Status check: three years after SOX, effectiveness of audit committees is a mixed bag.
As it turned out, Sec. 404, which requires an issuer's annual report to contain an internal control report signed off on by the external auditor, has drawn the most attention--and dollars--from public companies. And search firms have been left without the forecasted spike in hiring of such financial experts.
Why? Exhausted from meeting rigorous Sec. 404 demands, most board chairs and CEOs simply plucked a financial expert from their existing board of directors or a friend with financial expertise to sit on the audit committee.
So, how well are audit committees working and where do they need to improve?
A MIXED BAG
To help answer these questions, we interviewed several stakeholders, including audit committee members. The results indicated that audit committee effectiveness has been a mixed bag, with some SOX provisions proving to be bigger hurdles than others.
Some of the more harrowing challenges include measuring the effectiveness of internal and external auditors; ensuring a corporate code of ethics; appointing qualified and independent committee members; ensuring the integrity of financial statements; and providing for effective feedback from stakeholders.
As new rounds of accelerated filers grapple with Sec. 404 compliance, several lessons are becoming clear--chief among them is the interplay between management and the audit committee.
The increased regulatory emphasis on audit committees can highlight or even exacerbate schisms between the committee and management. But the increased regulatory focus can have a silver lining: audit committee process improvements.
SAS 61, which regulates communications between the outside CPA firm and the audit committee, has had more impact on the effectiveness of audit committees than SOX, according to Bill LeRoy, a partner at BDO Seidman.
Prior to SAS 61, only the unresolved issues had to be reported; now all significant accounting issues for the period are discussed with the audit committee including how they were accounted for and how the preferred accounting treatment was determined.
This has empowered and emboldened auditors, giving them leverage they had lacked before management, and ultimately increasing the committee's effectiveness.
But for many companies, process improvements resulting from increased regulation is an afterthought. This can be partly attributed to the lack of guidance emanating from regulatory bodies.
"To be meaningful, SOX compliance must be more than just checking off the items on a checklist," says Denise O'Leary, audit committee chair for America West Airlines and Chiron Corp., and an audit committee member for Medtronic Inc. "And last year, the PCAOB and SEC didn't offer much direction."
This frustration with a lack of guidance is an all-too-familiar scenario. The enormity of internal controls compliance, the mandate of Sec. 404, and the resulting chorus of public company backlash led the SEC to extend for one year the Sec. 404 compliance deadline for accelerated filers.
When it comes to selecting directors and audit committee members, the saying "it's who you know" seems to be in play. Many of these people are still selected through a key executive's personal network.
Take Dow Pharmaceutical, for example. When its board was searching for new directors, it "put together the requirements ... and solicited leads from itself," according to Dexter Roberts, a Dow board member. Eventually, the company put its CEO on the board, a move lagging in shareholder popularity.
Today's shareholders are becoming increasingly concerned with corporate governance best practices. Take the recent case of Nestle SA, which named its CEO board chair even though 36 percent of the shareholders supported a proposal to ban combined titles because of the potential conflict of interest between the positions of chair and CEO.
According to those shareholders, board members, to be independent, should not be linked to the company in any way that may impair their objectivity.
Due to this type of sentiment, audit committee candidates in large, publicly traded companies appear to receive increased scrutiny from third-party attorneys and CPA firms that check these candidates' independence.
Another factor when determining independence is compensation for audit committee members and, in particular, the financial expert. While effective audit committee members are in high demand, an overly handsome payday may impair their independence.
So, how should committee members be compensated? And how much is too much? According to BDO Seidman's LeRoy, companies ought to compensate audit committee members in a way "that rewards them for long-term success, not short-term gains at the cost of long-term success.
"Pay itself is not the problem," says LeRoy. "But if the payment is stock options, then the audit committee's motivation is for stock to appreciate."
Martin Kropelnicki, a former CFO of Hall Kinion and associate professor of economics at San Jose State University, says audit committee members for the company are paid the same rate as board members. The audit committee chair receives an additional $15,000.
"My feeling is that audit committee members should be compensated more than a regular board member," Kropelnicki says. "The time they spend, just in signing off on 10Ks, for instance, is far more than a regular board member."
This pay model seems to be an industry standard. Though she sits on three separate audit committees, O'Leary says the compensation scale is the same at each.
