Chapter 5: Topic 2: The Audit Committee | p. 149-158;
NYSE requires audit committees to assist with...
- board oversight of the integrity of the company's financial statements; - review and discuss the company's annual and quarterly financial statements, with management and the external auditor - including disclosures in the Management's Discussion and Analysis section of the 10-K, - discuss the company's earnings releases, financial information, and earnings guidance provided to analysts and rating agencies SG2 p. 151-153 MK
What 2 areas do the audit committee have oversight in?
- defining reporting relationships for the internal auditor, with a focus on maximizing objectivity - defining the role of internal audit and ensuring it has adequate resources
What does SOX refer to?
Sarbanes-Oxley Act of 2002 (SOX-2) SG2 p. 149 exact (MK)
Audit committees must consider trends in Big Data and Data Analytics. Name two other common challenges for audit committees. SG P154 & 155 exact (TB)
Succession planning and expanding committee agendas.
Which committee is required by public companies but not private or non-profit?
The audit Committee NOTE: Having a standing, or permanent, audit committee of the board of directors is a long-standing, leading, and widely adopted practice for all company types. The SEC began recommending in 1940 that audit committees consisting of outside directors be used to select the external, or independent, auditor and oversee external auditor engagements with the company. As of 1978, the NYSE began requiring audit committees for listed companies, and Nasdaq adopted the same requirement in 1989. By early 2000, the SEC followed suit by approving the stock exchange rules for audit committees and requiring public companies to file reports about the audit committee that disclosed 1) whether the board had an audit committee charter and 2) if the audit committee members were independent. SG2 p. 149 ad lib (MK)
There are fewer mandates stipulating the role of the audit committee in overseeing the internal audit function; however, as the audit committee relies on internal audit, particularly ___________________, as its primary resource for information regarding the financial reporting and risk management processes.
The chief audit executive (CAE) SG P 152 exact (TB)
According to SEC rules, audit committees must consist of at least how many directors? SG p 153 exact (TB)
Three (independent and financially literate*)
Which is not a common challenge for audit committees? SG P154 & 155 exact (TB)
Too few meetings throughout the year
The audit committees oversight responsibilities for the external auditor focus on which areas? SG P152 exact (TB)
a. All answers are correct b. Appointment, retention, evaluation and compensation of the external auditor. c. Auditor independence. d. External audit of financial statements and ICFR, and review of interim financial statements.
General Responsibilities of the Audit Committee
- Preparing the audit committee report in the proxy statement** - Appointing, compensating, retaining, and overseeing the auditor - Establishing the company's financial whistleblowing process - Engaging independent counsel and other advisors as needed - Obtaining and reviewing the auditor's report - Reviewing auditor independence - Meeting to review and discuss all major financial statements - Discussing earnings press releases and financial information given to analysts and rating agencies - Discussing policies with respect to risk assessment and risk management - Meeting separately with management, with internal auditors, and with independent auditors - Reviewing with the independent auditor any audit problems or difficulties and management's response to such issues - Reporting regularly to the board of directors - Evaluating the audit committee annually SG2 p. 151 Exhibit 5.2.c MK
What are the Guidelines for Effective Audit Committee Oversight
1 Be proactive in focusing the agenda on what's important— financial reporting risk—and make the most of audit committee meetings. 2 Insist on transparency, both external transparency and internal transparency, among the audit committee, management, and the internal and external auditors. 3 Focus closely on external financial communications—beyond the 10-K and 10-Q. 4 Question the continuing validity of key assumptions that underlie critical accounting judgments and estimates, and be up to speed on key financial reporting issues and developments affecting the company. 5 Assess the audit committee's role in the oversight of risk management—with an eye to clarifying the scope. 6 Set and manage clear expectations for the external and internal auditors. 7 Make sure the CFO and the entire finance organization, as well as internal audit, have what they need to succeed, and be sensitive to the strains on these organizations. 8 Assess the tone at the top and throughout the organization, including the effectiveness of compliance and anti-fraud programs. 9 Help link change and risk management, and monitor critical alignments (controls, risks, etc.). 10 Take a hard look at the audit committee's effectiveness— including its composition and leadership—and find ways to continuously improve.
List the Audit Committee's Roles and Responsibilities.
