The collapse of firms such as London Capital & Finance (UK), Wirecard (Germany), or 1MDB (Malaysia) has placed the spotlight on the critical role of auditors to avert similar corporate governance failings, often as a result of fraudulent accounting or the lack of internal financial controls.
The work of the board of directors and the board’s audit committee has always been important, but it has now been amplified as a result of political and regulatory attention and pressure. Given the current situation, there is merit in studying different approaches to enhance their effectiveness in organisations.
In this post, we’ll tackle the objective of audits, the responsibility of the board and audit committees, and three ways in which organisations can enhance the effectiveness of their audit committees.
What is the objective of an audit?
The International Federation of Accountants (IFAC) presents this thought as the objective of audits:
The objective of an audit is to provide investors and other stakeholders with reasonable assurance as to whether the financial statements, taken as a whole, are prepared in accordance with the applicable financial reporting framework and are free from material misstatement. Audits help directors and others responsible for oversight of a reporting entity to assess the robustness of the financial information prepared by management and obtain critical insights into an entity’s financial controls and associated risks.
In simpler terms, it is to form an independent opinion and obtain reasonable assurance that financial statements are a true and fair representation of the financial position of the business.
What are the responsibilities of the audit committee?
The board bears ultimate responsibility for the accuracy and integrity of financial reporting. However, boards often assign the following functions to its audit committee (distilled in these statements):
- the implementation of internal controls over financial reporting
- the use and adoption of acceptable accounting policies and practices
- the external audit process
Globally, some organisations have extended the core mandate, or remit, of their audit committee to cover areas such as cybersecurity, legal, and tax, etc. The audit committee can assume risk management responsibilities that are not strictly financial in nature.
While there isn’t a singular prescribed method (i.e. no one-size-fits-all approach) for defining the responsibilities of the audit committee, it is but an exercise in prudence to assess whether its members have the time and expertise to focus on the areas which fall under their purview.
Enhancing the Effectiveness of the Audit Committee
Given the immense responsibility placed on audit committees, it is important for the board, and the organisation as whole, to not only support the critical work of the committee, but to also empower it.
We explore three different areas and discuss how they might make the work of audit committees more impactful, efficient, and effective:
1.) Get The Right People
Albeit challenging at times, the composition of the members in the committee cannot be made an afterthought. Since the scope of responsibilities for audit committees have sometimes extended beyond overseeing financial reporting controls, it is important to have members with diverse skill sets, experience as well as assume specific, qualitative attributes.
Many jurisdictions require at least one person on the committee to possess advanced financial expertise. But often the role requires more than just the ability to read financial statements, the audit committee member must also possess a keen understanding of the rules and principles underlying their preparation, and why certain critical accounting principles were chosen. It would be nonetheless helpful to have more than one person with that skill set – if and when possible.
Onboarding/induction training, orientation sessions, formal training or development classes, coupled with ongoing support, or mentoring programs that serve to educate members on reporting or auditing issues, trends, and best practices should be made available as well.
Further, Timothy Copnell, Founding Chairman of KPMG’s UK Audit Committee Institute states that apart from diversity of skill sets and experience, audit committee members should be “independent of mind.” He says:
“Independence is a cornerstone of the committee’s effectiveness, particularly when overseeing significant judgements and estimates. Audit committee members must be adept at communicating with management and the auditors and be ready to challenge and ask probing questions about the company’s risk management and control systems, accounting and corporate reporting. Members must be able, both in theory and in practice, to express views to the board that are different to those of the CEO or CFO and be confident that they will not suffer.”
Therefore the appointment of audit committee members should also involve a conversation with the board on character, integrity, and strong, independent thinking.
2.) Adopt Technology
The COVID-19 pandemic has drastically changed the way boards (and their committees, for that matter) do business. Members are working remotely and the ongoing need to execute governance duties persists. Alternative ways of conducting board work therefore need to be considered. The adoption of board management software, also called board portals, can make sense for your board and audit committee.
A board portal is a centralised, online hub designed for the administration and management of all materials and workflows relevant to committee or board meetings.
By utilising the platform, board and audit committee workflows don’t have to be paper-based. With a few clicks, digital agendas and board packs can be prepared. Files can be shared, or updated, immediately. The committee can rely on up-to-date information that’s accessible from any web-enabled device.
The use of a board portal for audit committee members ensures:
It provides a secure platform for hosting all audit-related files. With built-in file versioning capabilities, the files uploaded to the application should serve as the “single source of truth” and streamline committee workflows with easier, convenient file management.
It eliminates the possibility that highly-confidential information (such as financial statements/reports and accompanying notes) will be compromised. This is particularly important for audit committee work given their exposure to critical and sensitive company information.
It eliminates the need for the audit committee to assume the risks associated with the use of email (e.g. unintended recipients, malware, etc.) for correspondence. Most board portals have collaboration features to support secure board-related communications.
Access and permission settings for files can be customised so that they are made available only to the right groups or individuals.
Integrity of Information
It allows for the archiving of committee-related documents, instantly making them read-only or tamper proof.
It supports compliance efforts by producing permanent records (and a document trail) that both auditors and regulators can reference or revert to.
- It allows committee members to assign tasks to fellow members. This provides a snapshot of committee activities in one glance.
It ensures transparency with respect to how the audit committee discharges its duties.
Note that meaningful audit committee reporting circles back to the strength of the committee’s agenda and discussions, all of which board management software facilitates.
3.) Open Up Communication Channels
Lastly, effective communication flows to and from the audit committee are of paramount importance. It is important to remember that audit committee oversight is only as effective as the information available to them. The committee typically requires ease-of-access, unobstructed communication channels between management, audit teams (internal and external), finance team and leadership, as well as the board.
For example, the audit committee relies on:
- Management updates on the business in order to focus on the risks, challenges, and opportunities present.
- Access to the CFO and finance teams.
- Concise and relevant meeting materials from management, the CFO, and internal and external audit teams.
- Access to auditors without management present.
Copnell also talks about the importance of the audit committee’s relationship with management and others within the organisation. He puts its this way:
“Paradoxically, the balance between strong relationships and robust oversight is at the heart of the audit committee role. A committee that fails to understand the line between oversight and management can easily find itself in a poor relationship with management; and effective oversight is difficult to achieve where management sees the audit committee as nothing more than a necessary corporate governance burden. Equally, an overly cosy relationship [with management] is unlikely to lead to effective oversight as challenging questions are all too easily avoided in such circumstances.”
In other words, the audit committee must be able to maintain strong relationships without overstepping or underplaying boundaries with management.
Setting expectations with various stakeholders regarding giving due priority to the audit committee’s needs puts everyone one on the same page, and enables the committee to discharge its duties effectively.
The three abovementioned areas are not all-encompassing solutions for enhancing effectiveness of audit committees. But they are worthy of consideration and will hopefully lead to a discussion on how the board and organisation can continue to make the work of audit committees less overwhelming, more seamless, more insightful — especially in this era of prescriptive legislation, evolving regulations, and increased scrutiny.
By empowering the audit committee, the more effective it will be in delivering value, confidence and trust to the organisation’s investors and stakeholders.