements for other companies seeking board members. Susan F. Schultz, founder of SSA (Serial Storage Architecture) A fault tolerant peripheral interface from IBM that transfers data at 80 and 160 Mbytes/sec. SSA uses SCSI commands, allowing existing software to drive SSA peripherals, which are typically disk drives. Executive Search and the Board Institute, firms that actively recruit and provide education to board members, agrees that "the [selection] process is becoming proactive, with boards engaging outside professionals to recruit and validate To prove something to be sound or logical. Also to certify conformance to a standard. Contrast with "verify," which means to prove something to be correct. For example, data entry validity checking determines whether the data make sense (numbers fall within a range, numeric data the process to their constituencies. The mandate for and stricter definition of independence, together with the exchanges' recommendation that directors serve on no more than three audit committees, is creating an opportunity to diversify diversify To acquire a variety of assets that do not tend to change in value at the same time. To diversify a securities portfolio is to purchase different types of securities in different companies in unrelated industries. boards." The audit committee of Arsenal Digital Solutions, a privately held storage management services See SMS. (storage) Storage Management Services - (SMS) Software that enables network administrators to route backup data from various devices on a network to another device such as a server or a magnetic tape backup unit. provider, comprises a member with expertise in due diligence Research; analysis; your homework. This term has caught on in all industries, because it sounds so "wired." Who would want to do analysis or research when they can do due diligence. See wired. and investment banking and another in emerging growth companies--providing both a backward- and forward-looking view for investors. Though many private companies don't have three audit committee members, they are likely to consider expanding committee sizes in the future. For larger public companies, however, FERF interviews discovered that committees have either met or exceeded size requirements, even prior to governance reforms. For example, Franklin hasn't noted any changes in the structure or composition of her audit committees. However, she agrees that boards are placing much more attention on reviewing board member backgrounds, particularly as they relate to the financial expert definition. "I am [a believer that] more financial experts being named on SEC filings, rather than just one," she says. "There are two questions: Who qualifies under the rule, and, of those who qualify, who is willing to be named? The fact that many directors are willing to be named shows that people are willing to accept this responsibility." Though the size of some audit committees may not have changed, their charters certainly have. "Charters are far more detailed than ever before," says Franklin, noting that charters were far simpler prior to Sarbanes-Oxley in describing relationships between committees and their constituents. "Now, charters are as long as several pages and include elements, such as consideration of external audit firm rotation, that would not have been in charters heretofore." Even audit committees at private companies have adopted charters. Steven Horan, CFO See Chief Financial Officer. of Arsenal Digital Solutions, says its audit committee has tailored its charter for as many Sarbanes-Oxley rules as it deems applicable. Meetings and Responsibilities Audit committees are meeting more frequently--both informally and formally. Formal meetings occur at least four, and sometimes up to 12, times per year. Typically, four of those are in person, last about three to four hours and include senior management, external audit and internal audit. Detailed minutes are kept, and exhibits may be included. The rest of the meetings occur by telephone and generally involve a detailed review of quarterly results; for public companies, this would mean related financial statement filings and earnings press releases, including external auditor review and CEO/CFO certification. Although these meetings only last about an hour, more preparation and review occurs beforehand. On behalf of the audit committee, Ringer spends at least two hours on a line-by-line review of Forms 10-K and 10-Q, and prepares comments for response by the CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. and CFO, external auditors and company attorneys, a dramatic change from three or four years ago. At one of Ringer's companies, the quarterly review includes a report from external auditors on their review of contracts examined based on Statement of Position 97-2, which defines parameters for software revenue recognition. During the last two weeks of the quarter, external auditors are required to audit every contract over $50,000 and report on the percentage of contracts examined and in compliance with the standard. Audit committees are also more involved in audit planning and defining the scope of the audit. During the audit process at Arsenal Digital Solutions, the committee meets every two weeks. All audit committees preapprove pre·ap·prove tr.v. pre·ap·proved, pre·ap·prov·ing, pre·ap·proves To approve or qualify