1) Financial Reporting and Communication 2) Internal Control Over Financial Reporting (ICFR) and Disclosure Controls and Procedures 3) Audit Functions 4) Risk Oversight 5) Audit Committee Membership 6) Audit Committee Leadership SG2 p 151-153 MK
Detail the Audit Committee's Roles and Responsibilities.
1) Financial Reporting and Communication: Management is responsible for preparing the company's financial statements, while the audit committee is responsible for oversight of this area. Although audit committees in private companies and nonprofits have wide discretion in how they perform these duties, stock exchange listing rules provide guidance. Among other requirements, the NYSE requires audit committees to assist with board oversight of the integrity of the company's financial statements; review and discuss the company's annual and quarterly financial statements, including disclosures in the Management's Discussion and Analysis section of the 10-K, with management and the external auditor; and discuss the company's earnings releases, financial information, and earnings guidance provided to analysts and rating agencies. 2) Internal Control Over Financial Reporting (ICFR) and Disclosure Controls and Procedures: As above, management is responsible for maintaining effective ICFR, and it is the board's job to oversee management's system of ICFR and its disclosure of controls and procedures. The audit committee must ensure that management has established an appropriate system of ICFR and an adequate process to monitor, test, and assess ICFR. Additionally, the audit committee has the responsibility to oversee the external auditor's integrated audit as the external auditor must report any material weaknesses and significant deficiencies in ICFR to the audit committee. Audit committees should also provide oversight for the management- level disclosure committee (see Chapter 4, Topic 4 about Shareholder Engagement), which is responsible for preparing disclosures for SEC filings and maintaining the company's disclosure controls and procedures. 3 Audit Functions: Because external and internal auditors play a vital role in the financial reporting process, effective oversight of auditors is at the core of the audit committee's oversight responsibilities. The audit committee's oversight responsibilities for the external auditor focus on four areas: 1) appointment, retention, evaluation, and compensation of the external auditor; 2) auditor independence (including rotation of audit partners and approval of audit and nonaudit services); 3) external audit of financial statements and ICFR (including discussion of audit strategy and monitoring of the audit process); and 4) review of interim financial statements. There are fewer mandates stipulating the role of the audit committee in overseeing the internal audit function; however, as the audit committee relies on internal audit, particularly the chief audit executive (CAE), as its primary resource for information regarding the financial reporting and risk management processes, the audit committee has developed an oversight role for two areas: 1) defining reporting relationships for the internal auditor, with a focus on maximizing objectivity; and 2) defining the role of internal audit and ensuring it has adequate resources. Due to the sensitivity of the CAE's role in reviewing management's conduct and performance, it is important that the CAE have a functional reporting line to the audit committee (as its members are independent from management), as well as an administrative reporting line to the CEO, CFO, or other C-level executive who has a connection to the internal audit function. Additionally, since SOX was passed in 2002, internal audit's scope of responsibility has grown to include supporting improvements in strategic areas such as risk management. The audit committee should oversee what risks internal audit plans are focusing on, the functioning of related internal controls, and how risk management processes are mitigating those risks. It is not internal audit's job to manage risk, but rather to provide assurance regarding the company's risk management system. 4 Risk Oversight: Although the audit committee is responsible for overseeing financial reporting risk, there is debate about the role of the audit committee in the broader role of risk oversight. As mentioned earlier (Exhibit 5.2.c), NYSE listing rules require that audit committees ensure discussion of risk policies and oversee compliance. In general, however, NACD recommends that the full board should have primary responsibility for risk oversight, including oversight of risks that relate to strategy. The audit committee is unlikely to be able to take on primary responsibility for risk and compliance oversight due to the weight of its existing workload; however, the audit committee may consider performing oversight for the following risks related to its committee mandate: risks associated with taxes, environmental claims, litigation, insurance, financial instruments, and complex transactions; Foreign Corrupt Practices Act risks pertaining to accounting matters; finance, liquidity, and capital structure risks (if the board does not have a finance committee); and business continuity and operational risks, such as cybersecurity. 