Assessment Questions for Audit Committees to Consider

Assessment Questions for Audit Committees to Consider
Assessment Questions for Audit Committees to Consider

(Offered in Conjunction With Protiviti’s The Bulletin, “Setting the 2021 Audit Committee Agenda”[1])

To assist audit committees in their assessments of composition, agenda and focus, we have provided illustrative questions to consider in view of the company’s industry, circumstances, risks, financial reporting issues and current challenges. These questions are intended to be illustrative and do not purport to cover every topic the audit committee should consider, nor are they intended to be a one-size-fits-all list. Accordingly, audit committees should customize these questions to meet their specific needs and assessment focus. The questions also should be used in conjunction with the agenda items suggested in Protiviti’s The Bulletin, “Setting the 2021 Audit Committee Agenda.”

Committee Composition and Dynamics:

  • Do all members of the committee meet the applicable independence requirements? For example, committee members cannot receive additional compensatory income outside of director fees, have family members serving in senior executive positions, or be affiliated with the company, its subsidiaries or the independent auditor.
  • Do committee members have the requisite business and leadership experience and is the committee’s composition sufficiently diverse to oversee the financial reporting process, expanded emphasis on disclosing nonfinancial information to investors and other relevant issues germane to the committee’s chartered activities?
    • Are all members of the committee financially literate (e.g., are they capable of reading and understanding the financial statements)?
    • Is at least one audit committee member an expert in financial reporting matters germane to the issues the company faces?
  • Are committee members, including the chair, rotated periodically to encourage fresh perspectives in discharging the committee’s responsibilities?
  • Are the frequency and duration of committee meetings sufficient to permit active discussions with management and other executives?
  • Does the committee engage independent advisers when needed?
  • Does the committee coordinate its activities with other board committees?

Committee Charter and Agenda:

  • Does the committee review and approve the charter and align its activities with the charter using a calendar that incorporates required activities and allows flexibility to cover additional topics?
  • Are the committee charter and agenda focused on the issues most likely to affect the quality of financial and other information reported?
  • Are meeting agendas developed in consultation with management and the external auditor?
  • Are committee meeting materials and agendas aligned with priority areas?

Oversight of Internal Controls and Financial Reporting:

  • Do committee members have a general understanding of the processes for identifying key controls over financial reporting and reporting risk areas, as used by management, the internal auditors and the independent auditor? Are these processes aligned?
  • Does the committee focus its oversight on understanding high-risk and complex accounting and reporting areas and how management addresses them, particularly areas involving significant judgments and management estimates and their financial statement impact?
  • Does the committee have transparency into and understand significant issues raised in comment letters the company receives from the U.S. Securities and Exchange Commission (SEC) as well as management’s planned response?
  • Does the committee stay abreast of pending financial reporting and regulatory developments and understand how they may affect the company? For example, does it consider the nature of SEC comment letters being issued to companies in the industry?
  • Does the committee stay abreast of pending financial reporting and regulatory developments and understand how they may affect the company? For example, does it consider the nature of SEC comment letters issued to companies in the industry?
  • Does the committee give adequate attention to overseeing the following areas:
    • The financial reporting process, including reviewing annual and quarterly financial statements, earnings releases (including management’s discussion and analysis, information and guidance provided to analysts and rating agencies, and pro forma or “adjusted” non-GAAP [generally accepted accounting principles] information in releases)?
    • Critical accounting policies, quality of management judgments and estimates impacting the financial statements, and written communications between external and internal auditors and management?
    • Implementation of the new accounting standards?
    • Management’s purpose for reporting non-GAAP and other key operational measures in public reports and the disclosure controls and procedures for ensuring their accuracy and consistency with prior periods?
  • Is the committee satisfied that:
    • Appropriate financial reporting controls and disclosure controls and procedures are in place?
    • It is being notified of any significant deficiencies and material weaknesses on a timely basis and kept informed of steps taken along the timetable for correction?
    • It is notified promptly of significant compliance issues and briefed regularly on the status of outstanding issues?

Oversight of the External Auditor:

Does the committee give adequate attention to overseeing the following areas:

  • Hiring, retention, performance and compensation of the external auditor, including pre-approval of non-audit services to be provided by the auditor?
  • Approving policies on hiring personnel from the external auditor (with an appropriate cooling-off period)?
  • Setting the tone for the company’s relationship with the external auditor in preserving auditor objectivity, in part, through direct oversight of the audit relationship and overseeing the auditor’s independence?
  • Meeting periodically with the lead audit partner(s) and the specialists (e.g., tax, IT, valuation, actuarial) who contribute to the audit process and engaging in dialogue outside of formal committee meetings when necessary?
  • Defining expectations regarding the nature and method of communication from the auditor, particularly critical audit matters (CAMs)?

