Assessment Questions for Audit Committees to Consider

Assessment Questions for Audit Committees to Consider
Assessment Questions for Audit Committees to Consider

(Offered in Conjunction With Protiviti’s The Bulletin, “Setting the 2020 Audit Committee Agenda”[1])

When the audit committee undertakes an assessment of its composition, charter, agenda and focus, it may want to consider the following questions in light of the company’s industry, circumstances, risks, financial reporting issues and the current challenges it may be facing. These questions are intended to be illustrative and do not purport to cover every topic the committee should consider nor are they intended to apply to every single audit committee. They should be customised to the committee’s assessment objectives and specific needs and situation.

Committee Composition and Dynamics:

  • Do all members of the committee meet the applicable independence requirements? For example, committee members cannot receive additional compensatory income outside of director fees, have family members serving in senior executive positions, or be affiliated with the company, its subsidiaries or the independent auditor.
  • Do committee members have the requisite business and leadership experience?
  • Is the committee’s composition sufficiently diverse to oversee the financial reporting process, expanded emphasis on disclosing nonfinancial information to investors, and other relevant issues germane to the committee’s chartered activities? To that end: 
    • Are all members of the committee financially literate (e.g., are they capable of reading and understanding the financial statements)?
    • Is at least one audit committee member an expert in financial reporting matters germane to the issues that the company faces? 
    • Are committee members, including the chair, periodically rotated to encourage fresh perspectives in discharging the committee’s responsibilities?
  • Are the frequency and duration of committee meetings sufficient to permit active discussions with management and other executives?
  • Does the committee engage independent advisers when they are needed?
  • Does the committee coordinate its activities with other board committees?

Committee Charter and Agenda:

  • Does the committee review and approve the charter and align its activities with a calendar that incorporates required activities and allows flexibility to cover additional topics?
  • Are the committee charter and agenda focused on the issues most likely to affect the quality of financial and other information reported?
  • Are meeting agendas developed in consultation with management and the external auditor?
  • Are committee meeting materials and agendas aligned with priority areas?

Oversight of Internal Controls and Financial Reporting:

  • Do committee members understand the key controls and reporting risk areas identified by management, the internal auditors and the independent auditor?
  • Does the committee focus its oversight on understanding the high-risk and complex accounting and reporting areas and how management addresses them, particularly areas involving significant judgment and estimates and their financial statement impact?
  • Does the committee understand the issues raised in comment letters received from the U.S. Securities and Exchange Commission (SEC) and management’s planned response?
  • Does the committee stay abreast of pending financial reporting and regulatory developments and understand how they may affect the company? For example, does it consider the nature of SEC comment letters being issued to companies in the industry?
  • Does the committee give adequate attention to overseeing the following areas:
    • The financial reporting process, including reviewing annual and quarterly financial statements and earnings releases (including management’s discussion and analysis, information, guidance provided to analysts and rating agencies, and pro forma or “adjusted” non-GAAP information)?
    • Critical accounting policies, quality of management judgments and estimates impacting the financial statements, and written communications between external and internal auditors and management?
    • Implementation of the new accounting standards?
    • Management’s purpose for reporting non-GAAP and other key operational measures in public reports and the disclosure controls and procedures for ensuring their accuracy and consistency with prior periods?
  • Is the committee satisfied that:
    • Appropriate financial reporting controls and disclosure controls and procedures are in place?
    • It is being notified of any significant deficiencies and material weaknesses on a timely basis and is being kept informed of steps taken along the timetable for remediation?
    • It is notified promptly of significant compliance issues and briefed regularly on the status of outstanding unresolved matters?

Oversight of the External Auditor:

Does the committee give adequate attention to overseeing the following areas:

  • Hiring, retention, performance and compensation of the external auditor, including preapproval of non-audit services to be provided by the auditor?
  • Approving policies on hiring personnel from the external auditor (with an appropriate cooling-off period)?
  • Setting the tone for the company’s relationship with the external auditor in preserving auditor objectivity, in part, through direct oversight of the audit relationship and overseeing the auditor’s independence?
  • Meeting periodically with the lead audit partner(s) and the specialists (e.g., tax, IT, valuation, actuarial) who contribute to the audit process and, when necessary, engaging in dialogue outside of formal meetings?
  • Defining expectations regarding the nature and method of communication from the auditor, particularly regarding critical audit matters?

