Management, Auditor Support Of The Audit Committee

This column is the last in a three-part series on audit committee responsibilities.Click here for previous columns by Richard Steinberg.

In my last two columns, we discussed the tremendous challenges facing audit committees—from deciding on the scope of the committee’s responsibilities, to determining the most effective and efficient ways to carry out those responsibilities.

This month, we’ll look at how the parties with which the audit committee deals most frequently—that is, financial management, and the external and internal auditors—provide information and support to make the committee operate effectively.

But before we get to those parties, let’s quickly review a couple of fundamentals

First, audit committees should have a disciplined process for receiving and reviewing relevant information. Like most seasoned executives, committee members don’t want information at the last minute, and they don’t want it in a form that’s unorganized, unnecessarily complicated, or poorly rationalized.

Second, and just as important: Audit committee members don’t like surprises. When a significant problem surfaces, the sooner the committee—or the committee chair—is advised, the better.

More about this important item later ...

Management

Financial management is the source of most of the audit committee’s information, from financial statements and regulatory filings, to pro-forma information and earnings releases.

Now, many audit committee members are chief executives or financial officers themselves, or are former financial executives that may serve on multiple boards of directors. In other words, they’re busy, and most set aside specific time slots to review reports, where even a short delay can throw a monkey wrench into their other scheduled business activities. As a result, management does the audit committee a great service by agreeing in advance—and keeping to—a predetermined information distribution schedule.

Providing information surrounding draft financial reports that will aid in the review of those reports is extremely important to audit committee members. Managers should consider, for example, what information they used in making key decisions reflected in the financial reports, which can be critical to enabling audit committee members to effectively consider the associated issues.

Information about accounting principles used, and—just as important—how they were applied, is essential for audit committee members. As such, management should provide information not only on which principles were used in the financial statements, but also alternative principles and means of application that were considered, and why they were rejected.

By now the vast majority of audit committee members, even those new to the role, understand that historical financial statements are anything but historical; they know there are myriad assumptions, estimates and judgments about the future affecting many of the numbers. Management needs to fully disclose to the committee what is behind the numbers, and how management arrived at the amounts presented. Here, too, alternatives considered should be provided, and support for those assumptions, estimates and judgments actually used must be available for discussion.

This brings us to the question of how much information should be provided to the committee members in advance, and what should be left for discussion in meetings. The answer depends on the committee’s preferences, but—in general—most data and related analysis should be provided ahead of meetings. That way, the committee members have an opportunity to digest the information. It also provides them the opportunity to understand the issues and the supporting data and rationale behind the numbers, allowing them to use face-to-face meetings to delve into pertinent areas in greater depth. The form of communication, whether a hard-copy “board book,” secure Web site, or other form of electronic communication, should be mutually agreed upon by management and the committee.

Not to be overlooked is the committee’s need for information from other sources. Management typically is best positioned to provide audit committee members with information from financial analysts, rating agencies and other external sources—yes, with warts and all—as well as information captured from customers, suppliers and others with whom the company interacts. That information serves a valuable purpose, enabling the committee to have context for—and relate to—information in financial reports.

Regarding the meetings themselves, management—usually working with the committee chair—can help by setting in advance the annual meeting calendar, meeting agendas, and information requirements and timing. Depending on the company, this role may be the responsibility of the corporate secretary, a corporate governance officer, or the office of the CFO. In any event, the responsible individual will want to ensure an open communication channel with the committee chair to ensure the committee’s needs are met.

Now, there’s no doubt that—in light of committee responsibilities and the environment in which they operate (which were the topics of the first two columns in this series)—audit committees are scheduling more meetings, and more time for each. No longer are meetings planned for one or two hours immediately preceding the full board meeting; adequate time is—and must be—set aside for effectively carrying out the committee’s extensive responsibilities.

Another important change has occurred in how committee meetings are conducted. No longer are meetings orchestrated by financial management with most of the time spent on management’s presentations; that approach—which at some companies served an unhealthy agenda by precluding much discussion—has been replaced by one that facilitates full and in-depth discussions of key issues. Management now provides relevant information in advance, as mentioned above, with brief and succinct presentations in the committee meeting room. Typically, management is finding that this approach truly enhances the level of comfort gained by the audit committee members. And this, in turn, diffuses some of the tension that management and the committee members experienced during the transition period immediately after Sarbanes-Oxley and its related regulations became effective.