Risk Oversight:

  • Does the audit committee understand the company’s risk profile and discuss with management the company’s policies related to risk assessment and risk management?
  • If the audit committee takes on only those risk oversight responsibilities that address the risks inherent in the committee’s chartered activities (e.g., financial reporting, fraud, reputation, and certain compliance, certain technology and other risks), does it collaborate with other board committees and the full board to ensure significant risks are not overlooked by the board in conjunction with its overall risk oversight process?
  • If the board delegates its risk oversight responsibilities to the audit committee, is the committee able to devote sufficient time to the risk oversight process as well as to its other responsibilities? Does the committee:
    • Give sufficient time to monitoring the strength of the company’s risk governance and culture?
    • Periodically review management’s assessment of the top risks, including the member of the management team who owns each risk and the board committee responsible to oversee each risk?
    • Ensure that management has in place a reasonable information and reporting system with regard to the critical enterprise risks that warrant attention and that the committee is privy to insights derived from that system on a timely basis?
    • Work with the compensation committee to understand the implications of existing incentive compensation plans to the undertaking of risk?
  • Regardless of the scope of risk oversight, as designated by the full board, are committee members satisfied that they:
    • Understand the business, technology and other risks that could affect financial and public reporting?
    • Receive appropriate overviews from leaders in the business concerning matters germane to financial risks and other factors influencing the financial statements?
    • Are able to articulate the company’s financial risk storyline to stakeholders?

Business Context:

Does the audit committee have a strong business context to discharge its responsibilities effectively? For example, does it consider:

  • Changes and trends in the operating environment that can result in changes in competitive pressures and different financial reporting risks?
  • Significant and rapid expansion of operations or unusual disruptions that can strain the control environment and increase the risk of a breakdown in key controls?
  • Changes in the control environment, including tone at the top, that could affect its overall effectiveness?
  • New business models, products or activities that may introduce new risks associated with financial reporting?
  • New accounting pronouncements and tax regulations?
  • The company’s reporting on environmental, social and governance (ESG) matters, at least to the extent that such matters have financial reporting implications (e.g., noncompliance with environmental regulations and employee safety issues can lead to significant fines and other loss contingencies in addition to brand-eroding headlines in the media)?
  • Whether the company’s sustainability representations are consistent with assertions made in the financial statements?
  • Coordinating with other board committees to ensure the full board is able to oversee the company’s sustainability strategy and reporting?
  • Other relevant aspects of the current business environment that present change from the prior year?

Corporate Culture:

Unless responsibility is delegated to one or more other board committees, does the audit committee oversee:

  • The organization’s ethics and legal compliance policies, including its code of conduct and tone at the top set by management regarding ethical and responsible business behavior?
  • The adequacy of the organization’s confidential, anonymous hotlines and other procedures for handling complaints and employee concerns on accounting, financial reporting, internal control, auditing and code of conduct matters, and compliance with applicable laws, regulations and internal policies?
  • The initiation of internal and independent investigations on matters within the committee’s scope of responsibilities?
  • The handling of management’s override of established controls and waivers of conflicts of interest policies, including the risk mitigation and control mechanisms in place?

Executive Sessions:

  • Are audit committee meetings preceded or followed by private sessions with the chief financial officer (CFO), the chief audit executive (CAE) and the independent auditor?
  • Does the committee meet in executive session for its members to discuss:
    • Issues of concern, how the meeting went and agenda topics to cover in future meetings
    • Evaluation of the CFO and other finance executives?
    • Evaluation of the CAE?
    • Succession plans for the finance organization (with the CEO and CFO)?

Oversight of the Finance Organization:

Does the committee:

  • Discuss succession planning for the CFO and finance staff, including the function’s bench strength?
  • Understand finance’s process for early identification and resolution of accounting and other issues?
  • Understand plans to address new accounting and reporting requirements and related risks?
  • Provide input into the finance organization’s goal-setting process?

Oversight of Internal Audit:

Does the committee:

  • Ensure that the CAE has direct reporting access to it?
  • Play an active role in determining the highest and best use of internal audit, as well as the appropriate structure of the group (e.g., in-house versus outsourced resources)?
  • Have transparency into the internal audit risk assessment and audit plans, including activities and objectives regarding internal control over financial reporting?
  • Understand internal audit staffing, funding and succession planning, particularly the adequacy of resources to deliver on the audit plan?

Committee Effectiveness:

  • Prior to reporting on its activities to the full board and/or shareholders, is the committee satisfied a process is in place to ensure all matters in the committee’s charter have been covered sufficiently by its activities?
  • Do committee members have the time to do their jobs effectively and fulfill the responsibilities specified by the charter?
  • Does the committee serve as an advocate for financial reporting in working with other board committees to monitor execution of corporate initiatives, such as cost-reduction plans, so that they are not unintentionally implemented in ways that would compromise management meeting its financial reporting responsibilities?
  • Regarding committee meetings:
    • Are briefing and other materials distributed well in advance?
    • Do reports include executive summaries that highlight issues and critical discussion points to allow for discussion (versus presentation) during meetings?
    • Do meetings allow open and candid discussions among attendees?
    • If a member serves simultaneously on multiple audit committees (say, for more than three public companies), has the board considered whether that individual can devote sufficient time and attention to the items on the company’s audit committee agenda?
    • At least annually, does the committee:
      • Perform a robust self-assessment? And are the results discussed with committee members in executive session and plans developed to implement improvements?
      • Review its responsibilities to ensure its workload is manageable?

Member Orientation and Education:

Does the committee:

  • Ensure new members receive an orientation that focuses them on the committee’s chartered responsibilities, agenda and focus, the company’s business, and the most significant accounting and reporting issues?
  • Include educational topics on the agenda periodically (e.g., a deep dive on a specific area of the business and related risks or a refresher in a significant accounting area)?
  • Address board education requirements in accordance with the company’s corporate governance guidelines and consistent with applicable listing standards?

 [1]  “Setting the 2021 Audit Committee Agenda,” The Bulletin, Volume 7, Issue 9, December 2020, Protiviti.


Click here to access all series