before the usual procedures or formalities have taken place: external audit fees and perform thorough evaluations of the external auditor and the audit team. At Aetna, the committee even interviews candidates for the lead audit engagement partner. "Though the committee considers management's input, the committee makes the final selection. There is no question about who the partner reports to," says Franklin. The same is true of internal audit--as chair, Franklin is involved in the selection process for the internal auditor Internal auditor An employee of a company who analyzes the company's accounting records to that the company is following and complying with all regulations. . Meeting agendas are determined by the audit committee, not management. In Franklin's experience, agendas are determined on the basis of risk assessment, a consideration that has since been integrated into the NYSE NYSE See: New York Stock Exchange standards. In September and October, the boards define which short-to-medium term risks belong to the audit committee, or to other committees or the full board. These risks are prioritized and reviewed during an in-person meeting and slotted into the meeting schedule. Once approved by the committee, Franklin reviews them with the CEO for additional comment. "We find that some of the same risks, such as asbestos-related liability or controls over joint ventures and overseas operations, pop up year after year," she says. The remainder of a typical agenda covers audit committee education, with a focus on corporate governance Corporate Governance The relationship between all the stakeholders in a company. This includes the shareholders, directors, and management of a company, as defined by the corporate charter, bylaws, formal policy, and rule of law. trends. Though some agenda aspects are standard, it's key to maintain an open dialogue among committee members, senior management and auditors. Ringer recommends using the four questions an audit committee should ask auditors, as cited in Warren Buffett's letter to investors in the Berkshire Hathaway Berkshire Hathaway (NYSE: BRKA, NYSE: BRKB) is a conglomerate holding company headquartered in Omaha, Nebraska, U.S., that oversees and manages a number of subsidiary companies. 2002 annual report (see adjacent sidesbar). Meetings also allot al·lot tr.v. al·lot·ted, al·lot·ting, al·lots 1. To parcel out; distribute or apportion: allotting land to homesteaders; allot blame. 2. for executive sessions without management present. They are broken down into two subcomponents--one with external auditors and another comprised only of committee members. At Arsenal Digital Solutions, the finance staff has direct access to the audit committee and regularly conducts private sessions with its controller. To monitor adherence to a code of ethics Code of Ethics can refer to:
To reflect additional responsibilities, pay is increasing for all board members, Schultz says. Audit committee members, and the chair in particular, often receive extra fees for their services. At Arsenal Digital Solutions, audit committees receive a fixed annual compensation and stock options. Education, Education, Education On committees that Franklin has chaired, the orientation process for new audit committee members is simple yet effective. In addition to providing charters and minutes of past meetings, the member meets with auditors, management and the general counsel, each of whom outlines how he or she contributes to the financial statement process. In addition, members can choose to take director-level courses. "The education process focuses on strengthening areas of knowledge and building relationships with those who've been around the audit committee table. Additionally, there is a focus on areas where management makes judgment," says Franklin. "Every business has areas like this that the audit committee needs to be looking at. It cannot take its eye off the substance." At Arsenal Digital Solutions, every board member is provided a detailed business plan, along with a summary of operating and industry issues. This includes an explanation of metrics metrics Managed care A popular term for standards by which the quality of a product, service, or outcome of a particular form of Pt management is evaluated. See TQM. used by human resources The fancy word for "people." The human resources department within an organization, years ago known as the "personnel department," manages the administrative aspects of the employees. , finance and operations to measure company progress. The annual plan is approved by the board and reviewed monthly. Ringer's fellow committee members have attended director-level education sessions held by KPMG KPMG Klynveld Peat Marwick Goerdeler (accounting firm) KPMG Kaiser Permanente Medical Group KPMG Keiner Prüft Mehr Genau (German) KPMG Kommen Prüfen Meckern Gehen , the State of Wisconsin Investment Board and Stanford University Stanford University, at Stanford, Calif.; coeducational; chartered 1885, opened 1891 as Leland Stanford Junior Univ. (still the legal name). The original campus was designed by Frederick Law Olmsted. David Starr Jordan was its first president. . Committee members have visited operating facilities, attended product presentations and reviewed competitor backgrounds to better understand industry-related issues. Other educational and evaluation tools, such