The primary purpose of a company’s audit committee is to provide oversight of the financial reporting process, the audit process, the company’s system of internal controls and compliance with laws and regulations.
The audit committee can expect to review significant accounting and reporting issues and recent professional and regulatory pronouncements to understand the potential impact on financial statements. An understanding of how management develops internal interim financial information is necessary to assess whether reports are complete and accurate.
The committee reviews the results of an audit with management and external auditors, including matters required to be communicated to the committee under generally accepted auditing standards. Controls over financial reporting, information technology security and operational matters fall under the purview of the committee.
The audit committee is responsible for the appointment, compensation and oversight of the work of the auditor. As such, CPAs report directly to the audit committee, not management.
Audit committees meet separately with external auditors to discuss matters that the committee or auditors believe should be discussed privately. The committee also reviews proposed audit approaches and handle coordination of the audit effort with internal audit staff. When an internal audit function exists, the committee will review and approve the audit plan, review staffing and organization of the function, and meet with internal auditors and management on a periodic basis to discuss matters of concern that may arise.
Audit committees must have authority over their own budgets and over external auditors. It is through these protections that investors will come to trust the financial reports released by companies.
While boards should seek members who can provide a diverse range of competent perspectives based on their experience and expertise, it is nevertheless imperative that board members are knowledgeable and conversant in the language of finance and accounting. This need is particularly acute for the audit committee.
Regulation
Effective April 2003 the Securities and Exchange Commission (SEC) adopted a rule directing the national securities exchanges and national securities associations to prohibit the listing of any security of an issuer that is not in compliance with the audit committee requirements mandated by the Sarbanes-Oxley Act of 2002. The requirements relate to:
- The independence of audit committee members;
- the audit committee's responsibility to select and oversee the issuer's independent accountant;
- Procedures for handling complaints regarding the issuer's accounting practices;
- The authority of the audit committee to engage advisors;
- Funding for the independent auditor and any outside advisors engaged by the audit committee.
The rule implements the requirements of Section 10A(m)(1) of the Securities Exchange Act of 1934, as added by Section 301 of the Sarbanes-Oxley Act of 2002. Under the rule, listed issuers must be in compliance with the new listing rules by the earlier of their first annual shareholders meeting after January 15, 2004, or October 31, 2004. Foreign private issuers and small business issuers will have additional time to comply.
In July 2015, the SEC voted to publish a concept release seeking public comment on audit committee disclosure requirements, focusing on the committee’s oversight of independent auditors. The SEC is interested in receiving information about the audit committee and auditor relationship and whether improvements can be made to enhance the information provided to investors about the audit committee’s responsibilities and activities.
“Effective audit committee oversight is essential to investor protection and the functioning of our capital markets,” said then SEC Chair Mary Jo White. “The way audit committees exercise their oversight of independent auditors has evolved and it is important to evaluate whether investors have the information they need to make informed decisions.”
In addition to seeking views about audit committee disclosures, the concept release invited comment on whether SEC disclosure requirements should be refined to provide more insight into the information the audit committee used and the factors it considered in overseeing the independent auditor. This includes considerations related to the process for appointing or retaining the auditor and the qualifications of the auditor and certain members of the engagement team, among others.
CFA Institute Viewpoint
All audit committee members should be independent. Independence is needed to prevent insiders from influencing the work and oversight of the committee and the work of the external auditors. Companies operating in specialist niches should have to meet the same audit committee disclosure and structure requirements as companies operating in more traditional markets. This is because companies in specialist niches are affected by the same conflicts and potential for accounting fraud as more traditional companies and therefore should meet the same independence and financial experts’ requirements as traditional companies. In cases where this is not feasible they should disclose such deficiencies to investors to alert them to the possibility of management influence on the audit committee.
Audit firms should use auditors with forensic audit backgrounds to assist in the audits and for training audit staff in identifying cases of intentional accounting errors and irregularities. Auditors should be able to identify earnings management or accounting irregularities, and thus, deter such activity.