5 Audit Committee Membership: Generally, according to stock exchange listing requirements and SEC rules, audit committees must consist of at least three directors. These directors must be classified as independent and be financially literate, in accordance with stock exchange listing rules (see links to the NYSE and Nasdaq listing rules in Exhibit 5.2.a). Note that Nasdaq requires audit committee members to be financially literate to join the committee, while the NYSE grants them time to gain that literacy. Additionally, one director must be considered a financial expert under the SEC rule implementing Section 407 of SOX. This rule ensures that at least one member will have a strong background in accounting, finance, or auditing and can engage the CFO, audit engagement partner, and other accounting and auditing professionals in meaningful dialogue about the company's accounts. As mentioned earlier, although audit committees of private companies and nonprofits are not held to the same regulations as public company audit committees, they should still strive to embody the spirit of independence—in order to adequately oversee management—and demonstrate financial expertise in order to effectively carry out their duties. Ideally, at least one member of the committee should have a solid background in the company's industry. 5 Audit Committee Leadership: To be most effective, the audit committee chair should take on the following responsibilities: set the tone for the committee by being engaged and willing to challenge management; coordinate activities with the board chair and other committee chairs; meet with internal and external auditors in between committee meetings; support the CFO and finance team; engage with and set expectations for the external auditor; set the committee's agenda and regulate its workload; and encourage continuous improvement. It is also worth noting that the financial expert does not also have to be the audit committee chair. SG2 p. 151-153 MK
Due to the sensitivity of the CAE's role in reviewing management's conduct and performance, it is important that the CAE have what? SG P 152 exact (TB)
A functional reporting line to the audit committee, as well as an administrative reporting line to the CEO, CFO or other C-level executive who has a connection to the internal audit function.
What is the Financial Accounting Standards Board (FASB)? SG P150 exact (TB)
A non-profit organization created in 1973 with the mission to "establish financial accounting and reporting standards" that follow GAAP. Authorized by the SEC to set the accounting standards for public companies.
Discuss Audit Committee Key Oversight Risks
Although the audit committee is responsible for overseeing financial reporting risk, there is debate about the role of the audit committee in the broader role of risk oversight. NACD recommends that the full board should have primary responsibility for risk oversight, including oversight of risks that relate to strategy. The audit committee is unlikely to be able to take on primary responsibility for risk and compliance oversight due to the weight of its existing workload. However, the audit committee may consider performing oversight for the following risks related to its committee mandate: - risks associated with taxes, - environmental claims, - litigation, insurance, - financial instruments, and - complex transactions; - Foreign Corrupt Practices Act risks pertaining to accounting matters; - finance, liquidity, and capital structure risks (if the board does not have a finance committee); business continuity and operational risks such as cybersecurity.
Detail the Audit Committee Requirements Under SOX
Audit Committee Independence: Every audit committee member must meet certain requirements for independence (outlined in Section 301 of SOX and Securities Exchange Act Rule 10A-3). Auditor Oversight and Approval of Nonaudit Work: Audit committees are responsible for appointing, compensating, and retaining any registered public accounting firm and overseeing the work of such firms in issuing any audit report or related work. Authority to Engage Professionals: Audit committees are authorized to engage independent counsel and other advisors as necessary to carry out their duties. Whistleblower Policy: Audit committees are responsible for establishing procedures for handling complaints regarding accounting, internal accounting controls, and auditing matters, in addition to handling confidential and anonymous tips from employees who express concerns about these matters. Required Disclosures: Reliance on any exceptions to the aforementioned requirements must be disclosed along with an assessment of the adverse effects that not following the requirements would have on the audit committee's functions. Audit Committee Financial Expert: All US public companies must disclose whether or not their audit committees have at least one financial expert (defined by item 407(d)(5) of Regulation S-K) and, if they don't have one, disclose the reasons why not. S-K= knowledge (MK) SG2 p. 150 exhibit 5.2.a MK
Why are audit committee often considered the most important board committee?
Audit committees are often considered the most important board committee, with the responsibility to mitigate the risk of corporate theft and financial statement fraud through oversight of internal controls and financial disclosures. Their role in reinforcing ethical and compliant corporate behavior is constantly growing in the eyes of regulators and the general public. SG2 p. 149 MK
Discuss key items of the audit committee Membership.
Audit committees must consist of at least three directors. These directors must be classified as independent and be financially literate, in accordance with stock exchange listing rules. Note that Nasdaq requires audit committee members to be financially literate to join the committee, while the NYSE grants them time to gain that Literacy. Additionally, one director must be considered a financial expert under the SEC rule implementing Section 407 of SOX.
To be most effective the audit committee chair takes on many roles. Which role is not required? SG Pg 153 exact (TB)
Being a financial expert
What is the CAQ?
