Audit Committees

Charles Beelaerts addresses some of the issues surrounding the structure and operation of audit committees and their membership.

The roll and function of audit committees

In recent years the role and function of audit committees have been receiving much more attention – particularly from a corporate governance and risk management perspective. Audit committees are being asked to report across a broader range of topics which are more complex and technical than before. In addition, there is more and more expected of audit committees in terms of corporate behaviour and responsibility, and there is growing concern among directors who are members of audit committees about the escalation of their responsibilities.

Who should have an audit committee?

In Australia the Australian Securities Exchange (ASX) requires those companies that make up the S&P/ASX All Ordinaries Index to have an audit committee. As far as other listed entities goes, it is a case of “if not, why not”? That is if a listed company does not have an audit committee, it is required to explain why not.

Julie Young is member services manager and certifications co-ordinator at the Institute of Internal Auditors (IIA). In conjunction with AICD and the Audit and Assurance Standards Board, the IIA is updating the Audit Committees: Best Practice Guide: 2nd Edition. She says: “In an ideal world we would like all organisations to have an audit committee, but in practice, of course, it is not going to work for some organisations. At the moment you would look first at the top listed companies, but also at government departments, universities and professional bodies. It usually comes down to size, but in an ideal world everybody should be thinking of the audit committee or that type of function.”

Michael Coleman, chairman of KPMG’s Audit Committee Institute and also chairman of AICD’s Reporting Committee has similar views. “To be frank, any entity that is preparing financial statements that are going to be released into the marketplace would probably benefit from having an audit committee because of the fact that it is a subcommittee that has more time to focus on the issues surrounding financial reporting and compliance with internal controls and such like,” he says.

Coleman adds that at the government level, “most federal agencies require an audit committee, but whereas in the private sector audit committees are usually comprised of non-executive directors, typically in the public sector there is someone from outside the agency involved in the audit committee because their reporting responsibilities are different.”

Composition of the audit committee

It is generally agreed that an audit committee should be comprised of three or four members made up of non-executive directors. It is often important for the CEO and chief financial officer (CFO) of the organisation to attend meetings, as well as other experts from time to time, but these people should not be members of the committee.

Graham Ezzy, managing partner and head of Assurance and Advisory Business Services at Ernst & Young says: “For audit committees to be effective they need an appropriate composition so people with financial experience often come to mind. But members also need experience to deal with other topics. It is important that the audit committee encourages an open questioning culture. Our observation is that audit committees that spend a lot of their time asking management and the other experts to help them understand issues perform much more strongly than those that tend to stick to quite a rigid recipe of just receiving reports from experts. An open, questioning culture is important.”

David Meiklejohn is chairman of ANZ Bank’s and Coca-Cola Amatil’s audit committees and chairman of Paperlinx. He was previously CFO of AMCOR for 25 years and chairman of the audit committees of Western Mining and One Steel. He says: “All of the members of the audit committee should be financially literate, but they shouldn’t all be accountants. I think that an audit committee should comprise people other than accountants and lawyers because it is important to keep your feet on the ground in the audit committee and recognise that you are involved in the business and auditing its accounts. Otherwise you can get carried away with the governance responsibilities and lose track of what the business is all about.”

According to Meiklejohn there should be at least one financial expert on the audit committee, but “it is helpful to have individuals who have a broader business base and who can deal with business issues as well as the straight financial and legal issues.”

Audit committee agenda

As with other aspects of the audit committee, its agenda will depend on the size and nature of the organisation and the terms of reference of the audit committee. Meiklejohn says that you can have a straight audit committee or an audit and risk committee or an audit, risk and compliance committee. He continues: “Now smaller companies tend to have the last mentioned type of committee and this committee then is responsible not only for giving the comfort to the board regarding the accounts each year, ie that they give a true and fair view, but the committee also has to give comfort regarding compliance with auditing standards and attesting to the board that the company is in a position to pay its debts. If you add responsibility for risk as well, and that covers a whole range of risk, how do you then add compliance to it? The workload is very substantial.” He adds that at the ANZ the bank has separate audit, risk and corporate governance committees, but points out that the ANZ is a large organisation.

