September 9, 2019
By: Laura Leka , Technical Manager, Global Accountancy Profession Support, IFAC and Laurie Tugman, IFAC PAIB Committee Member
Corporate failures and scandals across countries, including the recent collapses of Carillion, Patisserie Valerie and London Capital & Finance in the UK, failings in South Africa’s state-owned entities Transnet, Eskom, and South African Airways, and the 1MDB scandal in Malaysia to name a few, have all focused political and regulatory attention on the audit profession and also exposed serious corporate governance failings.
The result is increased debate globally on audit and governance regulatory reform.
Companies do not fail because of poor quality audits. An audit is designed to enhance confidence in financial reporting, but it does not relieve management or those charged with governance of their responsibilities. Ultimately, corporate failures and the resulting impacts on financial statements are consequences of poor governance and decisions.
Effective governance is underpinned by purpose, vision, values and ethics, that are reflected in the behaviors and actions of the board and management team and cascaded throughout the organization. The board in conjunction with management is responsible for setting the tone at the top, shaping the culture of the organization, and setting strategic direction. Organizations need to be proactive in driving improvements in their governance beyond adherence only to minimum requirements.
The board has ultimate responsibility for the integrity and accuracy of the company’s financial reporting, which includes ensuring implementation of internal controls over financial reporting, adoption of appropriate accounting policies, and appointment and oversight of independent external auditors. These responsibilities are often delegated by the board to its audit committee. But this delegation does not absolve the board of its obligations and accountability to shareholders and other stakeholders.
IFAC strongly supports efforts to strengthen and clarify the roles of boards and audit committees in exercising oversight of the statutory audit and financial reporting processes led by management, including addressing perceptions that audit committees are not sufficiently independent of management, or that there is insufficient communication from the audit committee to shareholders.
Effective audit committees are a critical part of delivering trust and confidence in reporting and risk management. However, globally audit committee responsibilities are widening beyond their core financial reporting oversight responsibilities, putting them under increasing pressure both in terms of time and expertise to oversee the major risks on their agendas in addition to fulfilling their core mandates.
Often if the board is not directly dealing with a matter or there isn’t another appropriate committee, by default whatever is left over falls to the audit committee to oversee: for example, cyber security and other technology related matters, as well as risk management beyond financial risk.
Audit committee responsibilities vary widely across jurisdictions, sectors and between companies. It is important to recognize that there is no one-size-fits-all model for audit committees and therefore enhancing their effectiveness will be more dependent on adoption of good practices rather than further prescriptive legislation or additional regulatory scrutiny.
With the input of IFAC’s Professional Accountants in Business (PAIB) Committee we have been exploring ways to enhance audit committee effectiveness and have identified five key factors:
1. Audit committee transparency
Increased transparency on how an audit committee has discharged its duties is crucial and enables a more informed assessment of its performance and effectiveness.
Many corporate governance codes and regulations include requirements around audit committee disclosure. In addition, voluntary disclosures continue to grow, reflecting that audit committees are responding to evolving expectations of investors and other stakeholders.
But while audit committee reporting may be increasing, the usefulness of disclosures varies.
In the US the CAQ 2018 Audit Committee Transparency Barometer, a review of audit committee disclosures by S&P 500 companies, revealed increased disclosure around audit firm appointment, length of audit firm engagement, change in audit fees, and criteria used to evaluate the audit firm. However, decreased disclosure was found around key questions such as:
· Is there a discussion of audit fees and their connection to audit quality? 5% of companies included this, representing a continued downward trend since 2014 when 13% included this discussion
· Is there a disclosure of significant areas addressed with the auditor? 0% included this vs 3% in 2014.
For audit committee reporting to be meaningful, there needs to be strong and candid disclosure of the audit committee’s work and key areas of its agenda and discussions. Such disclosure should provide insights on the significant issues the audit committee considered in relation to the financial statements, and how these issues were addressed.
If enhanced reporting by auditors through disclosure of key audit matters is mirrored by the audit committee in their own reporting, this could drive improved audit committee disclosure. It would be unusual for the audit committee not to give their perspective on an issue that the auditor considers a key audit matter. Analysis of audit committee reporting in the UK, shows how disclosure on material financial reporting risk is strongly aligned to auditor reporting on key audit matters.
2. Effective communication
The importance of effective communication flows to and from the audit committee cannot be overstated. This includes written and in person, formal and informal, communication with management, internal and external audit, the CFO and finance function, and the board.
