The Role of the Audit Committee Center for April 2018 Board Effectiveness the Role of the Audit Committee
Total Page:16
File Type:pdf, Size:1020Kb
The role of the audit committee Center for April 2018 Board Effectiveness The role of the audit committee Oversight of financial reporting and related internal controls Review of filings and earnings releases Risk oversight Oversight of the independent auditor Ethics and compliance Oversight of internal audit Other interactions with management and the board Audit committee external communications 2 Role of the audit committee The role of the audit committee As an audit committee member, it is important to understand the rules Oversight of financial reporting relevant to your role. This section provides an overview of an audit and related internal controls committee’s responsibilities in overseeing financial reporting and related The audit committee, management, and the independent internal controls, risk, and ethics and compliance. It also discusses the auditor all have distinct roles in financial reporting. Management is responsible for preparing the financial committee’s role in overseeing the internal and independent auditors, as well statements, establishing and maintaining adequate as how the committee may interact with other members of management and internal control over financial reporting (ICFR), and evaluating the effectiveness of ICFR. The independent external stakeholders. Finally, it highlights the committee’s responsibilities auditor is responsible for expressing an opinion on the with respect to disclosures in the proxy statement. fairness with which the financial statements present, in all material respects, the financial position, the results of operations, and cash flows in conformity with GAAP, and, SEC, PCAOB, NYSE, and NASDAQ rules are highlighted where relevant, and we when applicable, evaluating the effectiveness of ICFR. have noted leading practices, tools, and resources to help audit committee To oversee ICFR successfully, the audit committee should members execute their responsibilities. be familiar with the processes and controls management has put in place and understand whether those processes and controls are designed and operating effectively. The audit committee should work with management, the internal auditors, and the independent auditor to gain the knowledge needed to provide appropriate oversight of this area. Likewise, the audit committee is responsible for overseeing the entire financial reporting process. To do so effectively, it should be familiar with the processes and controls that management has established and determine whether they were designed effectively. 3 Role of the audit committee The audit committee’s role is one of oversight and balance-sheet transactions, on the financial statements. Audit committee members should be aware of three monitoring, and in carrying out this responsibility, the For example: main areas of fraud risk: committee may rely on management, the independent • Management and the audit committee should • Financial statement fraud, which includes intentional auditor, and any advisers the committee might engage, discuss pending technical and regulatory matters misstatements in or omissions from financial provided its reliance is reasonable. that could affect the financial statements, and statements the audit committee should be updated on The audit committee should consider having • Asset misappropriation, which may include check management’s plans to implement new technical management identify and discuss any significant forgery, theft of money, inventory theft, payroll fraud, or regulatory guidelines. accounting policies, estimates, and judgments made. or theft of services The review of off-balance-sheet structures should A quarterly analysis of these areas may be useful to • • Corruption, which may include schemes such as prepare for these discussions, and management should also be a recurring agenda item, and may be kickbacks, shell companies, bribes to influence tailor the analysis to highlight changes and include new conducted as part of the committee’s review of decision makers, or manipulation of contracts. or unusual items. Because Regulation S-X, Rule 2-07 management’s discussion and analysis in the annual requires the independent auditor to discuss the effects and quarterly reports. The exact frequency of these One way the audit committee can help oversee the of alternative GAAP methods on the financial statements, discussions will depend on the company’s operations prevention and detection of financial statement fraud is the information presented by management should be and preferences. Finally, the audit committee should by monitoring management’s assessment of ICFR. corroborated by the independent auditor. consider reviewing off-balance-sheet transactions, or at least material ones, before they are executed. The audit committee should also have an awareness of NYSE listing standards require NYSE requirements. the US Foreign Corrupt Practices Act (FCPA) and other the audit committee to review major issues regarding NASDAQ requirements. NASDAQ requires disclosure non-US anticorruption laws that may be applicable accounting principles and the presentation of the of the audit committee’s purpose, as set out in its (e.g., the UK Bribery Act). As the SEC and Department financial statements. These include significant changes charter, of overseeing accounting and financial reporting of Justice note in the Resource Guide to the FCPA, in the company’s selection or application of accounting processes of the company and audits of the financial anticorruption compliance “begins with the board of principles, the adequacy of internal controls, and statements. See the audit committee charter section directors and senior executives setting the proper tone any special audit steps adopted in response to what of this guide for details. for the rest of the company.” To that end, the audit the NYSE terms “material control deficiencies.” These Fraud risk committee should: discussions can be held, generally with management, In conjunction with risk oversight, the audit committee during the review of the quarterly financial statements to • Understand the company’s obligations and should be satisfied that the company has programs and be filed with the SEC. responsibilities regarding anticorruption laws to policies in place to prevent and identify fraud. It should which it is subject work with management to oversee the establishment The audit committee is also required to review Determine whether the company has dedicated of appropriate antifraud controls and programs and • management’s analyses of significant issues in financial appropriate oversight, autonomy, and resources to to take the necessary steps when fraud is detected. reporting and judgments made in preparing the financial its anticorruption compliance program; depending The audit committee should also be satisfied that the statements, including the effects of alternative GAAP on the company’s size, this could involve assigning organization has implemented an appropriate ethics and methods. This discussion may also be held during the an individual who is specifically charged with compliance program and established a reporting hotline. review of the quarterly financial statements. anticorruption compliance and has a direct reporting See the ethics and code of conduct and reporting The audit committee also should review the effects line to the committee hotline procedures sections later in this guide for more of regulatory and accounting initiatives, as well as off- information. 4 Role of the audit committee • Understand specific policies and procedures in place to identify and mitigate corruption-related risks • Discuss with management specific corruption-related Tools and resources risks that have been identified, including allegations of corruption that may have been received through the The Anti-Fraud Collaboration released a report company’s monitoring and reporting mechanisms, as titled The Fraud-Resistant Organization that well as management’s plans for responding to such identifies three central themes critical to fraud risks deterrence and detection. • Monitor any actual violations, including management’s response. 2013 COSO framework. The 2013 Internal Control— Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) provides a formal structure for designing and evaluating the effectiveness of internal control. It emphasizes the role of the board—and, by delegation or regulation, the role of the audit committee—in overseeing internal control, which remains an essential aspect of effective governance. In particular, the framework highlights: • The board’s role in the control environment, including clarification of expectations for integrity and ethics, conflicts of interest, adherence to codes of conduct, and other matters • The board’s assessment of the risk that management could override internal controls and careful consideration of the possibility that management may override such controls • The establishment and maintenance of open lines of communication between management and the board and the provision of separate lines of communication, such as whistleblower hotlines. 5 Role of the audit committee Review of filings Note that SEC rules require the audit committee to recommend to the board that the audited financial Tothirds of ofcommittee audit committee meet ia meet and earnings releases statements be included in the company’s annual report iacofeece cofeece call call to dicuto dicu eai eai eleaeeleae hilehile 22% eieeie eaieai The audit