Ezzy says that in setting an agenda, audit committee members need to ask themselves whether risk management is embedded in the organisation and does everyone see that as part of their daily duties? Secondly, does the organisation have an open, forward thinking culture? He says: “The role of the audit committee in managing risk can be seen through two different lenses. The first one is the conformance lens which involves maintaining the organisation’s license to operate and making sure that everything is done well. The second lens is the performance lens which is helping the organisation create and articulate value. They’re the two key areas that I think audit committee members should be most focused on.”

The role of the internal and external auditors

Coleman says that the role of the internal auditor is heavily reliant on the terms of reference of the audit committee. He observes that: “Commonly the internal auditor is somebody who is employed within the organisation to help the organisation to be satisfied that they have the right level of controls to deal with matters that are important to them.”

However, the internal auditor is hired and fired by people within the organisation. Typically they report to the chairman of the audit committee in order to ensure that the internal auditor has a degree of independence. “Let’s say that the internal auditor finds out that the managing director is doing something inappropriate, then they have someone to talk to, to draw that particular matter to the board’s attention and that person is the chairman of the audit committee,” says Coleman.

According to Meiklejohn, there needs to be a sound, but arm’s length arrangement between the audit committee and the external auditor. “The audit committee relies heavily on the assurances of the external auditor, largely in relation to preparation of the half-year and annual accounts.” He adds that most organisations have a review of the half-yearly accounts and a full audit of the annual accounts – so it is critical that the relationship between the external auditor and the audit committee and management is a good one. It should not be antagonistic or anything other than co-operative. “As chair of audit committees, I maintain contact with both the internal and external auditors outside of the audit committee meetings. I have regular meetings with them and I am fully aware of what is going on and I work on the ‘no surprises’ basis,” Meiklejohn says.

Frequency of audit committee meetings

There is no standard ‘one size fits all’ time frame when it comes to scheduling audit committee meetings. Young says that the audit committee needs to meet as often as it thinks it is necessary to get the work done. Generally, this is going to be a reflection of the size and complexity of the organisation and the issues that it faces. For a committee starting from scratch it might need to meet every one or two months while with others, perhaps three times a year is sufficient. But it is up to the audit committee itself to decide.

Others agree although, if there was such a thing as a ‘rule-of-thumb’ with audit committee meetings, it would be four meetings a year. On this basis one meeting would cover the half-yearly review of accounts, one meeting would cover the full year audit, and the other two would cover governance-style issues, audit reports, and compliance matters. Meiklejohn says that the audit committee at Coca–Cola Amatil meets four times a year, but the audit committee at the ANZ, being a bank, meets seven times a year. However, regardless of how many times the audit committee meets, it carries a high workload for its members.

Objectives of the Audit Committee

The main objectives of an appropriately established and effective audit committee would usually include the following:

• Assisting the board of directors to discharge its responsibility to exercise due care, diligence and skill in relation to an entity’s:

1. reporting of financial information to users of financial reports
2. application of accounting policies
3. financial management
4. internal control system
5. risk management system
6. business policies and practices
7. protection of an entity’s assets
8. compliance with applicable laws, regulations, standards and best practice guidelines.

• Improving the credibility and objectivity of the accountability process (including financial reporting), especially where the role of the audit committee and its membership by independent non-executive directors is disclosed to shareholders and the public.
• Providing a formal forum for communication between the board of directors and senior financial management.
• Improving the efficiency of the board of directors by delegating tasks to the committee and thus allowing more time for issues to be discussed in sufficient depth.
• Improving the effectiveness of the internal and external audit functions and being a forum for improving communication between the board of directors and the internal and external auditors.
• Facilitating the maintenance of the independence of the external auditor.
• Providing a structured reporting line for internal audit and facilitating the maintenance of the objectivity of the internal auditor.
• Improving the quality of internal and external reporting of financial and non-financial information.
• Improving the correlation between related financial and non-financial information and reports.
• Strengthening the role and influence of non-executive directors.

Fostering an ethical culture throughout the entity.

Source: Australian Accounting Research Foundation, Institute of Internal Auditors Australia, Australian Institute of Company Directors, Audit Committees: Best Practice Guide: 2nd Edition