This column is the first in a three-part series on audit committee responsibilities. The next column in the series will be published June 21, 2005. Click here for previous columns by Richard Steinberg.
In this column last month, we discussed how serving as an audit committee member is among the most challenging roles in today’s business environment. Considering how the committees’ responsibilities have expanded—with greater expectations of investors, regulators and the courts—I shared some insights on which responsibilities should be on the audit committee’s plate, and which can best be pushed off.
But even more difficult than agreeing on appropriate audit committee’s responsibilities, is determining how to carry out those responsibilities effectively and efficiently. This is an area with which many audit committee members are struggling, asking the basic question, “How far do we need to go in understanding what’s being reported to us by management, and in gaining the requisite comfort?” Audit committee members know they have a critical oversight role. At the same time, they are also acutely aware of the fact that they are a part-time body, and are not positioned to explore the minute details on which management is focused full time. Yet the expectations are there, with very real implications—including personal reputation and liability.
This issue is worth exploring, especially if we can identify what a number of audit committees have found to be effective practice. There are no official standards, and no hard-and-fast rules, but we can still look at what works best.
The Big Picture
At the risk of stating the obvious, audit committee members are members of the board of directors. That is, they are at the table to discuss—among other items—the company’s strategy and strategic implementation plan, its organization and resource allocations, and the transactions that have been consummated or are anticipated. To those ends, they receive information on current performance, risks and related actions. They understand the company’s business model and how the company makes money, and where the operational soft spots lie. And as a result, the audit committee members are positioned to ascertain what should be communicated in the company’s financial reports, and what types of disclosures are needed.
This information from a board-level perspective is crucial to enabling audit committee members to perform their oversight role well. There must be a basis, and a context, for considering the content and form of financial reports prepared by management, and committee members should be keep this knowledge in the forefront of their minds and make full use of it in conducting the committee’s activities.
Challenging The Source
It is critical that audit committees get information from a variety of sources. Management is, of course, the board’s prime source of information, but the committee cannot—and should not—attempt to audit that information. However, committee members do need to consider the data within the context of what they know about the company and its managers, and in relation to other information sources.
Management.
The committee’s primary source of information is management; specifically, the chief financial officer, finance director, chief accounting officer, and others with access to critical financial data. Those executives have the depth of knowledge and insight, and are directly responsible for preparing the financial statements, related regulatory filings, pro-forma information, earnings releases, and so forth. Clearly, there needs to be a high level of trust here; indeed, if the committee has concerns about the integrity of financial management, there’s a much larger problem in need of immediate action.
With trust established, committee members will want to look behind the numbers and disclosures, entering into in-depth discussions that leverage a wide variety of contextual data.
Experienced audit committee members know the extremes don’t work—from simply asking if everything’s okay, to conducting confrontational interrogations. It’s not enough to ask management if there’s anything unusual or that warrants discussion; that may be a starting point, but it’s only that. Some utilize a “trust but verify” philosophy, reflecting President Ronald Reagan’s official stance toward the Soviets. But in this context, that might be too cynical a viewpoint; management is on the same “team,” they’re not an ideologically divergent political bloc (well, usually).
Another term that’s come into vogue among audit committee circles, “constructive skepticism,” may be more appropriate. There needs to be plenty of trust with management, combined with a healthy dose of productive dialogue. Such positive interaction can help produce financial reports that reflect economic reality and contain all relevant disclosures, so that investors can make informed decisions about the company’s past performance and future prospects.
Unfortunately, some audit committee members are literally bringing a checklist into the committee room—they ask their listed questions, listen to responses, and tick the boxes. This does little for anyone. Now, certainly, there’s no harm in looking at a checklist towards the end of a meeting to ensure all key points were covered, but operating by checklist is counterproductive.
Similarly, some committee members have been known to ask questions, and then—without fully understanding the answers—simply move on, fearing that it might appear unseemly to follow up with another question. But pushing back is a fundamental requirement of the committee; there needs to be a dialogue—with a healthy exchange of information—about how management arrived at the presented financial statement. Of critical importance is analysis of the assumptions, estimates and judgments reflected in the financials. What support does management have for the numbers? What alternatives were considered? Is there a bias toward higher profits and earnings per share? Might different numbers better reflect the company’s performance? Is there additional information, or different presentation, that better communicates economic reality? These and related questions need to be asked, and the committee should continue to ask follow-up questions until it is comfortable that the answers make full sense.
External Auditor.
The external auditing firm is a source of critically important information. Audit committee members will want to understand the audit methodology and approach, probing for the areas where the greatest attention has been given—and where it has not. Committee members should understand what challenges surfaced, what substantive issues caused management and auditor differ—even if the differences ultimately were resolved—and where the difficult judgments were made.
