CHAPTER 1
Audit Committee Education, Evaluation, Accountability, and Reporting
Executive Summary
Corporate governance reforms in the past two decades, including the Sarbanes–Oxley Act of 2002 (SOX), the Dodd–Frank (DOF) Act of 2010, and the Securities and Exchange Commission (SEC)–related implementation rules and listing standards, underscore the importance of the audit committee, evaluation accountability, and due diligence. These reforms have emphasized the importance of the company’s board of directors and its board committees, including the audit committee, to demonstrate a high level of due diligence, accountability, and professionalism. Audit committee accountability should reflect the audit committee’s commitment to proper education, training, due diligence, periodic performance evaluation, and continuing professional education to assess the audit committee’s effectiveness. This chapter presents educational and training requirements as well as audit committee reports, performance evaluations of individual audit committee members, and the assessment of the effectiveness of the audit committee as a whole.
Introduction
The existence and persistence of financial statement fraud in high-profile companies and their reported earnings restatements, along with the wave of financial scandals at the turn of the 21st century and the 2007–2009 global financial crisis, have eroded public confidence in corporate governance including audit committee responsibilities and accountability. Regulatory reforms such as SOX endorse the principle that a properly constituted, diligently functioning, and professionally accountable audit committee can improve the effectiveness of corporate governance and reliability of financial reports and credibility of the audit function. The effectiveness of audit committees in fulfilling their nine oversight functions depends on their due diligence and accountability. The audit committee and its members should be periodically evaluated by the board of directors to ensure their effectiveness and accountability. The audit committee can also conduct a periodic self-evaluation, preferably annually, to evaluate its performance and oversight effectiveness. The remainder of this chapter presents guiding principles for the audit committee’s accountability, training, continuing education, and evaluation.
Audit Committee Accountability
The SEC, in January 2000, adopted rules to improve audit committee disclosures, primarily based on the recommendation of the Blue Ribbon Committee (BRC).1 These rules require that: (1) proxy statements include certain disclosures from and about audit committees, including their independence; (2) the audit committee report should state whether the audit committee should recommend to the company’s board of directors that the audited financial statements should be included in the annual reports Form 10-K or Form 10-KSB for the last fiscal year; and (3) the company’s proxy statement show whether its board of directors has developed an audit committee charter and that it be included with the proxy statements at least once every three years or in the interim if significant changes are made. Exhibit 1.1 summarizes GE’s audit committee charter with the specifics, purpose, membership, meetings, responsibilities, and duties of a typical audit committee of public companies.
Exhibit 1.1
General Electric Company audit committee charter
1. To meet to review and discuss with management and the independent auditor the annual audited financial statements and quarterly financial statements.
2. To discuss with management and the independent auditor prior to their release to the public, earnings press releases and financial presentations provided to analysts and rating agencies.
3. To select the independent auditor to examine the Company’s accounts, controls, and financial statements. The committee shall have the sole authority and responsibility to select, evaluate, compensate, and oversee the work of any registered public accounting firm engaged for the purpose of preparing or issuing an audit report or performing other audit, review, or attest services for the Company.
4. To discuss with management and the independent auditor, as appropriate, any audit problems or difficulties and management’s response.
5. As required by NYSE listing requirements, to discuss with management the Company’s risk assessment and risk management practices, guidelines, policies, and processes.
6. To oversee the risk policies and processes relating to financial statements, financial systems, financial reporting processes, compliance and auditing, and allowance for loan and lease losses, as well as the guidelines, policies, and processes for monitoring and mitigating such risks.
7. To oversee the Company’s financial reporting activities, including our annual report, and accounting standards and principles, significant changes in such standards or principles or in their application and the key accounting decisions affecting the Company’s financial statements.
8. To review and approve the internal corporate audit staff and GE Capital internal audit staff functions, including: (1) purpose, authority, and organizational reporting lines; (2) annual audit plan, budget and staffing; and (3) concurrence in the appointment, compensation, and rotation of the vice president—corporate audit staff.
9. To review, with the chief financial officer, the vice president—corporate audit staff, the chief GE Capital audit executive, or such others as the committee deems appropriate, the Company’s internal system of audit and financial controls and the results of internal audits.