Center for Audit Quality. The CAQ is a nonprofit organization supported by US accounting firms registered with the PCAOB and is affiliated with the American Institute of CPA's. It issues research and voluntary guidance intended to strengthen the quality of audits and the work of the audit committee. SG P150 exact (TB)
What is the International Accounting Standards Board (IASB)?
Establishes standards for companies that follow international financial reporting standards. SG P150 exact (TB)
List the 3 Common Challenges for Audit Committees
Expanding Audit Committee Agendas: In a recent survey of audit committee members, 60 percent indicated a recent expansion of major risks on their agendas. The board should also consider tactics for handling the overall increase in board duties, such as establishing ad hoc or temporary committees for certain issues, reviewing committee charters and redistributing committee workloads, and assessing whether Director skill sets are keeping pace with the needs of the board. Audit Committee Succession Planning. Because audit committee mandates are broadening, incorporating members with government, cybersecurity, or compliance experience—in addition to financial experience— may help diversify the committee's viewpoints. The nominating and governance committee chair, as well as the board chair, should examine every three to five years whether committee chairs should be rotated. Audit committee chairs should delegate responsibilities to other members during their tenures in order to groom potential successors and avoid sitting in the role for too long because of a lack of a qualified successor. Trends in Big Data and Data Analytics. Audit committees should consider the composition of internal audit and how specialists such as data scientists, mathematicians, and computer engineers are being incorporated alongside traditional auditors. The audit committee should also ensure internal audit is conducting a cost-benefit analysis on the use of new technologies and implementing only technologies that are proven to enhance audit quality. SG2 p. 154 MK
What form do non-profits file regarding audit committees?
Form 990 filed by nonprofits with the Internal Revenue Service has included a governance section with a question about the use of an audit committee. SG2 p. 149 MK
Audit committee directors must be considered ______ & ______? SG P153 exact (TB)
Independent & financially literate. Nasdaq requires audit committee members to be financially literate to join the committee, while the NYSE grants them time to gain that literacy. Additionally, one director must be considered an expert under the SEC rule implementing Section 407 of SOX.
What is ICFR? SG P151 exact (TB)
Internal Control over Financial Reporting
What is the quote regarding the job of internal auditors?
It is not internal audit's job to manage risk, but rather to provide assurance regarding the company's risk management system. SG2 p. 152 MK
Discuss mgmt vs audit committee roles in Internal Control Over Financial Reporting (ICFR) and Disclosure Controls and Procedures.
Management is responsible for maintaining effective ICFR, and it is the board's job to oversee management's system of ICFR and its disclosure of controls and procedures. The audit committee must ensure that management has established an appropriate system of ICFR and an adequate process to monitor, test, and assess ICFR. Audit committees should also provide oversight for the management-level disclosure committee (see Chapter 4, Topic 4 about Shareholder Engagement), which is responsible for preparing disclosures for SEC filings and maintaining the company's disclosure controls and procedures.
Who is responsible for preparing the company's financial statements? SG P151 exact (TB)
Management, while the audit committee is responsible for oversight of this area.
Which of the following statements are false? SG P 152 exact (TB)
None
All US public companies must disclose whether or not their audit committees have at least ______ financial expert, and if they don't have one, disclose why not.
One. vs financial literacy! (MK) SG Pg 150 exact (TB)
Discuss Regulatory Bodies and Nonprofits Informing the Work of the Audit Committee
Public Company Accounting Oversight Board (PCAOB): The PCAOB was created by the passage of SOX to oversee the audits of public companies. The Dodd-Frank Wall Street Reform and Consumer Protection Act later expanded the role of the PCAOB to oversee audits of brokers and dealers, in addition to public companies. Financial Accounting Standards Board (FASB): The FASB is a nonprofit organization created in 1973 with the mission to "establish financial accounting and reporting standards" for companies in the United States that follow Generally Accepted Accounting Principles. For global firms, a similar role is fulfilled by the International Accounting Standards Board (IASB), which establishes standards for companies that follow International Financial Reporting Standards. Center for Audit Quality (CAQ): The CAQ is a nonprofit organization supported by US accounting firms registered with the PCAOB and is affiliated with the American Institute of Certified Public Accountants. It issues research and voluntary guidance intended to strengthen the quality of audits and the work of the audit committee. SG2 p. 150 exhibit 5.2.b MK
Discuss the unique filings for non-profits regarding audit committee?
