94,99 €
94,99 €
-100%
Sammeln Sie Punkte in unserem Gutscheinprogramm und kaufen Sie E-Books und Hörbücher mit bis zu 100% Rabatt.
Mehr erfahren.
Mehr erfahren.
- Herausgeber: John Wiley & Sons
- Kategorie: Fachliteratur
- Sprache: Englisch
The Audit Committee Handbook, Fifth Edition The Audit Committee Handbook, Fifth Edition guides you to: * Understand the role and responsibilities of the audit committee with a general update and reality check on auditing cycle activities * Identify the developments that impact audit committee practices and the most current techniques and strategies for committee meetings * Develop a repertoire of effective strategies to help the board of directors discharge its fiduciary responsibility to shareholders * Prepare a periodic assessment of professional development activities and an informed review of both audit processes and financial reporting processes A must-have for all audit committee members, board directors, corporate secretaries, CEOs, CFOs, and auditors involved in the accounting practices of their firms, The Audit Committee Handbook, Fifth Edition is the most authoritative work on audit committees in the marketplace.
Sie lesen das E-Book in den Legimi-Apps auf:
Seitenzahl: 633
Veröffentlichungsjahr: 2010
4,6 (18 Bewertungen)
Bewertungen werden von Nutzern von Legimi sowie anderen Partner-Webseiten vergeben.
Legimi prüft nicht, ob Rezensionen von Nutzern stammen, die den betreffenden Titel tatsächlich gekauft oder gelesen/gehört haben. Wir entfernen aber gefälschte Rezensionen.
Ähnliche
Table of Contents
Title Page
Copyright Page
Dedication
Preface
Part One - Getting Acquainted with Your Responsibilities
Chapter 1 - Corporate Accountability
APPROPRIATE ACCOUNTING SKILLS
INTERNAL CONTROL OVERSIGHT
AUDITOR OVERSIGHT
AUDIT COMMITTEE RESOURCES
TRANSACTIONAL ECONOMICS
THE NATURE AND IMPORTANCE OF CORPORATE ACCOUNTABILITY
DEVELOPMENTS IN CORPORATE ACCOUNTABILITY
CORPORATE ACCOUNTABILITY AND THE AUDIT COMMITTEE
CONCLUSION
SOURCES AND SUGGESTED READINGS
Chapter 2 - Audit Committees
ORGANIZATION OF THE AUDIT COMMITTEE
THE AUDIT COMMITTEE FUNCTIONS
THE EXTERNAL AND INTERNAL AUDITING PROCESS
SOURCES AND SUGGESTED READINGS
Chapter 3 - The External Users of Financial Reporting Information
INTRODUCTION
THE INVESTORS
CREDIT GRANTORS
REGULATORY AGENCIES
OTHER OUTSIDE CONSTITUENCIES
IMPORTANT DEVELOPMENTS IN BUSINESS REPORTING AND ASSURANCE SERVICES
BENCHMARKING
SOURCES AND SUGGESTED READINGS
Chapter 4 - The Legal Environment of the Audit Committee
GENERAL LEGAL RESPONSIBILITIES
OTHER FEDERAL PROVISIONS RELATED TO FRAUD
LESSONS FOR THE AUDIT COMMITTEE FROM LITIGATION
GUIDELINES FOR MINIMIZING LEGAL LIABILITY
SOURCES AND SUGGESTED READINGS
Chapter 5 - Rules of the Road
AN OVERVIEW OF U.S. GENERALLY ACCEPTED AUDITING STANDARDS
AN ANALYSIS OF THE AUDITING STANDARDS
INTEGRATION OF AUDITING AND RELATED ACCOUNTING STANDARDS
ATTESTATION ENGAGEMENTS
INTERNATIONAL AUDITING STANDARDS
SOURCES AND SUGGESTED READINGS
Part Two - The Planning Function of the Audit Committee
Chapter 6 - Planning the External Audit
FINANCIAL STATEMENT ASSERTIONS
THE RELATIONSHIP BETWEEN RISK AND THE EXTERNAL AUDIT
THE ENGAGEMENT TEAM
TYPES OF AUDIT TESTS
EVALUATING THE EXTERNAL AUDIT PLAN
SOURCES AND SUGGESTED READINGS
Appendix 6A - Qualitative Factors That May Influence the Determination of Materiality
Appendix 6B - Example Audit Planning Schedule
Chapter 7 - Planning the Internal Audit
COMPONENTS OF THE INTERNAL AUDIT PLAN
ENTERPRISE RISK MANAGEMENT
OVERSIGHT AND REPORTING
SOURCES AND SUGGESTED READINGS
Part Three - The Monitoring and Reviewing Functions of the Audit Committee
Chapter 8 - Monitoring the System of Internal Control
DEFINITION AND BASIC CONCEPTS
RESPONSIBILITY FOR THE SYSTEM OF INTERNAL CONTROL
REPORTING REQUIREMENTS
AUDIT COMMITTEE EXPECTATIONS
SOURCES AND SUGGESTED READINGS
Chapter 9 - Evaluating the Internal and External Audit Function
SELECTING AND STAFFING AN INTERNAL AUDIT FUNCTION
MONITORING THE INTERNAL AUDIT FUNCTION
SELECTING AND EVALUATING AN EXTERNAL AUDITOR
REPORTING BY THE EXTERNAL AUDITOR
SOURCES AND SUGGESTED READINGS
Chapter 10 - Communications between Auditors and Audit Committees
AUDIT COMMITTEE’S REVIEW OBJECTIVE
ACCOUNTING POLICY DISCLOSURES
GUIDELINES FOR REVIEWING ACCOUNTING POLICY DISCLOSURES
SOURCES AND SUGGESTED READINGS
Chapter 11 - A Perspective on Fraud and the Auditor
MEANING OF FRAUD IN A FINANCIAL STATEMENT AUDIT
THE EXTERNAL AUDITOR’S RESPONSIBILITY
THE INTERNAL AUDITOR’S RESPONSIBILITY
INVESTIGATING KNOWN FRAUD
THE AUDIT COMMITTEE’S OVERSIGHT APPROACH TO FRAUD RISK ASSESSMENT
SOURCES AND SUGGESTED READINGS
Chapter 12 - The Audit Committee, Corporate Culture, and Tone at the Top
QUESTIONABLE FOREIGN PAYMENTS
CORPORATE PERQUISITES AND EXECUTIVE COMPENSATION
EXECUTIVE COMPENSATION
CORPORATE CONTRIBUTIONS
CONCLUSION
SOURCES AND SUGGESTED READINGS
Part Four - The Reporting Function and the Audit Committee
Chapter 13 - Independent Auditors’ Reports
THE AUDITORS’ REPORTS ON AUDITED FINANCIAL STATEMENTS
OTHER AUDITING OPINIONS
OTHER REPORTS OF THE AUDITORS
SOURCES AND SUGGESTED READINGS
Chapter 14 - The Audit Committee’s Report and Concluding Observations
PURPOSE OF THE AUDIT COMMITTEE’S REPORT
GUIDELINES FOR PREPARING THE REPORT
CONCLUDING OBSERVATIONS
SOURCES AND SUGGESTED READINGS
Appendix - Professional Accounting Associations, Business Organizations, ...