If management and the auditor came to different conclusions on accounting principles and their application, then the audit committee should understand that. Audit committee members should question the auditor about whether the application fits the company’s facts and circumstances—or does not—and what alternative accounting principles were considered and discarded.
The committee should take full advantage of private sessions with the external auditor. These sessions present an excellent opportunity to speak frankly and fully about key issues and concerns, to and compare information obtained from management. And committee members will get a sense of how forthcoming the auditor is in their communications with the committee—whether they’re full and frank, or whether the committee needs to pull teeth.
Internal Audit.
Internal audit, of course, is positioned to provide the audit committee with information that may be critical to understanding financial reports and operations in general. The chief internal auditor, sometimes called the chief audit executive or general auditor, will have a good sense of the “control environment,” encompassing the ethical values and integrity of the organization, as well as other cultural matters that serve as an underpinning to reliable financial reporting.
Here, too, there should be full and free-flowing communication. Internal audit should have full access to the company’s people and activities. Indeed, a key responsibility of the audit committee is to understand internal audit’s role, its capabilities, budget, scope, and the like, to ensure there are no inappropriate restraints. The audit committee should not only learn about internal audit’s findings, but should relate those findings to what the committee learned from management and the external auditor.
Other Sources.
Important information also can be gleaned from media coverage and reports from analysts, rating agencies, and other third parties. Those market participants have a perspective different from management and the auditors, thereby offering unique data and perspectives worth considering while reviewing the financial information presented.
Not to be ignored is information from others in the company, and from those doing business with it. Certainly, input from “help lines” or “whistleblower” channels can be invaluable. And information—including complaints—from customers, suppliers, lenders and regulators can be enlightening. The audit committee doesn’t have the time to sort though a lot of detail here, but it should know the nature of information that might signal needed modifications to financial reports.
Advisors
The audit committee has the right to its own advisor, and a number of committees have decided to have an advisor regularly attend its meetings. There are two schools of thought on this issue, with strongly-held views on each side. Some committee members, often on advice of legal counsel, believe that it’s essential to have an advisor steeped in accounting principles and practices present at meetings to help ask the right questions, process information provided, and offer advice to the committee. Others believe this is unnecessary and, in fact, is overkill; advisors, they argue, are needed only in certain instances where a particularly difficult accounting issue is at hand.
For what it’s worth, my advice to audit committees is that having an advisor on an ongoing basis generally is unnecessary, and is typically not a good idea. That’s because the presence of an advisor sometimes creates the tendency to leave debate and even conclusions to that advisor. In addition, the audit committee already should be comprised of members who can understand and deal effectively with the issues at hand, without an advisor’s prompting. If that’s not the case, then committee composition should be reconsidered. And clearly, many committee members are increasingly looking around the table to ensure they’re comfortable that the committee indeed has the requisite skills among its membership. That doesn’t mean committee members need to be accountants by training, but they need to have enough knowledge of financial reporting to be able to deal with the issues.
Of course, it goes without saying that advisors might be useful to audit committees that lack the appropriate skill level, assuming the committee is moving to acquire new members with the requisite skills. In addition, bringing in an advisor can be very helpful in certain situations, like those in which management and auditors disagree on a complicated accounting issue.
The Right Balance
As with many things in life, finding the right balance is critical to success. Audit committees need to perform an important oversight role, recognizing they do so on a part-time basis. But that part-time board membership is taking up more and more time; surveys show that board service—including service on a committee—requires approximately 250 hours of service per year (assuming no special circumstances or crises). This is approximately double the average time spent for board service before the last round of scandals and rule-making initiatives. And time spent on the audit committee is turning out to be more than time spent on other board committees (although the compensation committee is quickly catching up).
As a result, the audit committee must use its time wisely. It must obtain relevant information, compare it with existing knowledge and data from other sources, and challenge the information and results as necessary.
But committee members must also be flexible. Committees should not, for example, fall into the common trap of setting meeting schedules, and then limiting work to the allocated time. If the allotted time isn’t enough to do the job correctly—if, for example, there are unusual transactions or occurrences—then the committee needs to find more time.
Its responsibilities are too important, and the environment too serious, to do otherwise.
Next month’s column will look into how those working with the audit committee—specifically, management and the external and internal auditors—can help make the audit committee as effective and efficient as possible.
The column solely reflects the views of its author, and should not be regarded as legal advice. It is for general information and discussion only, and is not a full analysis of the matters presented.
What did you think of this column? If you'd like to react or respond, we urge you to write a letter to the editor.
No comments yet