Enhancing Audit Committee Effectiveness
ECACN members said an effective audit committee is distinguished by the way it prepares to meet challenges and by the way it addresses unexpected situations as they arise. Members offered suggestions to foster relationships within the board, with management, and with the external auditor, and emphasized the importance of a free flow of information. The meeting discussion covered four broad themes:
- Audit committee responsibilities continue to evolve
Members said that audit committees continue to shoulder a heavy workload, with specific responsibilities dictated by both external and company-specific factors. For some audit committees, this has resulted in an expanded mandate. Although the audit committee may decide to provide oversight for particular risk exposures, members agreed that effective audit committees push certain tasks back to the full board from time to time, in order to remain focused on the committee’s primary role of ensuring the quality of financial controls, reporting, and disclosure.
- Audit committee effectiveness is tested during challenging situations
While members’ initial instinct was to seek “no surprises,” many ultimately concluded that committee effectiveness is most clearly exposed when problems arise, as they inevitably will. They agreed that the audit committee’s legal and fiduciary obligations, as set forth in the committee charter, set a baseline from which the audit committee should strive to reach its full potential. Most members concluded that an audit committee with a deep understanding of key issues and strong relationships with management and auditors will be best prepared to address challenging situations.
- Audit committee leadership is more an art than a science
While members agreed that there is “no one-size-fits-all” approach to chairing an audit committee, they identified several important choices made by the chair that have significant impact on committee operations, including committee composition, cross-committee membership, management participation in committee meetings and engagement with the CEO. Several members described the “delicate balance” involved in managing different members’ needs for information because, as one chair noted, “[I] don’t want to be in this boat by myself.”
- Relationships, education, and self-assessment contribute to committee effectiveness
Members offered techniques to build deeper relationships with management, ensure audit committee education, and enhance committee self-assessments. In addition, members shared a number of specific practices to increase the effectiveness of their audit committees, including CFO-ridealongs, executive sessions that bookend each audit committee meeting, and new audit committee member training provided by the external auditor.
Audit committee responsibilities continue to evolve
Ten years ago, Sarbanes-Oxley significantly expanded the formal obligations of the audit committee.2 Although the time and energy devoted to internal controls and Section 404 today is not as intense as it was during the first few years of Sarbanes-Oxley implementation, audit committees continue to shoulder a heavy workload in response to a number of key factors.
Audit committees face increasing demands because of a number of external factors:
- Investor influence is growing. In the wake of the Dodd-Frank Act and measures that the Securities and Exchange Commission (SEC) has taken to empower shareholders since the financial crisis, including increased disclosure obligations and mandatory “say-on-pay” votes on executive compensation, directors face increasing demands from investors to be more effective.3 One member observed, “We may be highly effective [as an audit committee] with respect to compliance with regulation or fulfilling our charter, but not necessarily – or at all – from the investor’s perspective.”
- International corruption risks are more acute. One audit committee chair said the audit committee had increased its focus on Foreign Corrupt Practices Act (FCPA) compliance “primarily because we felt there was a lot of opportunity for exposure there, and we wanted to drill down on it early.” Indeed, by the end of 2011, the SEC and the Department of Justice had brought 16 enforcement actions against corporations and 18 actions against individual defendants, collecting more than $500 million in corporate fines, penalties, and disgorgement through the FCPA.4 One member said, “These days we have a much higher sensitivity toward FCPA issues. Are we doing everything we need to do? Are there any gaps in our compliance regime?”
Accounting standards may be changing. The process to converge International Financial Reporting Standards (IFRS) and US Generally Accepted Accounting Principles (GAAP) could produce what one observer called, “a tsunami of accounting change.”5 The SEC recently issued its Final Report on the IFRS Work Plan, noting that the commission needs to analyze and consider whether and how to converge IFRS and US GAAP.6 Analysts do not expect a decision on this issue before 2013.7 Although the timetable and outcome are uncertain, one audit committee chair noted the burden involved in anticipating potential accounting change, “Convergence is the biggest new topic that has occurred in recent times – similar to [Sarbanes-Oxley] … If audit committees don’t spend much time on it, they are going to have to play catch-up.”