About the Authors
Index
Copyright © 2010 by John Wiley & Sons, Inc. All rights reserved.
Published by John Wiley & Sons, Inc., Hoboken, New Jersey. Published simultaneously in Canada.
No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646- 8600, or on the Web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online atwww.wiley.com/go/permissions.
Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.
For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.
Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books. For more information about Wiley products, visit our Web site at www.wiley.com.
Library of Congress Cataloging-in-Publication Data
Braiotta, Louis,
The audit committee handbook / Louis Braiotta, Trent Gazzaway.—5th ed.
p. cm.
Includes index.
eISBN : 978-0-470-61607-9
HF5667.15.B7 2010
658.15—dc22
2009046293
Dedicated to the men and women who, through their audit committee service, selflessly devote their time and energy to the preservation of the public trust and the advancement of the organizations they serve.
Preface
What differentiates world-class audit committee members from caretakers? The answer is dedication and preparation. That fact has been true for as long as audit committees have existed, but the degree of separation between the two camps has never been greater. Business moves faster and financial reporting is more complicated than at any point in history—and the future promises more of the same. How are audit committee members to be adequately prepared to fulfill their obligations to stakeholders?
An audit committee’s primary job is to oversee the financial reporting processes of the organization it serves (public or private, for-profit or not-for-profit). The audit committee also frequently assumes some level of oversight responsibility for enterprise risk management and treasury functions, but its raison d’être is centered on the organization’s need for independent checks and balances over financial reporting.
Audit Analytics reports that financial statement restatements for U.S. public companies totaled 616 in 2000. The number rose to a staggering 1,800 in 2006, before falling to a total of 869 in 2008.1 Even with the recent decline, 2008 still saw approximately 6 percent of public companies restating their financial statements (sometimes more than once). If an average company experienced a 6 percent failure rate in the quality of its primary product, we would be concerned for that company’s future. We should be equally concerned about the quality of financial reporting. That quality affects the trust investors and creditors place in the financial statements and the price they are willing to pay for a share of stock. Thus, the quality of financial reporting has a direct impact on the cost of capital.
The good news is that the tide is turning. Management, internal audit, external audit, and audit committees have made great strides in recent years in improving the quality of financial reporting. The Sarbanes-Oxley Act of 2002, for all of its initial pain, has helped to refocus attention on financial reporting and to provide audit committees with some of the resources they need to perform their oversight duties. Greater efficiencies need to be built into the oversight process—especially the internal control evaluation process—but the tools needed to do so are now available. The Securities and Exchange Commission (SEC) and the Committee of Sponsoring Organizations (COSO) have provided guidance for companies that is designed to help them more efficiently and effectively evaluate internal control effectiveness. In addition, the Public Company Accounting Oversight Board (PCAOB) has revised its related U.S. auditing standards, and both the PCAOB and the Center for Audit Quality (CAQ) have developed guidance to help auditors of smaller public companies better audit internal control over financial reporting.
All of this brings us back to the book you hold in your hands right now. Audit committee members need a comprehensive yet practical guide to help them execute their duties. The Audit Committee Handbook, now in its fifth edition, is that guide. In these pages you will find everything from the history of how we got here to practical recommendations regarding things to look for as you work to oversee internal and external auditors.
One of our primary goals in editing this edition is to leave you with a flavor for the dynamics of the role of the audit committee, yet provide you with practical recommendations and tools you can use in the boardroom. Along those lines, Chapters 1 through 5—which focus on the history and current state of the audit committee role—are designed to provide the context for today’s audit committee member role. Chapters 6 through 10 have been completely re-written with a how-to focus on areas critical to effective audit committees—the audit planning process and the oversight of internal and external audit. Chapters 11 through 14 complete the work with a focus on fraud and audit-related communications.
Effective audit committees are critical to the quality of financial reporting and the proper conduct of business. The best audit committee members see their role as one of great responsibility as well as of great honor. We hope The Audit Committee Handbook, Fifth Edition contributes in a meaningful way to the effective execution of those important duties.
R. TRENT GAZZAWAY National Managing Partner of Audit Services Grant Thornton LLP December 2009
Part One
Getting Acquainted with Your Responsibilities
Chapter 1
Corporate Accountability
Focus on the Audit Committee
Audit committee responsibilities have increased significantly in recent years because of the uncertainties arising from (1) a changing statutory, regulatory, legal, and risk environment for corporations, directors and officers; and (2) the accounting and auditing substance of audit committees’ jobs. Certain questions are sure to concern audit committee members and those considering audit committee membership. How can I tell if the company has complied with the spirit and letter of new regulations? Am I going to be second-guessed by someone outside the company for my best efforts? Will that second-guess expose me to legal liability or personal embarrassment? How can I satisfy all these new responsibilities in a few meetings a year? How can the company best comply with myriad regulations while managing costs and maintaining a business focus rather than one of compliance? The purpose of this handbook is to help form responses to such questions.
Sections 205 and 301 of the Sarbanes-Oxley Act of 2002 establish three fundamental roles for audit committees. First, they have oversight responsibility for the accounting and financial reporting processes of the company and for its financial statement audits. Second, they are responsible for appointing, compensating, and overseeing the external auditor. Third, they must establish procedures for “receipt, retention, and treatment of complaints” about accounting, internal control, or auditing matters and for “the confidential, anonymous submission by employees” regarding questionable accounting or auditing issues. In the aftermath of the various regulatory activities that were initiated by Sarbanes-Oxley, audit committees also have responsibility, as part of exchange listing requirements, for ensuring that the company has appropriate systems in place for the effective monitoring and management of risk. Unlike the first three responsibilities, this last one is not necessarily one that must be fulfilled by the audit committee itself. Rather, the intent of the stock exchange listing rules is for the audit committee to ensure that the board has adequately addressed this important issue.
In essence, the audit committee’s role is to stand objectively between management, the external auditors, and capital providers—creditors, investors, owners, or donors—to ensure that they receive complete, timely, and accurate financial information that has been subjected to the appropriate, but not excessive, level of scrutiny, both internally and by an external auditor. Audit committees accomplish this goal by focusing on five key areas:
1. Appropriate accounting skills in management
2. Internal control oversight
3. External auditor oversight
4. Adequate resources for the committee’s functions
5. Understanding the economics behind every transaction
APPROPRIATE ACCOUNTING SKILLS
The need has never been greater for organizations to hire or engage individuals who have accounting skills that are commensurate with the complexity and scope of their business. Most companies continuously accelerate their business transactions to increase their number and to extend them to new markets, whether domestically or abroad, but increasingly in foreign countries. The flow of business information coming from these innovations continues to grow in quantity and speed. Similarly, the complexity and extent of accounting and financial reporting expands to accommodate increasingly creative business transactions. Because every organization that depends on external capital must exercise diligence in accounting for and reporting its financial information, the right personnel with the right skills and the right authority must be in the right positions.