For support in its oversight role, the audit committee relies on:
· Meaningful insight from management on emerging risks on the horizon and focused updates on what is happening in the business, moving beyond the basics of what they do to focus on specific challenges, risks and opportunities
· Concise and understandable meeting materials from management, the CFO and finance function, as well as internal and external audit. The volume of materials an audit committee must review can become unmanageable. Written information presented to the audit committee needs to communicate only the most important and relevant information for their attention
· Unrestricted access to the auditors without management present, as well as ongoing dialogue with the auditors outside of the audit window, to deal with issues on an ongoing basis and not just at the time of the audit
· Informal communication with management and the CFO between audit committee meetings
· Direct access to teams and departments, including those outside of finance, when appropriate (and ensuring the audit committee does not overstep its governance role).
The audit committee also needs to communicate with the board how it has discharged its responsibilities. It is not enough for the board to simply ‘rubber stamp’ reports from the audit committee; there needs to be full discussion and deliberation on key aspects of the audit committee’s work and any significant issues they have identified that warrant the full board’s attention.
3. Committee composition – including appropriate skills, competencies and expertise
Ensuring the right composition of the audit committee is vital but can be challenging. Requirements vary across jurisdictions, but generally there must be at least one member who is financially literate. This can put a huge burden on one individual if they are the only person on the audit committee to have financial reporting and accounting expertise.
Diversity of experience, perspectives and expertise, as well as industry knowledge are also extremely important, particularly given the widening mandates of audit committees beyond financial reporting oversight.
Audit committee members need continuing development and education to help them keep up-to-date on current issues. But often there is no formal education for audit committee members and even cases where audit committee members have never interacted with auditors prior to joining the audit committee.
Training programs, guidance and other support tools are essential to ensure the audit committee maintains knowledge of relevant developments in accounting and corporate reporting, as well as new technologies and their impact on the business and future of audit. Approaches to ensuring sustained expertise of the audit committee can be varied and include formal training and education, mentoring, and engagement with experts inside and outside the organization.
While the audit committee can rely on outside expertise, it is important that an effort is made to provide continuing professional education in order to understand emerging issues and develop an awareness of best practices.
4. How it gets its work done – efficient and effective ways of working
Audit committee mandates typically always widen, but nothing is generally removed. With increased workload along with increased complexity of risks on their agendas, audit committees need efficient and effective ways of working to ensure they can successfully discharge their oversight responsibilities.
Good practices include:
· Having well-defined terms of reference setting out a clear scope of responsibilities, which are widely understood by the audit committee members, as well as by others in the organization including the board, CFO and finance function
· Coordination between auditor, audit committee, and internal auditor to prevent duplicated effort, increased cost and poor effectiveness
· Appropriate frequency and efficiency of meetings with focused agendas that allow sufficient time and attention for in-depth discussion on critical areas, as well as flexibility to add additional items as they arise
· Producing short summaries to circulate to audit committee members in advance of meetings outlining key areas of focus for discussion
· Holding a call or prep meeting between the audit committee chair and the auditor before each audit committee meeting.
5. Strength of the finance function
The finance function is responsible for producing reliable and auditable information for external disclosure. The strength of the finance function is therefore critical in supporting the oversight role of the audit committee, which can be severely inhibited by a weak finance function that lacks capacity, expertise or effective CFO leadership.
Considerations for the audit committee include whether the finance function is appropriately staffed and resourced, has suitably qualified people in key positions, as well as whether it has support for its continued development.
The audit committee also needs to consider whether they should have a role in appointment of key finance staff and finance function succession planning. The EY UK report Appointing CFOs for a rapidly changing world: the role of the Audit Committee suggests that “When it comes to appointing a new CFO, the audit committee chair should be an integral part of the interview process.” Indeed, “It’s a brave CEO who vetoes the audit committee chair’s recommendation.”
Much of the transactional work of the finance function including preparation of the financial statements is being enabled by technology, giving the finance function opportunities to improve its productivity, efficiency and effectiveness, and focus its attention on other value adding activities. To meet the future needs and demands of business, finance functions must transform themselves from technical support functions to business partners that enable and support decision making across their organizations.
To maximize the finance function’s value to the business, organizations need mechanisms in place to assess its effectiveness and support its development. Ultimately this responsibility lies with the board but may too be delegated to a committee of the board such as the audit committee.
In South Africa, which adopts a combined assurance model, the King IV Code on Corporate Governance recommends that the audit committee should provide independent oversight of the effectiveness of the organization’s combined assurance arrangements, including external assurance service providers, internal audit and the finance function. It also recommends that the audit committee discloses their views on the effectiveness of the CFO and finance function.