Regulators’ expectations are increasing. Myriad regulatory obligations have arisen from the implementation of the Dodd-Frank Act, which “represents the most comprehensive financial regulatory reform measures taken since the Great Depression.”8 In addition, at the state, national, and global level, tax authorities are stepping up enforcement and meticulously scrutinizing corporate tax strategies in an effort to boost revenues and combat deficits.9 The increasing expectations from a wide variety of regulatory agencies have in turn, increased the demands on management, the external auditor, and members of the audit committee.
One audit committee chair observed that the audit committee is often viewed as the “workhorse” of the board. One member said, “[It has] probably happened to all of us – where someone said, ‘I really need the audit committee to take this.’” Several members agreed that an audit committee may need to push back at times. One member said, “Tasks tend to gravitate to the audit committee unless we have a clear charter. Audit chairs are pushing some discussions back up to the full board.”
Members said the scope of the audit committee’s responsibility was often company-specific: “Depending on a company’s industry, history, where it is in the lifecycle, or problems it may have had in the past, the audit committee might need to be particularly deep into legal and regulatory issues, or specific risk areas.” They highlighted several issues that warranted increased audit committee oversight in recent years, including:
Finance and liquidity. Where a board does not have a finance committee, much of the finance and liquidity oversight function falls to the audit committee. One member said, “It is expertise driven … [and] it feels like the people that know the most about finance end up in the audit committee. The audit committee has a heavy finance input.” Members’ views varied on the value of combining audit and finance committee meetings or the committees themselves. One member said, “It’s a good idea to have these responsibilities combined. Some companies are complex enough that it’s almost impossible to get your arms around the details if there is a separate finance committee.”
Information technology (IT). One audit committee chair said, “IT failures will affect the financial statements one way or another, so should the audit committee be responsible for IT governance? Do we have the ability to understand all the nuances?”
Risk governance. Members grappled with requests that the audit committee accept responsibility for a particular risk, even if that risk area does not normally fall within the audit committee’s purview. One member said, “We’ve kicked ideas around about risk management for quite a while – who’s accountable, and should the audit committee cover [particular risks], or the full board?” One member cautioned that the audit committee’s “primary role” of ensuring the quality of financial controls, reporting, and disclosure may be diluted if the audit committee accepts responsibility for risk areas that more appropriately belong to the full board. One member said, “We assume the responsibility of ensuring there is a good process for enterprise risk management across the company, and we review the traditional risks, [especially] financial, that fall within the audit committee’s area of responsibility. But broader strategic risks … should be reviewed by the full board or by a committee [specifically suited to that risk]. At the end of the day, [the audit committee] ensures that there is a good risk identification process.”
Audit committee effectiveness is tested during challenging situations
Reflecting on the impact of Sarbanes-Oxley, one member said, “[In 2003–2005], it was a new world for audit committees. We were trying to figure out what to do, how to add value. The regulations were changing pretty regularly, and it was difficult to understand expectations; the PCAOB [Public Company Accounting Oversight Board] was confounding. I always felt the laser sight for a nuclear attack was trained on my body, with so many people looking over our shoulder. [Since then,] we have had more than 30 audit committee meetings, and we have matured in how we fulfill our responsibilities. The regulatory framework has stabilized. Life as an audit committee chair today is a whole lot nicer than it was in 2005.”
With greater regulatory stability, audit committees have had the opportunity to reexamine their purpose and measures of effectiveness. As one audit committee chair observed, “These days, [Sarbanes-Oxley] issues take up much less bandwidth than they used to, so we have a real opportunity to get even more out of the audit committee and make the most out of the time we spend.”
Most members said that although the audit committee charter sets forth their legal and fiduciary obligations, the charter is really just a starting point for a committee to reach its full potential. One member said, “We have a mandate established by our charter. There is a minimum expectation of fulfilling our charter, but that is just a starting point.” Another member said, “At each meeting, we aim to cover all our bases, make sure the committee is satisfied everything is running well and appropriate controls are in place. And we ask ourselves if we’ve learned more about a company as a result of the meeting.”
Several members initially asserted that the hallmark of an effective audit committee was “no surprises.” One member said, “We are the guardians of the financials, so success means no material weaknesses, deficiencies, or restatements.” However, upon further discussion, members agreed that an audit committee’s effectiveness is most clearly exposed when problems arise. One member cautioned, “[Only] the naïve may think that now that they have embraced enterprise risk management, they are home free.” Members accepted the inevitability of “things going bump” and generally agreed that these bumps do not usually reflect deficiencies in the audit committee. One member said, “[It] isn’t about how you prevent [problems], it’s what you do when you find them. How do you respond when they happen?”