Management is responsible for making sure the company has the right people with the proper accounting and financial reporting skills, and the commitment to apply them with integrity. The audit committee’s job is to make certain that management is doing its job. Audit committees can begin to assess management’s job by understanding the accounting complexities and challenges that arise because of their company’s industry, geography, or business practices. The next step is to gain assurance about the quality and adequacy of the related knowledge and skills. For example, revenue recognition in the software industry is highly complex. A reasonable question for an audit committee in this industry is whether the company has people with the knowledge, skills, experience, training, and authority to account properly for software revenue.
Internal audit can help audit committees by continuously providing an objective assessment of the state of the necessary accounting skills. External auditors’ assessments also may be helpful to an audit committee in fulfilling its oversight responsibilities. Audit committees may find value in listing complex and high-risk financial reporting areas such as revenue recognition, cost capitalization, structured transactions like derivatives and other financial instruments measured at fair value, and accounts based on significant judgments like reserves and asset retirement obligations. Geographic issues may involve the use of international financial reporting standards (IFRS), transfer pricing, and other tax-related issues. Whatever the issues may be, once they are identified it becomes much easier to assess whether the organization has the appropriate expertise to manage them appropriately.
INTERNAL CONTROL OVERSIGHT
Just as an organization cannot produce reliable services or products without good controls over service delivery or manufacturing processes, it cannot produce consistently reliable financial statements without good internal control over financial reporting.
Management should have a basis for knowing whether its financial reporting processes are working properly. Having a general conviction without persuasive evidence is inadequate. “We have good people and have not had a problem in the past” is a phrase repeated by managements and audit committees in almost all accounting restatements, whether the restatements result from errors or fraud.
Well-run organizations establish controls to manage and mitigate risks. They also establish proper oversight and monitoring functions, because systems deteriorate over time. Internal control monitoring, and ways of determining its effectiveness, should be part of the DNA of the organization. While not every risk and control requires equal monitoring, management should do all of the following:
1. Know the financial reporting risks and have methods for prioritizing them and identifying changes over time
2. Know what controls are in place to manage and mitigate those risks that are critical to the organization’s objectives
3. Implement monitoring procedures that provide persuasive and timely assessments of the effectiveness of those controls
The audit committee’s job is to make sure that management performs these three tasks routinely and effectively. Asking the right questions of management and probing their answers for reasonableness is an effective approach to ensuring proper internal control. Here are some questions to consider:
• How does management identify and prioritize financial reporting risks?
• How often is this analysis updated for changes?
• Do the procedures and outcomes reasonably match the organization’s structure and operations?
• Does management involve the appropriate people?
• What controls are focused on the most critical aspects of the financial reporting process?
• How does management determine whether controls are working?
• Does management listen to critical viewpoints?
These are good questions for all organizations’ audit committees—public or private, for-profit or not-for-profit.
Monitoring is such an important part of internal control that the Committee of Sponsoring Organizations (COSO)—a body recognized internationally for its internal control framework—has devoted itself to monitoring an entire series of guidance, applications, and examples.2 COSO’s monitoring guidance draws on two fundamental principles of the COSO Integrated Framework for Internal Control:
1. Ongoing and/or separate evaluations enable management to determine whether the other components of internal control continue to function over time.
2. Internal control deficiencies are identified and communicated in a timely manner to those parties responsible for taking corrective action, and to management and the board as appropriate.
The monitoring guidance develops three broad elements for achieving these principles:
1. Establishing a foundation for monitoring, which includes:
• A proper tone at the top
• An effective organizational structure that assigns monitoring roles to people with appropriate capabilities, objectivity, and authority
• A starting point or “baseline” of known effective internal control from which ongoing monitoring and separate evaluations can be implemented
2. Designing and executing monitoring procedures that:
• Are focused on persuasive information
• Are about the operation of key controls
• Address meaningful risks to organizational objectives
3. Assessing and reporting results, which includes:
• Evaluating the severity of any identified deficiencies
• Reporting the monitoring results to the appropriate personnel and the board for timely action and follow-up if needed
See Chapter 8 for further discussion of internal control monitoring and COSO’s related guidance.
AUDITOR OVERSIGHT
Two aspects of the audit committee’s responsibility for oversight of the external auditor are paramount. First, the audit committee should determine whether the auditors have the capability and commitment to address properly the areas of greatest financial reporting risk. Once the audit committee has established its assessment of financial reporting risk, it needs to make certain that its auditors have the characteristics that match up well. These characteristics usually come down to whether the auditor has the following capabilities:
• Sufficient technical knowledge of accounting and the company’s industry to be able to handle the transactions inherent in the company’s business
• The capacity to handle the company’s accounting issues on a timely basis
• A service delivery model that matches well with the company’s needs
• The geographical presence to handle the company’s operations
Audit committees can get a good idea of different auditors’ capabilities through interviews and interactions with auditors during the proposal process.
The second aspect is somewhat more intangible, relating to whether the audit committee can count on the auditors to have the integrity and fortitude to be frank and honest about their assessments of organizational processes, skills, and attitudes related to financial reporting. Such strength of character is especially important if management executives have aggressive personalities or management styles. The audit committee should be confident about the auditors’ commitment to tell them the truth, the whole truth, and nothing but the truth. This confidence should extend beyond the individuals on the audit engagement to the reputation and support systems internal to the audit firm. One way to obtain specific impressions about the auditors’ capabilities and commitment to integrity is to ask them challenging, open-ended questions about the organization, its policies, the management team, internal control, accounting knowledge and skills, and then gauge the frankness of their responses. Such discussions are most effective when conducted privately with the auditors, but every audit committee should know whether their auditors are willing to tell management the hard truth just as they will tell the audit committee.
Reviewing audit plans, monitoring cost effectiveness, and evaluating the auditors’ reports are other important aspects of auditor oversight, but all such activities fall appropriately into place only if the auditors have the right people on the engagement team, the right internal support system for those people, and the integrity to stand up for what is right.
AUDIT COMMITTEE RESOURCES
To meet its oversight responsibilities, the audit committee needs adequate resources, which typically come from the knowledge, skills, and time of individual audit committee members, internal audit personnel, external auditors, and other experts engaged independently of management.
