Regardless of size or type of operation, all companies can benefit from having an audit committee to help with corporate governance strategies and, ultimately, provide the best chance to ensure the organization's success. In the case of public companies, the Sarbanes-Oxley Act of 2002 (SOX), makes it a requirement to have an audit committee that follows several key mandates for reporting annual financial statements. Private sector companies can benefit from audit committee oversight, as well.
Beyond the task of selecting an external auditor, an audit committee provides additional key functions to an organization that are of immense value. The committee is tasked with providing oversight to management as it executes the company's strategic plans, in particular focusing efforts on areas that involve managing risks (e.g., operational, business interruption, cybersecurity, financial reporting, fraud, regulatory, etc.), ensuring compliance, establishing effective internal controls and dealing with change management, all in an effort to create an organization that is sustainable for the long-term. The significance of these functions makes choosing the right composition of audit committee members and creating a well-defined and documented operational charter extremely important.
Who Should Serve on Your Audit Committee?
An audit committee must be composed of the right people with the right mindset and relevant expertise to be successful. While there is not a set size for an audit committee, it is typically made up of at least three people who should all, ideally, be independent. The ability to approach responsibilities with a questioning mind and healthy sense of professional skepticism is invaluable to an audit committee member. The need can arise to challenge the management team and hold them accountable, which can create uncomfortable situations. To that end, it is generally not a good idea to choose individuals who would be unwilling to have uncomfortable conversations due to their relationship to management. Audit committee members need to be committed to performing their responsibilities diligently and sufficiently under all circumstances.
Maintaining independent audit committee members is crucial to ensuring effectiveness. Members must be able to exercise their own judgement and be unduly influenced by management or personal financial incentives that could cloud their ability to exercise their responsibilities. The financial reporting function and the communications of such information to internal and external users of that information needs to be fair, transparent, and complete, so it's important that your company's committee does not include employees or individuals with a close relationship with the company and/or its employees. It's imperative that audit committee members remain objective and function as an arbitrator between management, external auditors, and investors.
Public companies are required, under SOX, to have at least one audit committee member who is considered a financial expert, defined by certain qualifications related to his or her education and background. Applying those concepts in a private company environment could go a long way to ensuring success. Choosing audit committee members who have backgrounds and work experience in a similar industry to your organization could provide even further benefit; however, it is not critical. Value can also be derived from having audit committee members who have experience in other parts of your company's ecosystem, or vertical, or in different industries that may experience similar challenges as yours.
Creating a Charter
Once your audit committee is chosen, the group should be tasked with developing a smart and responsible charter that outlines its roles, responsibilities and how it will function. It should also include the audit committee's quarterly and annual responsibilities. As your organization grows and its risks and opportunities change, the audit committee's role will also expand. With that, audit committees should periodically review the audit committee charter for compliance with emerging best practices.
Monitor Financial Reporting
Perhaps the most common task audit committees will oversee is reviewing and approving your company's financial statements to ensure they are complete, accurate, transparent and fairly stated in accordance with the applicable standards of the reporting jurisdiction. They will also work directly with the external auditor (selected and vetted by the committee) to review findings.
Committee members should be able to understand and comprehend the external auditor's results and recommendations so they can effectively communicate them back to the company and monitor the implementation of any remediation or changes made. The more information members understand, the easier it is for them to make their own recommendations for how to improve your company and its financial reporting.
Provide Risk Management Oversight
On top of its essential financial reporting duties, the audit committee will work to identify your company's major risks, as well as review the existing internal controls that are in place to protect your company from those risks. One could argue that companies now face more risks than ever as technology evolves and companies expand their global reach. Increasingly, audit committees are identifying risks related to cybersecurity and lack of protections in information technology divisions that don't just arise from their own activities but risks that are created by the suppliers, customers and service providers that the company uses in the conduct of their daily business.
Committee members should meet regularly with company management to help notify them of potential risks, as well as ensure that those risks are being monitored and proactive efforts are in place to mitigate future risks to an acceptable level. Management should involve the audit committee in developing its enterprise risk management plan so members have an intimate knowledge of the plan and can be sure the company is taking an organization-wide view of potential risks. The frequency of meetings will depend on the organization and its particular issues, but generally the audit committee should be meeting on a quarterly basis, at a minimum.
Protect Your Company from Fraud
Lastly, as an independent entity, the audit committee helps ensure there are checks and balances in place to protect your company from fraud. The committee should perform an assessment of your company's risks to determine what type of fraud would most likely affect you and provide effective monitoring of these identified risks.
An audit committee should also establish separate mechanisms to promote the timely reporting of potential fraud directly to it so that any concerns can be promptly, thoroughly and completely investigated. They should review company policies for handling internal tips, ensuring there are no retaliatory measures being taken by the company against an employee for reporting potential fraud or other possible violations of laws and regulations. The committee must act as a conduit between employees and executives so that issues do not go unreported and complaints are properly investigated.
For More Information
If you have any comments, questions or concerns about forming an audit committee, please contact us.
Published on May 11, 2018