Most members concluded that establishing a base of knowledge about the company and strong working relationships – within the board, with management, and with the external auditors – are the keys to addressing challenges successfully.
Audit committee leadership is more an art than a science
Members agreed that there is “no one-size-fits-all” approach in chairing an audit committee. One member said, “[Being a good chair is about] the art of the audit committee, in addition to the science of it.” Members discussed the impact of several important choices:
Financial expertise on the committee. Some members believe that every member of the audit committee should “really understand financial reporting or … have financing skills.” One member said, “Usually, reasonably sized public companies have three members and want at least two financial experts, unless you can get three.” On the other hand, several audit committee chairs highlighted the value of a range of opinions and questions at audit committee meetings. One member said, “Not every audit committee member needs to be a financial expert. There’s a real benefit to having smart people on the committee who can look at operations and controls from a non-financial perspective.” Some members described questions from new board members who may not be financial experts, such as CEOs or attorneys, as “insightful.” One member prefers a committee made up of “people who can ask penetrating questions of the auditors and management,” regardless of whether they are financial experts.
Committee cross-membership. One member supported cross-committee membership, noting that its benefits can outweigh the difficulties of meeting scheduling: “Members of other committees look at our issues through their own committee lens and add insight. We have a much richer discussion within the committee, and also in the full board when I present the committee report.”
Engagement with management. Members described a wide range in management participation at audit committee meetings – from as few as four or five to as many as 25. While there was some concern that a larger audit committee meeting may be less efficient, members nevertheless agreed that financial and business unit management teams often derive significant educational benefits from participation. The practice may also strengthen the relationship between management and the board. One member said, “If the goal is increased efficiency, then management should not be there. If the goal is increased transparency, then they should attend.”
Engagement with the CEO. One audit committee chair noted, “At one of my companies, the CEO is always [at audit committee meetings], and at another one, no. There are pros and cons to each approach. Having the CEO there can be a signal to the rest of the organization that they are deep in the financials. But it can also inhibit the finance team, so the chair needs to use executive sessions wisely.” One member stressed the importance of monitoring the CFO’s reaction when the CEO is in the room, so the CFO gives ample time to issues and does not attempt to minimize an issue or rush the discussion.
Many members noted the value of open dialogue not only between management and the audit committee but also among committee members themselves. One member recognized the importance of listening to each committee member’s thoughts on an issue – not only so members hear multiple perspectives but also so that members feel heard. Several members described the “delicate balance” involved in managing different members’ needs. Sometimes, individual audit committee members will ask questions that extend beyond the scope of the meeting agenda, and the audit committee chair must determine how best to ensure that each director’s needs for information are satisfied. When audit committee members ask questions that exceed the scope of the meeting agenda, one chair said, “I ask two questions: Do we have time? And do we have to do it now?” Another member agreed, the committee “need[s] people putting things out there” because, as the audit committee chair, “[I] don’t want to be in this boat by myself.”
Relationships, education, and self-assessment contribute to committee effectiveness
Members reported wide variance in the length of routine audit committee meetings, which ranged from two to four hours. Several members questioned whether long meetings necessarily implied inefficient committee processes. However, one member concluded, “The real question is not, ‘how long does your audit committee meet?’ but, ‘how much does your committee achieve at each meeting?’” Another member said, “[The committee] is not running the company but [is] part of it and [has] a responsibility to know what’s going on,” regardless of how long the meeting lasts. Members described several tactics to increase the audit committee’s effectiveness.
Building relationships with management
Although members agreed there needs to be an open and easy flow of information between the audit committee and management, they use different approaches to achieve this objective. Several members said formal presentations can tell a “story,” but others said they seek open dialogue without relying on “sanitized” or “purified [decks].” One member said the audit committee has asked for the reports management uses for its own decision making, emphasizing to financial management that, “whatever you look at, I can look at.” Another member indicated the importance of discussion and said management should not feel it is “off the hook” because it developed formal materials. Members emphasized that it was up to the finance team to be comprehensive but also help the audit committee zero in on the critical issues. One member said, “I tell the CFO, ‘It’s important that, at the end of the day, you feel you conveyed to me what you think I need to understand.’”