Audit committees also depend on the active support and engagement of management in fulfilling their duties. It’s not enough to have high-quality people on audit committees devoting time and energy to understanding the organization’s operations and financial reporting risk. Audit committees need the raw materials for their work, which consist of financial and other information provided far enough in advance of meetings for members’ appropriate review and development of questions or concerns.
Audit committee members may also need to observe certain operations or accounting systems, especially those related to areas of high financial reporting risk. To that end, an appropriately staffed, supervised, and autonomous internal audit function can be of great assistance to audit committees by becoming their eyes, ears, arms, and legs. As organizations grow in size or complexity, the relationship between the audit committee and the internal audit group becomes increasingly important.
Audit committees also can follow up on areas of concern raised by the external auditors. The external auditors’ independence requirements prohibit them from becoming a part of the organization’s internal control, but their observations can be the springboard for further work by internal audit, management, the audit committee or board, or other experts. Because external auditors operate on a sampling basis, they cannot test every transaction (doing so would not be practical). Accordingly, while professional standards require auditors to report problems that they find, audit committees should be aware that the auditor may not identify every problem.
Audit committees also can hire subject matter experts or other counselors where specialized skills may be required, such as in accounting for acquisitions, asset impairments, fair value measurements, intangibles, derivatives, and complex financial instruments.
TRANSACTIONAL ECONOMICS
The proper accounting for a transaction depends heavily on understanding the transaction’s economic consequences to the organization. From both a financial reporting and an economic perspective, high-risk transactions include complex derivatives, sale-leaseback agreements of assets unrelated to the organization’s core activities, and contracts or agreements in locations where the organization normally does not do business. Management is responsible for understanding and communicating the business purpose and economic outcomes of every significant transaction. The audit committee must be confident that management and those responsible for recording transactions understand the underlying economics. Management’s responses to probing questions about the business purpose, expected cash flows, and anticipated risks associated with transactions can help an audit committee gauge whether management is fulfilling its responsibilities in this area.
THE NATURE AND IMPORTANCE OF CORPORATE ACCOUNTABILITY
The Meaning of Corporate Accountability
The concept of corporate accountability may be stated in this way:
The board of directors is charged with safeguarding and advancing the interest of the stockholders, acting as their representatives in establishing corporate policies, and reviewing management’s execution of those policies. Accordingly, the directors have a fiduciary responsibility to the stockholders. They have an obligation to inform themselves about the company’s affairs and to act diligently and capably in fulfilling their responsibilities.3
The Business Roundtable has described corporate accountability as follows:
The board of directors is ultimately accountable to the shareholders for the long-term successful economic performance of the corporation consistent with its underlying public purpose. Directors are held accountable for their performance in a variety of ways.
First, there is the powerful accountability imposed by markets. The impact of consumer dissatisfaction with products and services is quick and visible. Financial markets also quickly reflect their evaluation of the quality of accountability through the price of equity and debt.
Accountability is also imposed through the numerous statutes and regulations enacted by governmental bodies to limit and control corporate action. Directors are held accountable to regulatory mechanisms.
There is also a body of law—part statutory, part court-made—which defines the duties of directors and the principles and boundaries within which they must keep their decisions. If they overstep, their decisions are subject to reversal by the courts. Directors can also be held personally liable, without limitation, to the extent of their personal assets if they violate their duty of loyalty to the corporation.
A final form of board accountability comes through the election of directors by the shareholders at the corporation’s annual meeting. Annual meetings may also include shareholder resolutions which are a form of governance by referendum.
Each of these forms of accountability is dynamic, not static. The developing specifics of each form of accountability must be judged as to its overall potential to contribute to the successful long-term performance of the corporation. Each specific new item of accountability carries with it the potential for harm as well as good.3
More recently, the Business Roundtable has restated its guiding principles of corporate governance:
First, the paramount duty of the board of directors of a public corporation is to select a chief executive officer and to oversee the CEO and other senior management in the competent and ethical operation of the corporation on a day-to-day basis.
Second, it is the responsibility of management to operate the corporation in an effective and ethical manner in order to produce value for stockholders. Senior management is expected to know how the corporation earns its income and what risks the corporation is undertaking in the course of carrying out its business.
Management should never put personal interests ahead of or in conflict with the interests of the corporation.
Third, it is the responsibility of management, under the oversight of the board and its audit committee, to produce financial statements that fairly present the financial condition and results of operations of the corporation, and to make the timely disclosures investors need to permit them to assess the financial and business soundness and risks of the corporation.
Fourth, it is the responsibility of the board and its audit committee to engage an independent accounting firm to audit the financial statements prepared by management and to issue an opinion on those statements based on Generally Accepted Accounting Principles. The board, its audit committee, and management must be vigilant to ensure that no actions are taken by the corporation or its employees that compromise the independence of the outside auditor.
Fifth, it is the responsibility of the independent accounting firm to ensure that it is in fact independent, is without conflicts of interest, employs highly competent staff, and carries out its work in accordance with Generally Accepted Auditing Standards. It is also the responsibility of the independent accounting firm to inform the board, through the audit committee, of any concerns the auditor may have about the appropriateness or quality of significant accounting treatments, business transactions that affect the fair presentation of the corporation’s financial condition and results of operations, and weaknesses in internal control systems. The auditor should do so in a forthright manner and on a timely basis, whether or not management has also communicated with the board or the audit committee on these matters.
Sixth, the corporation has a responsibility to deal with its employees in a fair and equitable manner.
These responsibilities, and others, are critical to the functioning of the modern public corporation and the integrity of the public markets. No law or regulation alone can be a substitute for the voluntary adherence to these principles by corporate directors and management and by the accounting firms retained to serve American corporations.
The Business Roundtable continues to believe that the most effective way to enhance corporate governance is through conscientious and forward-looking action by a business community that focuses on generating long-term stockholder value with the highest degree of integrity.
The principles discussed here are intended to assist corporate management and boards of directors in their individual efforts to implement best practices of corporate governance, and also to serve as guideposts for the public dialogue on evolving governance standards.4
In addition to their fiduciary duties of care and loyalty, directors are expected to attend board meetings and their appropriate standing committee meetings. Directors must keep informed on the affairs of the corporation and use reasonable care and diligence in the performance of their duties. It is imperative that the directors keep abreast of the corporate developments since they are directly responsible for participating in the decisions that affect the management of the corporation. Directors may be held liable for losses sustained by the corporation as a result of their neglect.
Practically speaking, the concept of corporate accountability extends not only to the stockholders but also to the other constituencies of the board of directors, such as credit grantors and governmental agencies. The extension of corporate accountability to the other constituencies is discussed by the American Assembly. The discussion leaders focused their attention on questions central to running the corporation vis-à-vis its many constituencies. With respect to a framework for corporate accountability, the participants generally agreed that:
Boards of directors have a primary role in interpreting society’s expectations and standards for management.
