Ten best practices for audit committees: the public company audit committee now has an enhanced role and needs to revise some of its practices. Here are some key areas to focus on.
In light of these changes, spurred not only by the scandals but the new rules and regulations that followed the scandals, there are some key areas to focus on. The following discusses 10 best practices for audit committees summarized from a list of 30 that are included in a new book on the subject by this author.
1 Establish an effective internal audit function that reports to the audit committee. Establishing such an internal audit function is probably the most important thing the audit committee can do. The internal auditor must be hired and compensated by the audit committee of the board of directors. The primary responsibility of the internal auditor should be to assist the board in performing its fiduciary duty to monitor management--or, in other words, act as the eyes and ears of the audit committee.
Other operational duties may be assigned to the internal auditor by management, but these other duties should not interfere with the primary responsibility of the internal auditor.
It is clear from the WorldCom Inc. fiasco that the audit committee must control the operations of the internal audit department to the extent that those functions deal with the audit of financial reporting. WorldCom's audit committee allowed management to control the internal audit department and created an incentive structure that required the internal audit group to emphasize operational audits, which saved money for WorldCom or otherwise produced "value." This resulted in an internal audit group that had neither the staffing nor funding to provide adequate information to the audit committee on financial reporting issues.
Serious consideration should be given to structuring the compensation of the head of the internal audit to avoid excessive reliance on compensation driven by accounting results. To properly maintain the watchdog function of the internal auditor, he or she should not receive significant incentives based on profitability.
Some companies prefer to outsource all or part (so-called "co-sourcing") of the internal audit function. Under these circumstances, the audit committee should control not only the selection and retention of the outside internal auditor, but also the compensation arrangements.
2 Create an ethical, law-abiding culture within the organization without discouraging entrepreneurial risk-taking. A key element of such a culture is the tone at the top of the organization.
Employees must be sensitized to the need to communicate significant legal risks to management and to the audit committee or nominating/corporate governance committee of the board of directors. The U. S. Department of Justice guidelines require the board to create an ethical, law-abiding culture to avoid criminal indictment of the organization. Financial incentives should be provided to the CEO to create such a culture.
3 The audit committee should communicate with key people throughout the organization. In addition to the outside auditors, the CEO and CFO, the audit committee should consider interviewing, at least once a year, employees and service providers in these key roles:
* controller and assistant controller (ask if there are any accounting policies or procedures with which they are uncomfortable);
* head of sales (ask if there are any side deals with any customers, channel stuffing, so called "round-trip" sales, etc.);
* tax manager (ask if there are any aggressive tax strategies being pursued by the company);
* inside and outside counsel;
* head of disclosure committee;
* corporate governance officer;
* head of information technology;
* head of corporate development;
* head of purchasing.
Audit committees cannot operate properly without having information from diverse sources, both from within and outside the company. Although all the facts are not clear, it appears that the audit committees at Enron Corp. and WorldCom relied primarily--if not exclusively--on information provided to them by members of the management team over which they were required to exercise oversight, as well as on information provided to them by the outside auditor.
Each of the persons named above should be interviewed separately and not in the presence of superiors within the company; prosecutors have known for many years that subordinates do not talk freely when their bosses are present.
4 Monitor management sales of stock. The temptation to inflate earnings is greatest prior to the intended sale of stock by management. Audit committees should conduct more intensive and extensive audits on the eve of insider sales of significant amounts of stock. The audit committee should adopt a policy requiring written notice of insider sales several months before the actual date of such sale, so as to arrange the necessary audits.
Other "warning" events are included in Best Practice No. 5.
5 Be aware of other "warning" events. There are certain other warning events that should alert an audit committee to conduct more intensive and extensive audits. If short sellers take a significant position in the company stock, the audit committee should investigate whether the short sellers know something the audit committee does not. Other warning events may include: the company never fails to meet an earnings projection; the CEO or CFO is under personal financial pressure, which may stem from a lavish lifestyle, divorce, gambling habits or other issues.
Never failing to meet an earnings projection should raise a red flag. Personal financial pressure on the CEO or CFO should trigger a closer look by the audit committee at the company's financial statements, particularly if any large bonus or salary increase depends upon the company's financial results.
6 Control conflicts of interest. In rare situations in which the audit committee elects to approve a conflict of interest, an ongoing independent monitoring mechanism must be established. This mechanism may include more intensive or extensive audits by the independent auditor, possibly supplemented by oversight by the internal auditor. The results of both the independent auditor and the internal auditor should be reported directly to the audit committee.