One audit chair recommended that the audit committee review the reading materials before audit committee meetings and submit clarifying questions to management electronically in advance, copying the rest of the committee. Another member said, “I encourage committee members to send around any questions they have on the audit committee package in advance of the meeting, and I’ll share those with management. It helps us address the more minor or routine matters more efficiently – we will revisit any questions in the meeting if they’re not resolved.” Other members noted, however, that unless the questions are purely technical in nature, this practice precludes potentially valuable debate that could happen face-to-face in the meetings. In addition, one member said, “There is a benefit to seeing how management answers questions spontaneously at the meeting – indicating whether they know the business or whether they are giving a canned presentation.”
One audit committee chair described the committee as “an excellent [forum] for [financial] management to have someone to bounce ideas off. There needs to be trust with management so they use the audit committee as a sounding board, especially for unusual transactions that have shades of gray, or [for] corporate actions such as [mergers and acquisitions].” In addition, members noted that they derive great value from meeting with management more frequently than at quarterly audit committee meetings. One member noted, “You need to build a good rapport with the team who is helping [the audit committee] in its key areas of responsibility. You can’t just fly in and out for meetings.” Members shared several methods to foster deeper relationships with management:
Informal interactions outside quarterly audit committee meetings, specifically with the CFO and occasionally including high-potential members of the senior finance team.
Monthly meetings with the senior business unit leaders to discuss the top 10 to 12 risks.
Bi-annual meetings with the internal audit team, to hear concerns and communicate expectations.
Periodic meetings with the finance team for two-hour, deep-dive presentations on a specific topic.
Educating committee members
One member asked, “What’s the best way to ensure committee members are staying up to date? There are so many new rules and standards coming out, domestically as well as internationally.” Members said committee education “should be tailored to the company and where the complexity is.” For example, one member said that, in order to prepare for a board meeting that took place in China, “we had a segment [of a meeting] devoted to a review of our shared services facilities there, how the business is going, and what the control picture looks like. At another meeting, the committee requested a deep dive on anti-bribery issues.”
One member highlighted the value of outside subject matter expertise, noting that from time to time, “it helps to have an independent perspective. We need to be talking to people other than ourselves and management.” Another member agreed, “We do bring in third parties, but it tends to be at the full board level, not just for the audit committee. If we wanted to get a briefing on the Eurozone crisis, it seems it would be worth exposing everyone on the board to that information.”
Several members said they have encouraged third-party evaluations of internal audit or specific risk areas such as IT. One director said, “We use our external audit firm to provide updates on current issues and also ask for their input on how we are doing based on the trends they see across their client base.”
Getting the most out of the self-assessment
The NYSE mandates that audit committees conduct an annual self-evaluation of performance, and that the self-evaluation requirement exist within the audit committee charter.10 However, members agreed that the self-assessment questionnaire forms are of declining usefulness. One audit committee chair said, “We do the survey because we have to do it. It’s part of our checklist, but people usually have no qualms about speaking up about how we can improve. If someone is too quiet about those things, it’s a red flag.” One member noted an approach that goes beyond a simple questionnaire: “We do a formal evaluation every year, which includes a formal questionnaire and also one-on-one conversations. I also keep track informally over the year by asking in our executive sessions whether anyone has issues or concerns.”
Other members suggested that the audit committee chair may elicit more candid feedback by calling audit committee members individually instead of relying solely on a formal evaluation process. One audit committee chair asked, “If someone has a great idea about how the committee can do a better job, why wait until the end of the year?”
Suggested practices to improve the effectiveness of the audit committee
Members shared a number of practices to enhance relationships, increase opportunity for candid dialogue with management, and clarify the scope of responsibility for risk oversight.
One member suggested that the audit committee chair ride along with the CFO to a company location outside the headquarters. Benefits include a deeper relationship with this key executive and the opportunity to view the company through the eyes of the CFO. As one member said, the only way to understand local issues is to “get out there.”
Some members advocated a systematic review of the risk disclosures in the 10-K, ensuring that oversight for each risk is assigned to a board committee or the entire board. One member said, “The audit committee took on oversight of the [enterprise risk management] process and assigned specific risks to committees so we avoid anything falling through the cracks. [However,] many risks do stay within the audit committee, [including] financials, transaction-related risks, controls.”
One member said their committee reviews the schedule of judgments and estimates quarterly to look for trends. Even though this report often fits on a single page, the member described it as “the guts of the whole thing.”