The five key board functions are:
a. Appraisal of management performance and provision for management and board succession;
b. Determination of significant policies and actions with respect to present and future profitability and strategic direction of the enterprise;
c. Determination of policies and actions with a potential for significant financial, economic, and social impact;
d. Establishment of policies and procedures designed to obtain compliance with the law; and
e. Responsibility for monitoring the totality of corporate performance.
Boards should continue to be the central focus in improving the way corporations are governed.5
The subject of corporate accountability is a dynamic concept in the governance of the corporation. It is dynamic because the directors must not only assess the changing needs of their constituencies but also render a stewardship accountability based on legal pressures from their constituencies.
In a 2009 report, “Rebuilding Corporate Leadership: How Directors Can Link Long-Term Performance with Public Goals,” the Committee for Economic Development links shareholders’ prosperity to the health of society. In its view (page 2), “Directors have a legal obligation and duty to address the long-term performance of the corporation. Directors’ fiduciary duties include broader societal concerns that affirmatively affect the corporation’s performance and long-term sustainability.”
The Need for Corporate Accountability
In an effort to address the credibility gap or expectation gap that arose from the corporate accounting scandals involving Enron, WorldCom, Tyco, and others, the U.S. Congress passed the Sarbanes-Oxley Act of 2002 (Sarbanes-Oxley) on July 25 of that year, and President George W. Bush signed the bill into law on July 30, 2002.6 Sarbanes-Oxley incorporated many standards of corporate accountability into a federal statute that has changed securities laws and self-regulatory organizations’ listing standards. This legislation provides a framework that can be used to measure the performance of audit committee members, independent auditors, chief executive officers, and chief financial officers.7 As a consequence of the expansion of federal statutes into an area traditionally left more to state common law, directors of publicly held corporations likely will face more sources of lawsuits as well as an increased risk of liability. Although some qualified persons may be reluctant to accept a position on a board of directors because of a perception of heightened risk, others will appreciate that due diligence, care, and loyalty will go a long way in mitigating any possible risks.
DEVELOPMENTS IN CORPORATE ACCOUNTABILITY
During the late 1990s, unprecedented public attention was focused on the role and responsibility of audit committees in promoting corporate accountability and investor confidence in the integrity of the audit and financial reporting. Although audit committees had been recognized and accepted for more than 20 years, unexpected failures of major corporations and disclosures of questionable financial reporting practices dashed investors’ confidence in the capital marketplace. Notwithstanding, the common question asked by investors was “Where were the auditors?” Another question was “Where was the audit committee?” As a result, a number of public and private sector initiatives were undertaken in the late 1990s and in the post-Enron, post-WorldCom period in response to high-profile accounting scandals and the demise of a large accounting firm.
This timeline shown in Exhibit 1.1 provides a chronology of the important developments or studies related to audit committees (The timeline presents major developments; the reader may wish to visit the Web sites noted parenthetically for further reading.)
Public and Private Sector Initiatives
Securities and Exchange Commission In September 1998 SEC Chairman Arthur Levitt, in a keynote speech entitled “The Numbers Game,” expressed his concerns about “hocus pocus accounting.” In addition to his remarks regarding the decline in the quality of financial reporting (e.g., earnings management strategies to meet analyst and market quarterly expectations via creative acquisition accounting, premature revenue recognition, restructuring charges, “cookie jar reserves,” and materiality judgments) as well as the related decline in market capitalization, Levitt stated that with respect to audit committees:
[Q]ualified, committed, independent and tough minded audit committees represent the most reliable guardians of the public interest. Sadly, stories abound of audit committees whose members lack expertise in the basic principles of financial reporting as well as the mandate to ask probing questions.8
EXHIBIT 1.1 Important Audit Committee Developments Timeline
1998SEC chairman Arthur Levitt’s speech, “The Numbers Game” (remarks at New York University’s Center for Law and Business and the SEC’s Nine-Point Action Plan).1999Blue Ribbon Committee on Improving the Effectiveness of Corporate Audit Committees,Report and Recommendations of the Blue Ribbon Committee on Improving the Effectiveness of Corporate Audit Committees.Securities and Exchange Commission, Final Rules, Audit Committee Disclosure, and approval of the New York Stock Exchange, NASDAQ, and American Stock Exchange.American Institute of Certified Public Accountants’ Auditing Standards Board, Statement on Auditing Standards No. 90, “Audit Committee Communication.” Available at www.aicpa.org.National Association of Corporate Directors (NACD), Report of the NACD Blue Ribbon Commission on Audit Committees. Available at www.nacdonline.org.Committee of Sponsoring Organizations of the Treadway Commission, Fraudulent Financial Reporting: 1987-1997 An Analysis of U.S. Public Companies. Available at www.coso.org.Independence Standards BoardNo. 1 ‘‘Independence Discussion with Audit Committees.” Available at ISB- Independence Discussion with Audit Committees.2000Public Oversight Board, Panel on Audit Effectiveness (O’Malley Panel), ThePanel on Audit Effectiveness, Report and Recommendations.2001Chairman Arthur Levitt’s Letter to Audit Committees, Public Oversight Board, Final Annual Report (May 1, 2002, the POB terminated its existence; visit the POB Web site, www.publicoversightboard.org.2002The Business Roundtable, Principles of Corporate Governance.NYSE Corporate Accountability and Listing Standards Committee, Report on Proposed Changes to the Corporate Governance Listing Standards.NASDAQ Listing and Hearing Review Council, Letter of recommendations proposing corporate governance reforms. Available at www.nasdaq.com/newsroom.Sarbanes-Oxley Act of 2002. Available at www.sec.gov.Public Company Accounting Oversight Board. Available at www.pcaobus.org.2003Implementation of the sections of the Sarbanes-Oxley Act of 2002 through amendments to Sec. 10A of the Securities Exchange of 1934.2004PCAOB Standard No. 2, Integrated Audits of Financial Statements and Internal Control over Financial Reporting. Available at www.pcaobus.org.2006COSO, Internal Control over Financial Reporting—Guidance for Smaller Public Companies. Available at www.coso.org/guidance.htm.The Committee for Economic Development, Private Enterprise, Public Trust: The State of Corporate America After Sarbanes-Oxley. Available at www.ced.org.2007PCAOB Standard No. 5 replaces Standard No. 2 on Integrated Audits of Financial Statements and Internal Control over Financial Reporting. Available at www.pcaobus.org.The Committee for Economic Development, Built to Last: Focusing Corporations on Long-Term Performance. Available at www.ced.org.2008SEC, Report of the Advisory Committee on Improvements to Financial Reporting. Available at www.sec.gov.U.S. Treasury, Report of the Advisory Committee on the Auditing Profession. Available at www.treas.gov.2009PCAOB Staff View, An Audit of Internal Control over Financial Reporting That Is Integrated with An Audit of Financial Statements: Guidance for Auditors of Smaller Public Companies. Available at www.pcaobus.org.Center for Audit Quality, Lessons Learned—Performing an Audit of Internal Control in an Integrated Audit. Available at www.thecaq.org/resources/library.htm.COSO, Internal Control—Integrated Framework: Guidance on Monitoring Internal Control Systems. Available at www.coso.org/guidance.htm.The Committee for Economic Development, Rebuilding Corporate Leadership: How Directors Can Link Long-Term Performance with Public Goals. Available at www.ced.org.