as the Audit Committee Index (ACI ACI American Concrete Institute ACI Arch Coal Inc ACI Airports Council International (formerly Airport Associations Coordinating Council) ACI Automobile Club d'Italia ACI American Competitiveness Initiative ) developed by the Board Institute and FERF, allow audit committees to validate their own practices against others. For the first time, there are two education tracks, the business of the business and the governance of the business, says Schultz. The ACI includes best practices, so directors can be assured they are in general compliance and, at the same time, learn about fundamental duties. This is accomplished by benchmarking members' understanding of key business metrics, which vary by business. Challenges and Trends In the near term, committees still have to deal with internal control attestation The act of attending the execution of a document and bearing witness to its authenticity, by signing one's name to it to affirm that it is genuine. The certification by a custodian of records that a copy of an original document is a true copy that is demonstrated by his or her , as per Sarbanes-Oxley Section 404. Currently, committees are only involved with progress reviews of implementation plans. Related to this is the external auditor assessment of the audit committee. Interviewees note that this may create difficulty and ambiguity for the external auditor, particularly when reporting dissatisfaction with committee performance. Finally, the issue of potentially increased liability on the part of audit committee members has not been resolved. In a broader sense, however, directors are doing real work and posing the questions that matter, says Schultz. But, the challenge to balance expense with substantive reform remains. In order to distinguish good governance The terms governance and good governance are increasingly being used in development literature. Governance describes the process of decision-making and the process by which decisions are implemented (or not implemented). from process, interviewees promote candid communication, remembering that financials should be accurate and risks should be managed for investors. This effort should include informal, non-confrontational communication that does not necessarily involve the CEO. Executives who are not as candid will eventually be pressured to be more truthful. Franklin finds that even the physical room setup See BIOS setup and install program. is important, arguing that smaller rooms promote more honest discussion. "I think audit committees need to provide more fulsome, rather than perfunctory per·func·to·ry adj. 1. Done routinely and with little interest or care: The operator answered the phone with a perfunctory greeting. 2. Acting with indifference; showing little interest or care. , reports to the board--particularly if heavy messages need to be delivered." While an audit committee's tasks will certainly depend on the company's size and complexity, it's clear that if people they work with cannot be trusted, it is nearly impossible to govern effectively. Horan, for one, views the audit committee as a resource, not an adversary adversary traditional appellation of Satan [O.T.: Job 1:6; N.T.: I Peter 5:8] See : Devil . For example, Arsenal Digital Solutions plans to implement Sarbanes-Oxley Section 404 by September 2004, which he anticipates will require a substantial investment of time by the audit committee. Horan notes that he reaches out to members every two to three weeks to discuss the impact of industry trends on the company. "I can't think of every issue on risk management and still effectively help run the business ... I've got to be open to other perspectives. The audit committee won't provide insight if they don't trust me and I'm not providing full disclosure." Four questions audit committees should ask external auditors: 1 If the auditor were solely responsible for preparation of the company's financial statements, would they have in any way been prepared differently from the manner selected by management? This question should cover both material and nonmaterial differences, if the auditor would have done something differently, both management's argument and the auditor's response should be disclosed. The audit committee should then evaluate the facts. 2 If the auditor were an investor, would he have received--in plain English--the information essential to his understanding the company's financial performance during the reporting period? 3 Is the company following the same internal audit procedure that would be followed if the auditor himself were CEO? If not, what are the differences, and why? 4 Is the auditor aware of any actions--either accounting or operational--that have had the purpose and effect of moving revenues or expenses from one reporting period to another? Source: Warren Buffett's Letter to Shareholders, Berkshire Hath away 2002 Annual Report Cheryl de Mesa Graziano, CPA (Computer Press Association, Landing, NJ) An earlier membership organization founded in 1983 that promoted excellence in computer journalism. Its annual awards honored outstanding examples in print, broadcast and electronic media. The CPA disbanded in 2000. , is Director of Research For Financial Executives Research Foundation (FERF). She can be reached at cgraziano@fei.org. |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion