With the audit committee's agenda growing all the time, the smartest audit committees are getting more aggressive and taking a closer look at their skill set to assure they can handle the job.
Audit committee members speaking at Compliance Week's 2014 conference said they do feel the increasing burden of serving as the ultimate oversight body for public companies, and are taking measures to rise to the challenge. “The most effective audit committees are confident, engaged, and organized,” said Peggy Smyth, member of the audit committees at both Martha Stewart Living Omnimedia and Vonage.
Over her career, Smyth said, she has worked on all sides of the audit issue: as an auditor at Arthur Andersen when Enron collapsed (taking Andersen along with it), a corporate executive (she is vice president of finance at Consolidated Edison), audit committee member, and even an audit standard setter. “I've seen the good, the bad, and the ugly, and in thinking back on the most effective audit committees, I think those three traits go hand in hand.”
There's no substitute, Smyth said, for audit committee members to be well qualified to scrutinize a company's financial reporting and auditing processes. Equally important, she said, audit committee members need to take the initiative in learning the company's issues and culture.
“You have to take the time to make personal relationships with other board members, management, external auditors, and internal auditors,” she said. “You need to get out of the office and go visit corporate locations, and not as part of a CEO dog-and-pony show. Meet with people and understand the tone and culture that exists away from the mother ship.” She also spends a fair amount of time preparing for audit committee meetings, Smyth said, reading materials and sending questions in advance so that discussion during the meetings can be more meaningful.
Finally, Smyth said, audit committees need an organized process that allows plenty of time for all the key issues the committee needs to oversee. “A good chair will look in advance before the year begins and have agendas for all the meetings throughout the year,” she said, designating specific times to address issues such as cyber-security, taxes, and reputational risks, for example. “By running the meetings and the committee in this way you will be viewed as a valuable resource to management and not a burden.”
Alan Siegfried, an audit committee member for Bon Secours Health System and UNICEF, said audit committees must assure that members have the right skills to serve on an audit committee—which is no longer an easy thing to do, he stressed. “In the past, many audit committee members were friends of the CEO or other board members,” he said. “That's not necessarily good risk management or governance. Down the road, you're going to see more risk-management experts or more governance and compliance experts on the audit committee. That will really help the audit committee understand a lot of the compliance issues we have to deal with.”
And the breadth of those issues is increasing, he said, as an increasing range of issues are delegated to the audit committee at many public companies. Data security and cyber-security, for example, have become key areas for the audit committee to address at Bon Secours, a major healthcare system in the mid-Atlantic. “We have the chief information officer coming to audit committee meetings five to six times a year to do presentations on information and cyber-security,” he said. “What's being done to make sure we are in compliance?”
Pictured above: PCAOB member Jay Hanson and Margaret Smyth, vice president of finance at Consolidated Edison.
Audit committees also would be well advised to establish a strong tie not only to top management but also middle management charged with governance, risk, and compliance, he said, such as compliance officers, risk managers, and internal auditors. “You want to make sure audit committee members have the right skills to be able to ask them the right questions,” he said.
Another resource for audit committees to leverage is the Public Company Accounting Oversight Board, said Jay Hanson, a member of the board. Although the PCAOB has no jurisdiction or authority over audit committees, their interests and missions have much in common with the PCAOB's concerns, he said. “We don't regulate audit committees, and we can't tell them what to do, but we are asking prominent audit committee members what we can do for them,” he said. The PCAOB has dedicated an area of its Website to audit committees and has even written some guidance directed at audit committee members suggesting how they can make better use of the board's routine audit firm inspection reports.
Plenty of information is not included in the board's inspection reports that audit committee members should ask their auditors to discuss anyway, Hanson said. “Part 2” of every inspection report addresses quality control problems at audit firms, but only where the firm has not corrected problems flagged by inspectors within 12 months of the original report date. That's a provision of the Sarbanes-Oxley Act meant to give firms a window of privacy to correct problems before they are made public. Hanson said audit committees could learn a lot by asking auditors about those unpublished issues.
QUESTIONS AUDIT COMMITTEES SHOULD ASK
Below the Public Company Accounting Oversight Board lists some questions audit committees may want to ask their audit firms about PCAOB inspections.
1.Was the company's audit selected for PCAOB inspection? Committees may want real time updates about whether their audit has been selected, what is being looked at, and any deficiencies identified by the PCAOB in the audit. The release provides additional information about specific areas for possible further inquiry in this regard.
2.Did the PCAOB identify deficiencies in other audits that involved auditing or accounting issues similar to issues presented in the company's audit? Committees may wish to understand whether similar deficiencies exist in the company's audit and, if so, what has been done in response.
3.What were the audit firm's responses to the PCAOB findings? Committees may want to understand whether the audit firm agreed with the PCAOB's findings and, if not, why not. If the firm agreed, what did the firm do in response?
4.What topics are included in Part II findings? Firms may be reluctant to share the details of Part II findings in an inspection report for a number of reasons, but even in that case, audit committees may want to ask for certain generic information about the findings.
Source: PCAOB.
Smyth, who recalled the stigma of being associated with Arthur Andersen even though she had no involvement with Enron, says the PCAOB's oversight of the profession is important. Although the Part 2 findings are not public, she questions audit firms about them. “It's important to know what the defects are,” she said. “Could anything like that happen here?” Even when issues arise at other companies, audit committee members would be wise to ask senior management: ‘Could that happen to us?'” she said.
Siegfried said audit committee members should study recent enforcement actions directed at audit committee members. The Securities and Exchange Commission recently charged two audit committee members who failed to act on information in their possession, suggesting possible fraud or misstatements in financial statements related to business they oversaw in China. “That's going to go a long way,” he said.
Smyth said when she read details of those specific enforcement actions, she viewed them as cases where the audit committee member was asleep at the wheel. “And that's being kind,” she said.
No comments yet