Recognizing the problem with respect to the decline in the integrity and credibility of financial reporting, Levitt set forth the SEC’s nine-point action plan (see Exhibit 1.2), which included, in point eight, an action item to strengthen the audit committee process. Subsequently the SEC, the New York Stock Exchange (NYSE), and the National Association of Securities Dealers9 agreed that both self-regulatory organizations would sponsor a Blue Ribbon Committee (BRC) called Improving the Effectiveness of Corporate Audit Committees. In September 1998, the BRC was formed. It issued its final report and recommendations in February 1999. The BRC’s primary goal was to produce a report “geared toward effecting pragmatic, progressive changes in the functions and expectations placed on corporate boards, audit committees, senior and financial management, the internal audit, and the outside auditors regarding financial reporting and the oversight process.”10 Furthermore, the BRC noted that its final recommendations were based on two essentials: “First, an audit committee, with actual practice and overall performance that reflects the professionalism embodied by the full board of which it is a part, and second, a legal, regulatory, and self-regulating framework that emphasizes disclosure and transparency and accountability.”11 (See Exhibit 1.3 for a summary of the BRC’s recommendations.)
EXHIBIT 1.2 Summary of the Securities and Exchange’s Nine-Point Action Plan
Source: See remarks by Chairman Arthur Levitt, Securities and Exchange Commission, “The Numbers Game,” New York: NYU Center for Law and Business, September 28, 1998, www.sec.gov/news/speech/speecharchive/1998/spch220.txt..
EXHIBIT 1.3 Summary of Recommendations of the Blue Ribbon Committee on Improving the Effectiveness of Corporate Audit Committees
Source: Blue Ribbon Committee on Improving the Effectiveness of Corporate Audit Committees, Report and Recommendations of the Blue Ribbon Committee on Improving the Effectiveness of Corporate Audit Committees (New York: The Blue Ribbon Committee on Improving the Effectiveness of Corporate Audit Committees, 1999), pp. 10-16.
Between February and December 1999, boards of directors and audit committee members studied the BRC’s recommendations and reevaluated the responsibilities of their audit committees.12 Additionally, the SEC and self-regulatory organizations (SROs) issued proposed rules and changes to the SROs’ listing standards. Finally, in December 1999, the SEC, the SROs, and the AICPA’s Auditing Standards Board adopted new rules, listing standards, and auditing standards for improving the effectiveness of audit committees. Exhibit 1.4 contains a flow chart that delineates the items to meet the new SEC disclosure rules, the SROs’ listing standards, and professional auditing standards.
In January 1999, the Public Oversight Board agreed to sponsor the Panel on Audit Effectiveness. The major objective of the panel was to review and evaluate ways to improve independent audits in the financial reporting process and to assess the impact of recent trends on the public interest. In August 2000, the panel issued its report and recommendations. With respect to audit committees, the panel made these recommendations:
2.88 The Panel recommends that audit committees increase the time and attention they devote to discussions of internal control with management and both the internal and external auditors. Specifically, audit committees should:
• Obtain a written report from management on the effectiveness of internal control over financial reporting (ordinarily using the criteria in the 1992 report of the Committee of Sponsoring Organizations of the Treadway Commission [COSO]). Annual reporting by management on internal control to the audit committee is necessary for the effective discharge of the audit committee’s responsibilities and will serve as a catalyst for its more substantive involvement in the area of internal control and a more meaningful dialogue with the internal and external auditors about controls. It also should provide a basis for discussions about the degree of
EXHIBIT 1.4 The New Requirements and Disclosure Rules for Audit Committees: A Flow Chart
Source: This flow chart, prepared by Louis Braiotta, Jr., is included and adopted from an article by Robert W. Rouse and Mark R. Borrelli, “Audit Committees in an Era of Increased Scrutiny,” CPA Journal 70, no. 6 (June 2000): 30-31. Copyright © 2000 by the New York State Society of Certified Public Accountants, 530 Fifth Avenue, New York, NY 10036-5101. All rights reserved.
the external auditor’s involvement with internal control during the financial statement audit.• Establish specific expectations with management and the internal and external auditors about the qualitative information needs of the committee related to internal control. Particular emphasis should be given to understanding management’s and the auditors’ views on (1) the control environment and (2) the controls (or lack thereof) over financial reporting, with particular attention to controls in higher-risk areas of the company’s information systems. In addition, these discussions should include the effects of technology on current and future information systems [pp. 32-33].
2.164 The Panel recommends that audit committees evaluate the nature of entities’ reserves and review activity in them with both management and the auditors [p. 55].
2.219 The Panel recommends that audit committees:
• Specify in their charters and reflect in their actions, as recommended by the Blue Ribbon Committee, “that the outside auditor is ultimately accountable to the board of directors and the audit committee, as representatives of the shareholders, and that these shareholder representatives have the ultimate authority and responsibility to select, evaluate, and where appropriate, replace the outside auditors (or to nominate the outside auditors to be proposed for shareholder approval in any proxy statement).”
• Develop a formal calendar of activities related to those areas of responsibility prescribed in the committee charter, including a meeting plan that is reviewed and agreed to by the entire board. The meeting plan should include communications between the committee chair or full committee and the auditor before the release of interim or year-end financial data. In addition, the Panel recommends a minimum of two face-to-face meetings during the year with the external auditor and at least one executive session with the internal and external auditors without management’s presence.
• Take charge of their agenda and ensure, in particular, that it focuses on, among other matters, risks directly affecting the financial statements, key controls, interim financial information, policies and practices for management’s communications with analysts, and the qualitative aspects of financial reporting.
• Inquire about time pressures on the auditor, including pressures on the timing of audit procedures; the degree of management’s cooperation with the auditor; and their potential effects on audit effectiveness.
• Review the internal and external auditors’ performance on an annual basis; exercise responsibility, as the external auditor’s primary client, to assess the auditor’s responsiveness to the committee’s and board of directors’ expectations; and be satisfied that the auditor is appropriately compensated for performing a thorough audit.
• Require the auditor and management to advise the committee of the entity’s plans to hire any of the audit firm’s personnel into high-level positions, and the actions, if any, that the auditor and management intend to take to ensure that the auditor maintains independence [pp. 68-69].