Risk Oversight:

  • Does the audit committee understand the company’s risk profile and discuss with management the company’s policies related to risk assessment and risk management?
  • If the audit committee takes on only those risk oversight responsibilities that address the risks inherent in the committee’s chartered activities (e.g., financial reporting, fraud, reputation, and certain compliance, technology and other risks), does it collaborate with other board committees and the full board to ensure that significant risks are not overlooked by the board in its risk oversight?
  • If the board delegates its risk oversight responsibilities to the audit committee, is the committee able to devote sufficient time to the risk oversight process as well as discharge its other responsibilities? Does the committee:
    • Give sufficient time to monitoring the strength of the company’s risk governance and culture?
    • Periodically review management’s assessment of the top risks, including the assignment of members of management who own each risk and the board committee responsible for overseeing each risk?
    • Ensure that management has in place a reasonable information and reporting system with regard to the critical enterprise risks, including compliance matters, that warrant attention and that the committee is privy to its insights from time to time?
    • Work with the compensation committee to understand the implications of existing incentive compensation plans to the undertaking of risk?
  • Regardless of the scope of risk oversight, as designated by the full board, are committee members satisfied that they:
    • Understand the business, technology and other risks that could affect financial and public reporting?
    • Receive appropriate overviews from business leaders concerning matters germane to financial risks and other factors influencing the financial statements?
    • Are able to articulate the company’s financial risk storyline to stakeholders?

Business Context:

Does the audit committee have a strong business context to discharge its responsibilities effectively? For example, does it consider:

  • Changes in the business environment that can result in changes in competitive pressures and different financial reporting risks?
  • Significant and rapid expansion of operations that can strain the control environment and increase the risk of a controls breakdown?
  • Changes in the control environment, including tone at the top, that could affect its overall effectiveness?
  • New business models, products or activities that may introduce new risks associated with financial reporting?
  • New accounting pronouncements and tax regulations?
  • Other relevant aspects of the current business environment that present change from the prior year?

Corporate Culture:

Unless responsibility is delegated to one or more other board committees, does the committee oversee:

  • The organisation’s ethics and legal compliance policies, including its code of conduct and tone at the top set by management regarding ethical and responsible business behavior?
  • The adequacy of the company’s confidential, anonymous hotlines and other procedures for handling complaints and employee concerns on accounting, financial reporting, internal control, auditing and code of conduct matters, and compliance with applicable laws, regulations and internal policies?
  • The initiation of internal and independent investigations on matters within the committee’s scope of responsibilities?
  • The handling of management’s override of established controls and waivers of conflict of interest policies, including the risk mitigation and control mechanisms in place?

Executive Sessions:

  • Are audit committee meetings preceded or followed by private sessions with the CFO, CAE and critical second line functions (e.g., CRO, CCEO, EH&S) and the independent auditor?
  • Does the committee meet in executive session for its members to discuss:
    • Issues of concern, how the meeting went and agenda topics to cover in future meetings?
    • Evaluation of the CFO and other finance executives?
    • Evaluation of the CAE?

Oversight of the Finance Organisation:

Does the committee:

  • Discuss succession planning for the CFO and finance organisation, including the function’s bench strength (with the CEO and CFO)?
  • Understand finance’s process for early identification and resolution of accounting and other issues?
  • Understand finance’s plans to address new accounting and reporting requirements and the related risks?
  • Provide input into the finance organisation’s goal-setting process?

Oversight of Internal Audit:

Does the committee:

  • Ensure that the CAE has direct reporting access to it?
  • Play an active role in determining the highest and best use of internal audit, as well as the appropriate structure of the group (e.g., in-house versus outsourced resources)?
  • Have transparency into internal audit’s risk assessment and audit plans, including activities and objectives with respect to internal control over financial reporting
  • Understand internal audit staffing, funding and succession planning, particularly the sufficiency of resources to deliver on the audit plan?

Committee Effectiveness:

  • Prior to reporting on its activities to the full board and/or to shareholders, is the committee satisfied with the process in place to ensure that all matters included in the committee charter are covered sufficiently by its activities over the reporting period?
  • Do committee members have the time to do their jobs effectively and fulfill the responsibilities specified by the charter?
  • Does the committee serve as an advocate for financial reporting in working with other board committees to monitor the execution of corporate initiatives, such as cost-reduction plans, so that they are not unintentionally implemented in ways that would compromise management’s ability to fulfill its financial reporting responsibilities?
  • Regarding committee meetings:
    • Are briefings and other materials distributed well in advance?
    • Do reports include executive summaries that highlight issues and critical discussion points to allow for discussion (versus presentation) during meetings?
    • Do meetings allow open and candid discussions among attendees?
    • Are committee members satisfied their time and input are maximised during meetings?
  • If a member serves simultaneously on multiple audit committees (say, for more than three public companies), has the board considered whether that individual is able to devote sufficient time and attention to the items on the company’s audit committee agenda?
  • At least annually, does the committee:
    • Perform a robust self-assessment, and are the results discussed with committee members in executive session and plans developed to implement improvements?
    • Review its responsibilities to ensure that its workload is manageable?

Member Orientation and Education:

Does the committee:

  • Ensure that new members receive orientation with an emphasis on the committee’s chartered responsibilities, agenda and focus, the company’s business, and the most significant accounting and reporting issues?
  • Include educational topics on the agenda periodically (e.g., topics may include a “deep dive” into a specific area of the business and the related risks or a refresher in a significant accounting area)?
  • Address board education requirements in accordance with the company’s corporate governance guidelines and consistent with applicable listing standards?

 [1]  “Setting the 2020 Audit Committee Agenda,” The Bulletin, Volume 7, Issue 5, Protiviti, December 2019.

 

Click here to access all series