nidhi
DESCRIPTION
projectTRANSCRIPT
Audit Committee Effectiveness – Audit Committee Effectiveness – What Works BestWhat Works Best
Presentation by: Rahoul ChowdryGlobal Banking & Capital Markets Leader
Corporate Governance Program for Bank Directors of Indian Banks
16 December 2005, Mumbai
2
• 32% die of natural causes
• 30% die from cancer
• 25% die from heart disease
• 10% die from road and other accidents
• 2.5% die from insect and snake bites
• 0.5% are taken by crocs and sharks
Recent research shows that in Australia
3
• 32% die of old age
• 30% die from cancer
• 25% die from heart disease
• 10% die from road and other accidents
• 2.5% die from insect and snake bites
• 0.5% are taken by crocs and sharks
…….but no one has yet died from boredom listening to presentations
Recent research shows that in Australia
4
Agenda
I. Oversight responsibilities of Audit Committees
II. Relationships with:
- Management
- Internal Auditors
- External Auditors
III. Key to effectiveness
- Committee composition
- Training
- Meetings
- Charter & evaluations
5
I. Oversight responsibilities of Audit Committees
• Integrity of financial reporting
• People and culture
• Compliance and ethics
• Risk management
• Internal control and systems
6
Financial Reporting
• Committees need to
- Understand financial statements through discussion with management and external auditors
- Understand accounting policies
- Assess quality, not just reliability, of earnings
- Apply appropriate level of skepticism and ask probing questions
- Be comfortable with treatment of unusual/complex issues
7
Financial Reporting
• Other keys
- Review significant period-to-period changes and challenge sudden changes
- Recognize financial reporting areas most susceptible to fraud
- Maintain healthy skepticism when considering the risk of fraud―it is never zero
Understand any concerns raised by auditors
Revenue recognition
Expense classification
Accounting for business combinations
Provisions
Areas of judgement
Suspense / Clearing accounts
8
Narrative Reporting
• Review disclosures and consider consistency with financial statements
• Many specific disclosures required by regulators
• Leading audit committees focus on transparency―whether all significant developments are fully disclosed
10
People and Culture
• Capabilities, training of people
• Strong culture based on
- Integrity
- Transparency
- Meritocracy
- Consultative
- No fear
• Strong culture results in better internal control, a natural desire to “do the right thing” and fewer surprises
12
Codes of Conduct
• Many committees oversee compliance with code of conduct
- Review and approve code
- Ensure it is communicated to all employees and they attend training
- Understand program for monitoring code compliance and review reported violations and follow-up actions
• A similar approach should be taken to overseeing compliance with laws and regulations
13
Whistleblower and Complaint Hotlines
• For US listed companies audit committee must establish processes to receive complaints about accounting and auditing
• Complaints should be reported to the committee who should review remediation actions taken, ensuring they are timely, consistent, and appropriate
15
Risk Management
• Audit committees increasingly oversee risk management processes
• Committees can fully embrace this role by
- Understanding how risk management processes are tailored to company’s specific needs
- Probing whether the processes are ongoing—not just at a point in time
- Ensuring responsible individual has appropriate stature, expertise, and time
- Meeting periodically with chief risk officer
17
Internal Control – the 5 key components
Control Environment• Sets tone of organization – influencing control
consciousness of its people.• Factors include integrity, ethical values, competence,
authority, responsibility.• Foundation for all other components of control.
18
Internal Control – the 5 key components
Risk Assessment• Risk assessment is the identification
and analysis of relevant risks to achieving the entity’s objectives – forming the basis for determining control activities.
Control Environment• Sets tone of organization –
influencing control consciousness of its people.
• Factors include integrity, ethical values, competence, authority, responsibility.
• Foundation for all other components of control.
19
Internal Control – the 5 key components
Control Activities• Policies/procedures that ensure
management directives are carried out.
• Range of activities including approvals, authorizations, verifications, recommendations, performance reviews, asset security and segregation of duties.
Risk Assessment• Risk assessment is the identification
and analysis of relevant risks to achieving the entity’s objectives – forming the basis for determining control activities.
Control Environment• Sets tone of organization –
influencing control consciousness of its people.