3.54 The Panel recommends that audit committees:
• Request management to report on the control environment within the entity and how that environment and the entity’s policies and procedures (including management’s monitoring activities) serve to prevent and detect financial statement fraud. Such reporting should acknowledge, in explicit terms, that fraud prevention and detection are primarily the responsibility of management. It also should help audit committees assess the strength of management’s commitment to a culture of intolerance for improper conduct. Furthermore, audit committees should seek the views of auditors on their assessment of the risks of financial statement fraud and their understanding of the controls designed to mitigate such risks.
• Accept responsibility for ascertaining that the auditors receive the necessary cooperation from management to carry out their duties in accordance with the strengthened auditing standards to be developed by the ASB [Accounting Standards Board] [p. 94].
5.30 The Panel recommends that audit committees pre-approve non-audit services that exceed a threshold determined by the committee. This recommendation is consistent with the recommendations of the Blue Ribbon Committee on Improving the Effectiveness of Corporate Audit Committees regarding auditors’ services. The threshold should be at a level that ensures that significant services are pre-approved, but not so low that the committee assumes a management function.
When audit committees determine whether to approve specific non-audit services, the Panel recommends that they consider the same guiding principle and the factors suggested above for use by the ISB. [p. 117]13
In addition to the panel’s recommendations, Arthur Levitt issued a letter to the chairmen of audit committees of the top 5,000 corporations. The letter is shown in Exhibit 1.5.
In May 2002, the Business Roundtable issued a white paper, Principles of Corporate Governance, explaining how boards of directors perform their oversight function through the audit committee. The Business Roundtable provides these guidelines:
• Every publicly owned corporation should have an audit committee comprised solely of independent directors.
• Audit committees typically consist of three to five members. The listing standards of the major securities markets require audit committees and require that an audit committee have at least three members and that all members of the audit committee qualify as independent under the applicable listing standards, subject to limited exceptions.
• Audit committee members should meet minimum financial literacy standards, and at least one of the committee members should have accounting or financial management expertise, as required by the listing standards of the major securities markets. However, more important than financial expertise is the ability of audit committee members, as with all directors, to understand the corporation’s business and risk profile and to apply their business experience
EXHIBIT 1.5 Chairman Arthur Levitt’s Letter to Audit Committees
Source:www.sec.gov/news/digest/2001/dig010501.pdf.
and judgment to the issues for which the committee is responsible with an independent and critical eye.• The audit committee is responsible for oversight of the corporation’s financial reporting process. The primary functions of the audit committee are the following:
• Risk profile. The audit committee should understand the corporation’s risk profile and oversee the corporation’s risk assessment and management practices.
• Outside auditor. The audit committee is responsible for supervising the corporation’s relationship with its outside auditor, including recommending to the full board the firm to be engaged as the outside auditor, evaluating the auditor’s performance, and considering whether it would be appropriate to rotate senior audit personnel or for the corporation periodically to change its outside auditor. The selection of an outside auditor should involve an annual due diligence process in which the audit committee reviews the qualifications, work product, independence, and reputation of the proposed outside auditor. The audit committee should base its decisions about selecting and possibly changing the outside auditor on its assessment of what is likely to lead to more effective audits. Based on its due diligence, the audit committee should make an annual recommendation to the full board about the selection of the outside auditor.
• Auditor independence. The audit committee should consider the independence of the outside auditor and should develop policies concerning the provision of non-audit services by the outside auditor. The provision of some types of audit-related and consulting services by the outside auditor may not be inconsistent with independence or the attestation function. In considering whether the outside auditor should provide certain types of non-audit services, the audit committee should consider the degree of review and oversight that may be appropriate for new and existing services. When making independence judgments, the audit committee should consider the nature and dollar amount of all services provided by the outside auditor.
• Critical accounting policies, judgments, and estimates. The audit committee should review and discuss with management and the outside auditor the corporation’s critical accounting policies and the quality of accounting judgments and estimates made by management.
• Internal controls. The audit committee should understand and be familiar with the corporation’s system of internal controls and on a periodic basis should review with both internal and outside auditors the adequacy of this system.
• Compliance. Unless the full board or another committee does so, the audit committee should review the corporation’s procedures addressing compliance with the law and important corporate policies, including the corporation’s code of ethics or code of conduct.
• Financial statements. The audit committee should review and discuss the corporation’s annual financial statements with management and the outside auditor and, based on these discussions, recommend that the board approve the financial statements for publication and filing. Most audit committees also find it advisable to implement processes for the committee or its designee to review the corporation’s quarterly financial statements prior to release.
• Internal audit function. The audit committee should oversee the corporation’s internal audit function, including review of reports submitted by the internal audit staff, and should review the appointment and replacement of the senior internal auditing executive.
• Communication. The audit committee should provide a channel of communication to the board for the outside auditor and internal auditors and may also meet with and receive reports from finance officers, compliance officers, and the general counsel.
• Hiring auditor personnel. Under audit committee supervision, some corporations have implemented “revolving door” policies covering the hiring of auditor personnel. For example, these policies may impose “cooling off” periods prohibiting the corporation from employing members of the audit engagement team in senior financial management positions for some period of time after their work as auditors for the corporation. The audit committee should consider whether to adopt such a policy. Any policy on the hiring of auditor personnel should be flexible enough to allow exceptions, but only when specifically approved by the audit committee.
• Audit committee meetings should be held frequently enough to allow the committee to appropriately monitor the annual and quarterly financial reports. For many corporations, this means four or more meetings a year. Meetings should be scheduled with enough time to permit and encourage active discussions with management and the internal and outside auditors. The audit committee should meet with the internal and outside auditors, without management present, at every meeting and communicate with them between meetings as necessary. Some audit committees may decide that specific functions, such as quarterly review meetings with the outside auditor or management, can be delegated to the audit committee chairman or other members of the audit committee.14
In addition to the Business Roundtable’s Principles of Corporate Governance, both the NYSE and NASDAQ proposed new changes to their corporate governance listing standards. The NYSE’s rule changes are:
6. Add to the “independence” requirement for audit committee membership the requirements of Rule 10A-3(b)(1) under the Exchange Act, subject to the exemptions provided for in Rule 10A-3(c).
Commentary Applicable to All Companies: While it is not the audit committee’s responsibility to certify the company’s financial statements or to guarantee the auditor’s report, the committee stands at the crucial intersection of management, independent auditors, internal auditors and the board of directors. The Exchange supports additional directors’ fees to compensate audit committee members for the significant time and effort they expend to fulfill their duties as audit committee members, but does not believe that any member of the audit committee should receive any compensation other than such director’s fees from the company. If a director satisfies the definition of “independent director” set out in Section 303A(2), then his or her receipt of a pension or other form of deferred compensation from the company for prior service (provided such compensation is not contingent in any way on continued service) will not preclude him or her from satisfying the requirement that director’s fees are the only form of compensation he or she receives from the company.