The Enron audit committee approved off-balance sheet special-purpose entities that clearly created a conflict of interest between certain members of management and the company. Yet, based on the currently available facts, the Enron audit committee did not create adequate oversight mechanisms to verify that the representations made by management to the audit committee, which induced approval of the conflict of interest, were in fact being followed.
7 Ask the auditor the Warren Buffett questions. The audit committee should ask the following four questions of the auditor (as suggested by Warren Buffett):
a. If the auditor were solely responsible for the company's financial statements, would it have been prepared in any way different from the manner selected by management?
b. If the auditor were an investor, would it have received the information essential to a proper understanding of the company's financial performance during the reporting period?
c. Does the auditor know of any operational facts that caused the company's sales or profit to move significantly from one quarter to the next?
d. Is the company using the same internal audit procedure that would be followed if the auditor itself was CEO?
Answers to Buffett's questions will help elicit information from the auditor that is useful to the audit committee in overseeing management preparation of the financial statements.
8 Ensure auditor independence. If the auditor is not independent, both the company and the auditor are in violation of the Securities Exchange Act of 1934. To ensure auditor independence, the audit committee should adopt these policies:
a. The engagement letter from the auditor should contain a representation that the auditor is and will remain independent (as defined by Securities and Exchange Commission (SEC) rules) throughout the audit engagement.
b. Conduct a robust discussion with the auditor of its independence at least once a year. This robust discussion should include any relationships with management that might impair the objectivity of the auditor. For example, it was reported that KPMG LLP, the auditor for First Union Corp. (now part of Wachovia Corp.), received referrals from First Union of wealthy banking clients and First Union was, in turn, paid referral fees by KPMG LLP. Some have questioned whether this type of relationship could compromise the impartiality of the auditor.
c. After each assignment of nonaudit work to the auditor, the auditor should be required to represent to the audit committee that the nonaudit service does not impair its independence. (An exception may be made for routine nonaudit services, such as tax return preparation.)
d. Care must be taken before hiring former employees of the auditing firm as company employees, to be certain that the new employee will not impair the auditor's independence. The HR department should be required to notify the audit committee prior to any such hires.
9 Refrain from using the auditor for tax planning and tax preparation services. Although tax planning services do not impair the independence of auditors under SEC rules, audit committees should consider whether using the auditor for tax planning services is in the best interest of the company.
The audit committee should consider, among other things, the fact that the auditor is prohibited by auditor independence rules from providing an expert opinion or other expert services for an audit client, or acting as an audit client's legal representative, for the purpose of advocating an audit client's interests in litigation or in a regulatory or administrative proceeding or investigation.
The effect of this prohibition is that the auditor is unable to assist the company in advocating the company's tax position before the Internal Revenue Service (IRS), since the IRS inquiry might be viewed as a "regulatory or administrative proceeding or investigation." Although the auditor is permitted to be a fact witness in such proceedings or investigations, its inability to advocate the company's tax position handicaps the company in the defense of its tax planning.
10 Carefully consider the impact of the independent auditor's preferred accounting treatment. Sarbanes-Oxley and SEC rules require the independent auditor to disclose any accounting treatments preferred by them. The audit committee must determine on a case-by-case basis whether any of the accounting treatments preferred by the independent auditor should be adopted by the company and what the overall effect would be of such adoption.
If the audit committee decides not to adopt an independent auditor's preferred treatment, the reasons for the rejection should be carefully documented by the audit committee, with the assistance of counsel, in order to protect the audit committee from personal liability.
Frederick Lipman is a Partner with Blank Rome LLP and President of the Association of Audit Committee Members Inc. The 10 audit committee best practices described above are taken from 30 best practices described in greater detail in Lip-man's book, Corporate Governance Best Practices, published by John Wiley & Sons Inc., 2006, and available in bookstores and on Amazon.com.
RELATED ARTICLE: takeaways
* One result of the accounting scandals in recent years is the attention given to audit committees of public companies and the subsequent change in the committee's role and practices.
* The Sarbanes-Oxley Act effectively transferred certain powers from the CEO and CFO to the audit committee.
* Establishing an effective internal audit function is probably the most important thing the audit committee can do.
* Among the steps audit committees should take is to carefully consider the independent auditor's preferred accounting treatment.
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||audit committee|
|Author:||Lipman, Frederick D.|
|Date:||Oct 1, 2006|
|Previous Article:||CFO 'must-have' skills: risk / compliance / strategy; Whether you're a CFO now or aspire to be one, you need to make certain you've got your skills...|
|Next Article:||Where IT accounting raises compliance issues.|