• Factors include integrity, ethical values, competence, authority, responsibility.
• Foundation for all other components of control.
20
Internal Control – the 5 key components
Monitoring• Assessment of a control system’s
performance over time.• Combination of ongoing and
separate evaluation.• Management and supervisory
activities.• Internal audit activities.
Control Activities• Policies/procedures that ensure
management directives are carried out.
• Range of activities including approvals, authorizations, verifications, recommendations, performance reviews, asset security and segregation of duties.
Risk Assessment• Risk assessment is the identification
and analysis of relevant risks to achieving the entity’s objectives – forming the basis for determining control activities.
Control Environment• Sets tone of organization –
influencing control consciousness of its people.
• Factors include integrity, ethical values, competence, authority, responsibility.
• Foundation for all other components of control.
21
Internal Control – the 5 key components
Monitoring• Assessment of a control system’s
performance over time.• Combination of ongoing and
separate evaluation.• Management and supervisory
activities.• Internal audit activities.
Information and Communication• Pertinent information identified,
captured and communicated in a timely manner.
• Access to internal and externally generated information.
• Flow of information that allows for successful control actions from instructions on responsibilities to summary of findings for management action.
Control Activities• Policies/procedures that ensure
management directives are carried out.
• Range of activities including approvals, authorizations, verifications, recommendations, performance reviews, asset security and segregation of duties.
Risk Assessment• Risk assessment is the identification
and analysis of relevant risks to achieving the entity’s objectives – forming the basis for determining control activities.
Control Environment• Sets tone of organization –
influencing control consciousness of its people.
• Factors include integrity, ethical values, competence, authority, responsibility.
• Foundation for all other components of control.
All five components must be in place for a control to be effective.
22
Internal Control
• Focus on areas of greatest potential risk, such as
• Understand extent to which internal audit plans address other high-risk areas in compliance and operations
• Committees should understand the nature and severity of control deficiencies, management’s remediation plans, and impact on financial reporting
• Management override of controls
• Outside service providers
• Information technology
• Mergers and acquisitions
Poor culture
Recurring control weaknesses
Payment systems
Proper segregation of duties
24
Relationship with Management
• Challenge is balancing advising and counseling management with fiduciary duty to monitor and oversee management
• To build trust, need strong, open two way communication channels
• Clear understanding on where management’s responsibilities end and committee’s begin
• Management should seek committee’s input in advance of key decisions
• Evaluate management’s performance and assess bench strength
25
Relationship with Internal Audit
• To be effective, internal audit must have appropriate stature within the company
• Accomplished by
- Having internal audit director report directly to committee
- Ensuring internal audit’s continual access to committee
- Playing key role in selection, evaluation, compensation, succession of internal audit director
26
Relationship with Internal Audit
• Also key is for committee to
- Review and approve internal audit’s charter and plans
- Monitor execution of plans and approve major changes
- Understand results of audit work, with focus on most significant findings
- Ensure internal audit has budget and resources needed
27
Relationship with external auditors
• Auditors should report directly to the committee
• Audit Committees have a role in
- Selecting, or reappointing, external auditors
- Evaluating auditors’ performance
- Ensuring auditors’ independence
- Candid and ongoing communications are vital, and timely and robust dialogue on complex issues is essential
29
Members’ Attributes
• Key is good understanding of the business — including company’s products, services, and industry
• Willingness to dedicate substantial time and energy
• Other relevant attributes
- Extremely high level of integrity
- Healthy skepticism and courage to challenge
- Inquisitiveness and independent judgment
• Good financial knowledge
• Regular training
30
Participants
• Both internal audit director and external auditors typically attend every meeting
• Management’s participation is important
• Meet privately with internal audit director, external auditors, finance management, and others, as warranted
• Guard against too many observers
• Audit Committees should meet at least 4 times a year
31
Evaluation
• Evaluate committee performance regularly by comparing activities against
- Charter
- Leading practice
• Assess committee dynamics, not only on what the committee does, but also on how effectively it functions
• Should be robust—not simply a “check the box” exercise
• Obtain feedback from board, management, internal audit, general counsel, and external auditors