An audit committee member may receive his or her fee in cash and/or company stock or options or other in-kind consideration ordinarily available to directors, as well as all of the regular benefits that other directors receive. Because of the significantly greater commitment of audit committee members, they may receive reasonable compensation greater than that paid to the other directors (as may other directors for other committee work). Disallowed compensation for an audit committee member includes fees paid directly or indirectly for services as a consultant or a legal or financial advisor, regardless of the amount. Disallowed compensation also includes compensation paid to such a director’s firm for such consulting or advisory services even if the director is not the actual service provider. Disallowed compensation is not intended to include ordinary compensation paid in another customer or supplier or business relationship that the board has already determined to be immaterial for purposes of its basic director independence analysis. To avoid any confusion, note that this requirement pertains only to audit committee qualification and not to the independence determinations that the board must make for other directors.
Commentary Applicable to All Companies Other than Foreign Private Issuers: Each member of the committee must be financially literate, as such qualification is interpreted by the company’s board in its business judgment, or must become financially literate within a reasonable period of time after his or her appointment to the audit committee. In addition, at least one member of the audit committee must have accounting or related financial management expertise, as the company’s board interprets such qualification in its business judgment. A board may presume that a person who satisfies the definition of audit committee financial expert set out in Item 401(e) of Regulation S-K has accounting or related financial management expertise.
Because of the audit committee’s demanding role and responsibilities, and the time commitment attendant to committee membership, each prospective audit committee member should evaluate carefully the existing demands on his or her time before accepting this important assignment. Additionally, if an audit committee member simultaneously serves on the audit committee of more than three public companies, and the listed company does not limit the number of audit committees on which its audit committee members serve, then in each case, the board must determine that such simultaneous service would not impair the ability of such member to effectively serve on the listed company’s audit committee and disclose such determination in the annual proxy statement or, if the company does not file an annual proxy statement, in the company’s annual report on Form 10-K filed with the SEC.
7.
a. Each company is required to have a minimum three person audit committee composed entirely of independent directors that meet the requirements of Section 303A(6).
b. The audit committee must have a written charter that addresses:
(i) the committee’s purpose—which, at minimum, must be to:
a. assist board oversight of (1) the integrity of the company’s financial statements, (2) the company’s compliance with legal and regulatory requirements, (3) the independent auditor’s qualifications and independence, and (4) the performance of the company’s internal audit function and independent auditors; and
b. prepare the report required by the SEC’s proxy rules to be included in the company’s annual proxy statement, or, if the company does not file a proxy statement, in the company’s annual report filed on Form 10-K with the SEC;
(ii) the duties and responsibilities of the audit committee set out in Section 303A (7)(c) and (d); and
(iii) an annual performance evaluation of the audit committee.
c. As required by Rule 10A-3(b)(2), (3), (4) and (5) of the Securities Exchange Act of 1934, and subject to the exemptions provided for in Rule 10A-3(c), the audit committee must:
(i) directly appoint, retain, compensate, evaluate and terminate the company’s independent auditors;
Commentary: In connection with this requirement, the audit committee must have the sole authority to approve all audit engagement fees and terms, as well as all significant non-audit engagements with the independent auditors. In addition, the independent auditor must report directly to the audit committee. This requirement does not preclude the committee from obtaining the input of management, but these responsibilities may not be delegated to management. The audit committee must be directly responsible for oversight of the independent auditors, including resolution of disagreements between management and the independent auditor and preapproval of all non-audit services.
(ii) establish procedures for the receipt, retention and treatment of complaints from listed company employees on accounting, internal accounting controls or auditing matters, as well as for confidential, anonymous submissions by listed company employees of concerns regarding questionable accounting or auditing matters;
(iii) obtain advice and assistance from outside legal, accounting or other advisors as the audit committee deems necessary to carry out its duties; and
Commentary: In the course of fulfilling its duties, the audit committee may wish to consult with independent counsel and other advisors. The audit committee must be empowered to retain and compensate these advisors without seeking board approval.
(iv) receive appropriate funding, as determined by the audit committee, from the listed company for payment of compensation to the outside legal, accounting or other advisors employed by the audit committee.
d. In addition to the duties set out in Section 303(A)(7)(c), the duties of the audit committee must be, at a minimum, to:
(i) at least annually, obtain and review a report by the independent auditor describing: the firm’s internal quality-control procedures; any material issues raised by the most recent internal quality-control review, or peer review, of the firm, or by any inquiry or investigation by governmental or professional authorities, within the preceding five years, respecting one or more independent audits carried out by the firm, and any steps taken to deal with any such issues; and (to assess the auditor’s independence) all relationships between the independent auditor and the company;
Commentary: After reviewing the foregoing report and the independent auditor’s work throughout the year, the audit committee will be in a position to evaluate the auditor’s qualifications, performance and independence. This evaluation should include the review and evaluation of the lead partner of the independent auditor. In making its evaluation, the audit committee should take into account the opinions of management and the company’s internal auditors (or other personnel responsible for the internal audit function). In addition to assuring the regular rotation of the lead audit partner as required by law, the audit committee should further consider whether, in order to assure continuing auditor independence, there should be regular rotation of the audit firm itself. The audit committee should present its conclusions with respect to the independent auditor to the full board.
(ii) discuss the annual audited financial statements and quarterly financial statements with management and the independent auditor, including the company’s disclosures under “Management’s Discussion and Analysis of Financial Condition and Results of Operations”;
(iii) discuss earnings press releases, as well as financial information and earnings guidance provided to analysts and rating agencies;
Commentary: The audit committee’s responsibility to discuss earnings releases as well as financial information and earnings guidance may be done generally (i.e., discussion of the types of information to be disclosed and the type of presentation to be made). The audit committee need not discuss in advance each earnings release or each instance in which a company may provide earnings guidance.
(iv) discuss policies with respect to risk assessment and risk management;
Commentary: While it is the job of the CEO and senior management to assess and manage the company’s exposure to risk, the audit committee must discuss guidelines and policies to govern the process by which this is handled. The audit committee should discuss the company’s major financial risk exposures and the steps management has taken to monitor and control such exposures. The audit committee is not required to be the sole body responsible for risk assessment and management, but, as stated above, the committee must discuss guidelines and policies to govern the process by which risk assessment and management is undertaken. Many companies, particularly financial companies, manage and assess their risk through mechanisms other than the audit committee. The processes these companies have in place should be reviewed in a general manner by the audit committee, but they need not be replaced by the audit committee.
(v) meet separately, periodically, with management, with internal auditors (or other personnel responsible for the internal audit function) and with independent auditors;
Commentary: To perform its oversight functions most effectively, the audit committee must have the benefit of separate sessions with management, the independent auditors and those responsible for the internal audit function. As noted herein, all listed companies must have an internal audit function. These separate sessions may be more productive than joint sessions in surfacing issues warranting committee attention.