External Auditor

In many cases, audit committees look at the companies’ external auditors somewhat differently now than in past years. With clearer and expanded responsibilities—not to mention greater accountability—audit committee members are looking to the external auditor as a critical support system. That, combined with the fact that auditors are themselves being held to higher standards from the newly established Public Company Accounting Oversight Board, means that there is significantly more relevant information flowing to the committee.

And that is critical: There must be full and free-flowing communication between the auditor and the committee about what is really important to the company. Here, too, the auditor will provide his or her assessment of key accounting principles, management’s related assumptions and judgments, and the adequacy of disclosures. As an independent player, the auditor must provide to the committee a sound judgment on key subjective issues. That includes whether the financial presentation not only is technically appropriate, but whether it clearly and fully discloses pertinent information in a form useful to the investing community.

As is the case at nearly every public company, highly technical matters will already have been discussed by management and the auditor, and difficult decisions will have been reached. The auditor will want to be forthcoming in bringing those matters to the committee’s attention. The discussion should be free-flowing, direct, and frank, so that the committee has a clear picture of what the challenges are, and how they are being met.

Internal Audit

For many companies, especially financial institutions and large enterprises across industries, internal audit has long been a key player working with the audit committee. With the NYSE requirement that listed companies have an internal audit function—and with greater recognition of their value—internal audit functions have been formed or expanded at literally thousands of companies, and often with enhanced stature.

Internal audit can be effective eyes and ears of the audit committee. They are present on a full-time, year-round basis, and with appropriate scope and direction can provide the committee important information relevant to the financial reporting process. Due to the requirements of Sarbanes-Oxley’s Section 404, internal audit functions have spent significant resources on internal control over financial reporting. As a result, internal audit’s perspective can be valuable to the audit committee in considering both the strengths and weaknesses of the company’s control processes, and the issues that need attention in financial reports.

Importantly, there should be clear communication from the chief internal auditor to the audit committee on internal audit’s scope and testing plan. There’s a wide range of potential focus, and the audit committee should be fully apprised of the extent to which internal audit is looking at financial reporting versus operational or compliance activities. In past years, many audit committee members presumed the internal audit function looked extensively at the financial reporting process, where often that was not the case. Now, there’s a much clearer understanding of internal audit’s tasks and findings, as well as the implications of those findings for the organization. Internal audit can help the committee by clearly communicating where it is devoting time and resources.

One side note. On numerous occasions, I’ve been asked by chief internal auditors when they should bring to the audit committee’s attention a potentially significant problem. Should they do so when the problem first is identified, when there’s more clarity around the problem’s scope, or after an investigation provides even greater specificity? My response is twofold: First, internal auditors must have a clear understanding with the committee chair about when such information should be provided. Second, as a general rule, the sooner the committee chair is apprised, the better.

The vast majority of audit committee chairs with whom I’ve worked say they want to know about a potentially significant problem as soon as it surfaces. In addition, they want to be kept apprised as more information is obtained and an assessment is made. That way, the audit committee can concur in the approach or provide direction to internal audit as needed. If the problem turns out not to be a big deal, so much the better. So, short of an audit committee chair directing otherwise, internal audit should avoid the temptation to wait to obtain more information before raising a potentially significant issue.

One issue that pertains to all of the parties mentioned above is the topic of private meetings. These sessions are important, and audit committee members will meet with management, the external auditor, and the internal auditor regularly without others present. Here, too, each party should be forthcoming, so that the audit committee members feel comfortable that they are getting relevant information without spin.

And that’s the most critical way to ensure your audit committee is effective: make sure it gets the information it needs truthfully, completely, in the right form, and in a timely fashion. Only then is the committee positioned to effectively carry out its responsibilities.

The column solely reflects the views of its author, and should not be regarded as legal advice. It is for general information and discussion only, and is not a full analysis of the matters presented.

What did you think of this column? If you'd like to react or respond, we urge you to write a letter to the editor.