Some jurisdictions (e.g., California) may have rules limiting the interface of the finance and audit committees of a nonprofit board. As for nonprofits, the Form 990 filed by nonprofits with the Internal Revenue Service has included a governance section with a question about the use of an audit committee. SG2 p. 149 MK
The audit committee relies on the internal audit and particularly which individual? SG P152 exact (TB)
The Chief Audit Executive (CAE) as its primary resource for information regarding the financial reporting and risk management processes, the audit committee has developed an oversight role for two areas: 1) defining reporting relationships for the internal auditor, with a focus on maximizing objectivity; and 2) defining the role of internal audit and ensuring it has adequate resources.
Over the years, how has the SEC requirements of company disclosure about the audit committees evolved, citing specific years?
The SEC began recommending in 1940 that audit committees consisting of outside directors be used to select the external, or independent, auditor and oversee external auditor engagements with the company. As of 1978, the NYSE began requiring audit committees for listed companies, and Nasdaq adopted the same requirement in 1989. By early 2000, the SEC followed suit by approving the stock exchange rules for audit committees and requiring public companies to file reports about the audit committee that disclosed 1 whether the board had an audit committee charter and 2 if the audit committee members were independent. In the aftermath of SOX (2002), the SEC passed numerous rules implementing SOX, and both the NYSE and Nasdaq revised their listing standards to include stronger audit committee requirements. Although private companies and nonprofits in the United States are not held to these post-SOX standards, a large majority of private companies and nonprofits do have standing audit committees. SG2 p. 149 MK
Discuss the Audit committee's audit functions.
The audit committee's oversight responsibilities for the external auditor focus on four areas: - Appointment, retention, evaluation, and compensation of the external auditor; - Auditor independence (including rotation of audit partners and approval of audit and nonaudit services); - External audit of financial statements and ICFR (including discussion of audit strategy and monitoring of the audit process); and - Review of interim financial statements Audit committee has developed an oversight role for two areas: - defining reporting relationships for the internal auditor, with a focus on maximizing objectivity - defining the role of internal audit and ensuring it has adequate resources Due to the sensitivity of the Chief Audit Executive's role in reviewing management's conduct and performance, it is important that the CAE have a functional reporting line to the audit committee (as its members are independent from management), as well as an administrative reporting line to the CEO, CFO, or other C-level executive who has a connection to the internal audit function. It is not the internal audit's job to manage risk, but rather to provide assurance regarding the company's risk management system.
Why are audit committees often considered the most important board committee? SG P149 exact (TB)
They have the responsibility to mitigate the risk of corporate theft and financial statement fraud through oversight of internal controls and financial disclosures. (Also to note: Their role in reinforcing ethical and compliant corporate behavior is constantly growing in the eyes of regulators and the general public.) MK
What is the audit committee's leadership scope?
To be most effective, the audit committee chair should take on the following responsibilities: - set the tone for the committee by being engaged and willing to challenge management; - coordinate activities with the board chair and other committee chairs; - meet with internal and external auditors in between committee meetings; - support the CFO and finance team; - engage with and set expectations for the external auditor; - set the committee's agenda and regulate its workload; and - encourage continuous improvement SG2 p. 153 MK
The Public Company Accounting Oversight Board (PCAOB) was created by the passage of _________ to oversee the audits of public companies. SG P150 exact (TB)
a SOX. b Dodd-Frank Wall Street Reform and Consumer Protection Act. c Caremark derivative litigation.
Which of the following is an audit committee requirement under SOX? SG P150 exact (TB)
a. All answers are correct. b. Independence. c. Oversight and approval of non audit work d. Whistleblower policy
Which of the following is not a general responsibility of the Audit Committee? SG P151 exact (TB)
a. Reporting infrequently to the board of directors. b. Preparing the audit committee report in the proxy statement. c. Discussing policies with respect to rest assessment and risk mitigation. d. Meeting separately with management, internal auditors, and independent auditors.
What are the audit committee's oversight responsibilities for the external auditor, four areas?
- Appointment, retention, evaluation, and compensation of the external auditor; - Auditor independence (including rotation of audit partners and approval of audit and nonaudit services); - External audit of financial statements and ICFR (including discussion of audit strategy and monitoring of the audit process); and - Review of interim financial statements