"The board members are paid a certain amount, the audit committee members are paid a certain amount and the committee chairs are paid more," she says.
Under SOX, the audit committee hires the external auditor, but not all participants in the financial reporting process view the audit committee as the auditor's client, according to KPMG's 2004 Audit Committee Institute survey.
The whistle-blower provision of SOX is one protection against potential conflicts-of-interest, but addressing this provision appears to be yet another challenge of SOX.
This mandate of incorporating confidential employee submissions of concerns has caused an overwhelming majority of companies to hire outside counsel to research and resolve the whistle-blower provision.
Ted Lavoie, a long-time CFO and audit committee chair, says some firms have set up voice scrambling technology to comply with the anonymity provision. Underscoring the sensitivity of this requirement, many companies, such as QuadraMed, asked their compliance officer (i.e. general counsel) to oversee the outsourcing of this requirement.
BOARD-AUDIT COMMITTEE AUTHORITY
KPMG's Audit Committee Institute survey revealed friction between directors and company executives resulting from the empowerment of corporate boards and their audit committees. While 63 percent of the members surveyed thought the right balance had been achieved, 13 percent of U.S. respondents said audit committee responsibilities exceeded oversight requirements.
Auditors generally meet with the audit committee or the full board three to five times per year. In large organizations, the audit work is year-round, providing continuous feedback to the board.
The quality of the information is based on the board asking the right questions of the external auditors, hence the need for qualified financial experts.
Auditor accountability is shifting away from management to the audit committee. Some CFOs we interviewed said they became more risk-conscious in light of the increased liability. Audit committee members must effectively manage the public accounting firm and have greater knowledge of the financial and business aspects of their company, including updated technical/operations information, as well as experience with publicly traded companies.
Specifically, the audit committee chair should have a breadth of experience in audit committee processes, knowledge of financial reporting and internal controls, and an understanding of the aims of internal management, according to O'Leary.
A key outcome of this shift is the increased emphasis on internal audits, which now must provide management and the audit committee with ongoing assessments of the company's risk management process and system of internal control.
More than 27 percent of the KPMG participants were not confident that their company's internal auditors would report controversial issues to the audit committee. When audit committee members were asked about their committee's effectiveness working with internal audits, responses ranged from ineffective to a sporadic reliance on the internal auditors to excellent, indicating room for improvement.
Our interviews indicate the effectiveness of the audit committee, since SOX, varies depending on its ability to:
* Influence management's establishment and maintenance of internal controls;
* Optimize and measure the effectiveness of external and internal auditors;
* Sustain the corporate code of ethics;
* Influence the appointment of qualified and independent audit committee members;
* Assess and ensure the integrity of management's financial statements; and
* Provide for effective feedback from the various stakeholders.
RELATED ARTICLE: Maintaining Independence
Under the Sarbanes-Oxley Act, the SEC unveiled audit committee rules that bar national securities exchanges from listing the security of an issuer that falls short of the following five requirements:
>1. Each audit committee member must be "independent." Members can't accept fees from the company beyond what they get paid for being a director or a committee member, nor can a member be an "affiliated person" of the company or its subsidiaries.
>2. The audit committee must be directly responsible for appointing, compensating, retaining and overseeing the work of outside auditors. It must also preside over registered public accounting firms performing other audit, review or attest services for the company. The outside auditor must report directly to the committee.
>3. Audit committees must set up procedures for complaints about accounting, internal accounting controls or auditing matters. Such procedures should incorporate "confidential, anonymous submission by employees of concerns regarding questionable accounting or auditing matters."
>4. The committee must have the resources and authority to hire outside lawyers and other advisers needed to carry out its duties.
>5. Companies must supply "appropriate" funding to compensate the independent auditor or any advisers employed by the audit committee.
BY PAUL HERRERIAS, CPA
Paul Herrerias, MA, CPA is executive director of Herrerias & Associates, an executive search and leadership consulting firm focused on CPAs. You can reach him at firstname.lastname@example.org or www.herrerias.com.
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||AUDIT COMMITTEES; Sarbanes-Oxley Act of 2002|
|Date:||Jul 1, 2005|
|Previous Article:||Lessons learned: COSO, COBiT and other emerging standards for SOX compliance.|
|Next Article:||Money business: how the Bank Secrecy Act impacts CPAs and their clients.|