One audit committee holds two 30-minute executive sessions per meeting, one at the beginning and the other at the end of the meeting. This allows the committee to agree on priorities at the outset and share reflections and future agenda items at the conclusion.
Some members review management’s script or presentation for the earnings call before it takes place. One member suggested that the earnings call deck is “as important as the [10-]Q.”
For new committee members, one audit committee chair asks the external auditor to offer a historical perspective, define company-specific issues, and provide a safe forum to ask technical questions outside the committee setting
Audit committees face increasing pressure from investors, regulators, and even their boards to expand the scope of their responsibility. In light of this pressure, understanding what makes an audit committee effective has become even more difficult. Nevertheless, members suggested that an effective audit committee is defined by its response “when the wheels come off.” Each committee may use different tools to prepare for the inevitable challenges they (and their companies) will face, but the members agreed that a well-prepared audit committee is knowledgeable, has strong relationships with management, and regularly engages in open dialogue with management. Each audit committee must decide which tools it can and should use to prepare for the next challenge. One member stated, “Especially in this tougher regulatory environment, we can’t just look in the rearview mirror. We have to look ahead at how to stay in front of the most important audit committee issues at least two years out.”
About this document
The East Central Audit Committee Network is a group of audit committee chairs drawn from leading companies committed to improving the performance of audit committees and enhancing trust in financial markets. The network is organized and led by Tapestry Networks with the support of Ernst & Young as part of its continuing commitment to board effectiveness and good governance. Tapestry Networks and Ernst & Young are independent organizations. Tapestry Networks is a privately held professional services firm. Its mission is to advance society’s ability to govern and lead across borders of sector, geography, and constituency. Ernst & Young is a global leader in assurance, tax, transaction, and advisory services.
VantagePoint is produced by Tapestry Networks to stimulate timely, substantive board discussions about the choices confronting audit committee members, management, and their advisers as they endeavor to fulfill their respective responsibilities to the investing public. The ultimate value of VantagePoint lies in its power to help all constituencies develop their own informed points of view on these important issues. Anyone who receives VantagePoint may share it with those in their own network. The more board members, members of management, and advisers who become systematically engaged in this dialogue, the more value will be created for all.
The perspectives presented in this document are the sole responsibility of Tapestry Networks and do not necessarily reflect the views of network members or participants, their affiliated organizations, or Ernst & Young. Please consult your counselors for specific advice. Ernst & Young refers to all members of the global Ernst & Young organization. This material is prepared and copyrighted by Tapestry Networks with all rights reserved. It may be reproduced and redistributed, but only in its entirety, including all copyright and trademark legends. Tapestry Networks and the associated logos are trademarks of Tapestry Networks, Inc. and Ernst & Young and the associated logos are trademarks of EYGS LLP.
1 VantagePoint reflects the network’s use of a modified version of the Chatham House Rule whereby names of members and their company affiliations are a matter of public record, but comments made during the meetings are not attributed to individuals or corporations. Quotes in italics are drawn directly from comments made by ECACN members before, during, and after the meeting
2 Ernst & Young, “The Sarbanes-Oxley Act at 10: Enhancing the Reliability of Financial Reporting and Audit Quality,” July 11, 2012, 4.
3 Ernst & Young, “Dodd-Frank Act: One Year Anniversary,” July 2011, 3.
4 Richard H. Deane Jr., Jean-Paul Boulee, Jamila M. Hall, and Mareasa M. Fortunato, “FCPA and International Anticorruption Enforcement,” Jones Day, May 2012.
5 Ernst & Young and Tapestry Networks, “Regulatory Change Is Driving Audit Committee Agendas,” InSights, April 2010, 3.
6 US Securities and Exchange Commission Staff, “Work Plan for the Consideration of Incorporating International Financial Reporting Standards into the Financial Reporting System for U.S. Issuers: Final Staff Report,” July 13, 2012.
7 Ernst & Young, “SEC Staff Releases Final Report On IFRS,” To the Point, July 18, 2012, 1.
8 Morrison & Foerster, “The Dodd-Frank Act: A Cheat Sheet,” 2010, 2.
9 For a discussion of these developments, see Ernst & Young, “Tax Administration Without Borders: Navigating the Changing Global Tax Controversy and Risk Management Landscape” (Ernst & Young Global Limited, 2009).
10 New York Stock Exchange, Final NYSE Corporate Governance Rules (New York: NYSE Euronext, 2009).