10. To obtain and review at least annually a formal written report from the independent auditor delineating: the auditing firm’s internal quality control procedures; the auditing firm’s independence; and any material issues raised within the preceding five years by the auditing firm’s internal quality control reviews, by peer reviews of the firm, or by any governmental or other inquiry or investigation relating to any audit conducted by the firm.
11. To prepare and publish an annual committee report in the Company’s proxy statement.
12. To set policies for hiring employees (current or former) of the Company’s independent auditor.
13. To review and investigate any matters pertaining to the integrity of management or adherence to standards of business conduct as required in the policies of the Company.
14. To establish and oversee procedures for the receipt, retention, and treatment of complaints, as well as for confidential, anonymous submissions by Company employees.
15. The committee shall meet separately at least quarterly with management, the vice president—corporate audit staff, the GE Capital CAO, and the Company’s independent auditors.
16. To oversee the Company’s cybersecurity program and cyber strategy–related risks. The committee shall review, at least annually, the Company’s cybersecurity program and shall receive frequent updates on cyber and product security.
17. The committee shall have the authority to delegate any of its responsibilities to subcommittees so long as at least one member of the subcommittee shall be a financial expert.
18. The committee shall have authority to retain such outside counsel, experts, and other advisors as the committee may deem appropriate in its sole discretion.
19. The committee shall report its actions and any recommendations to the board after each committee meeting and shall conduct an annual performance evaluation of the committee. The committee shall review at least annually the adequacy of this charter and recommend any proposed changes to the board for approval.
Source: Adapted from General Electric 2016 Audit Committee Charter. Available at: www.ge.com/sites/default/files/AC_charter.pdf
To effectively discharge its accountability function, the audit committee must spend adequate time and pay attention to all nine oversight functions. McCarthy and Duffy of KPMG’s Audit Committee Institute2 argue that audit committees typically spend most of their attention on financial reporting issues, but most members also prefer to spend significant agenda time on: (1) information technology (IT) risk and emerging technologies; (2) risk management; (3) corporate strategy; and (4) the impact of public policy initiatives. IT risk and emerging technologies are issues very frequently cited by members as an area to which they want to devote more agenda time. Very few committee members believe that their company’s strategic planning process is effective in dealing with the rapid pace of technology changes and innovations. Because of the financial, legal, reputational, and strategic issues posed by information technology, IT risk and data governance are becoming big agenda items.
Second, risk management systems are typically described by committee members as needing significant work. Audit committees want to spend more time on risk management because of concerns involving crisis readiness and response, supply chain issues, and systemic risk. Third, growth plans, strategy, and innovation risks are also generating requests for more agenda time at committee meetings. As companies search for growth through various means (e.g., Mergers & Acquisitions, new services, etc.), many committee members are concerned that the company has not effectively identified risks from its growth plans and properly implemented controls to monitor those plans. Lastly, the impact of public policy initiatives on compliance, controls, risk, and reporting is another area on which committee members prefer to spend significant agenda time. Business planning has become difficult and compliance has become challenging because of many uncertainties related to the following: energy initiatives, financial services regulation, health care and tax reform, and the impact of fiscal crisis. Through all of this, a major challenge for companies will be staying focused on the business and the pursuit of performance.
The 2011 report of the Audit Committee Institute suggests that to effectively discharge its accountability, the audit committee should engage and perform the following 10 to-do items3:
• Stay focused on the audit committee’s top priority: financial reporting and related internal control risk.
• Continue to monitor accounting judgments and estimates, and prepare for accounting changes.
• Consider whether the financial statements and disclosures tell the company’s story.
• Focus on the company’s plans to grow and innovate.
• Reassess the company’s vulnerability to business interruption, as well as its crisis readiness.
• Understand how technology changes and innovation are transforming the business landscape and impacting the company.
• Focus on asymmetric information risk and seek out dissenting views.
• Consider the impact of the regulatory environment on compliance programs and business plans.
• Understand the company’s significant tax risks and how they are being managed and modeled.
• Monitor the initiatives of the Public Company Accounting Oversight Board (PCAOB) on auditor independence and transparency, and consider the implications for the audit committee.
Education and Training of Audit Committees
Audit committee members have often been criticized for not devoting adequate time to their oversight functions, instead relying too much on management as well as internal and external auditors to provide them with the necessary information to fulfill their duties, and not being well-informed enough to understand the complexity and risk of financial reports. Audit committee members should evaluate individually and collectively whether they hav...