nidhi

Audit Committee Effectiveness – Audit Committee Effectiveness – What Works BestWhat Works Best

Presentation by: Rahoul ChowdryGlobal Banking & Capital Markets Leader

Corporate Governance Program for Bank Directors of Indian Banks

16 December 2005, Mumbai

2

• 32% die of natural causes

• 30% die from cancer

• 25% die from heart disease

• 10% die from road and other accidents

• 2.5% die from insect and snake bites

• 0.5% are taken by crocs and sharks

Recent research shows that in Australia

3

• 32% die of old age

• 30% die from cancer

• 25% die from heart disease

• 10% die from road and other accidents

• 2.5% die from insect and snake bites

• 0.5% are taken by crocs and sharks

…….but no one has yet died from boredom listening to presentations

Recent research shows that in Australia

4

Agenda

I. Oversight responsibilities of Audit Committees

II. Relationships with:

- Management

- Internal Auditors

- External Auditors

III. Key to effectiveness

- Committee composition

- Training

- Meetings

- Charter & evaluations

5

I. Oversight responsibilities of Audit Committees

• Integrity of financial reporting

• People and culture

• Compliance and ethics

• Risk management

• Internal control and systems

6

Financial Reporting

• Committees need to

- Understand financial statements through discussion with management and external auditors

- Understand accounting policies

- Assess quality, not just reliability, of earnings

- Apply appropriate level of skepticism and ask probing questions

- Be comfortable with treatment of unusual/complex issues

7

Financial Reporting

• Other keys

- Review significant period-to-period changes and challenge sudden changes

- Recognize financial reporting areas most susceptible to fraud

- Maintain healthy skepticism when considering the risk of fraud―it is never zero

Understand any concerns raised by auditors

Revenue recognition

Expense classification

Accounting for business combinations

Provisions

Areas of judgement

Suspense / Clearing accounts

8

Narrative Reporting

• Review disclosures and consider consistency with financial statements

• Many specific disclosures required by regulators

• Leading audit committees focus on transparency―whether all significant developments are fully disclosed

People and Culture

10

People and Culture

• Capabilities, training of people

• Strong culture based on

- Integrity

- Transparency

- Meritocracy

- Consultative

- No fear

• Strong culture results in better internal control, a natural desire to “do the right thing” and fewer surprises

Compliance and Ethics

12

Codes of Conduct

• Many committees oversee compliance with code of conduct

- Review and approve code

- Ensure it is communicated to all employees and they attend training

- Understand program for monitoring code compliance and review reported violations and follow-up actions

• A similar approach should be taken to overseeing compliance with laws and regulations

13

Whistleblower and Complaint Hotlines

• For US listed companies audit committee must establish processes to receive complaints about accounting and auditing

• Complaints should be reported to the committee who should review remediation actions taken, ensuring they are timely, consistent, and appropriate

Risk Management and Internal Control

15

Risk Management

• Audit committees increasingly oversee risk management processes

• Committees can fully embrace this role by

- Understanding how risk management processes are tailored to company’s specific needs

- Probing whether the processes are ongoing—not just at a point in time

- Ensuring responsible individual has appropriate stature, expertise, and time

- Meeting periodically with chief risk officer

16

Internal Control – the 5 key components

5.

4.

3.

2.

1.

17


Control Environment• Sets tone of organization – influencing control

consciousness of its people.• Factors include integrity, ethical values, competence,

authority, responsibility.• Foundation for all other components of control.

18


Risk Assessment• Risk assessment is the identification

and analysis of relevant risks to achieving the entity’s objectives – forming the basis for determining control activities.

Control Environment• Sets tone of organization –

influencing control consciousness of its people.

• Factors include integrity, ethical values, competence, authority, responsibility.

• Foundation for all other components of control.

19


Control Activities• Policies/procedures that ensure

management directives are carried out.

• Range of activities including approvals, authorizations, verifications, recommendations, performance reviews, asset security and segregation of duties.







20


Monitoring• Assessment of a control system’s

performance over time.• Combination of ongoing and

separate evaluation.• Management and supervisory

activities.• Internal audit activities.










21


Monitoring• Assessment of a control system’s

performance over time.• Combination of ongoing and

separate evaluation.• Management and supervisory

activities.• Internal audit activities.

Information and Communication• Pertinent information identified,

captured and communicated in a timely manner.

• Access to internal and externally generated information.

• Flow of information that allows for successful control actions from instructions on responsibilities to summary of findings for management action.










All five components must be in place for a control to be effective.

22

Internal Control

• Focus on areas of greatest potential risk, such as

• Understand extent to which internal audit plans address other high-risk areas in compliance and operations

• Committees should understand the nature and severity of control deficiencies, management’s remediation plans, and impact on financial reporting

• Management override of controls

• Outside service providers

• Information technology

• Mergers and acquisitions

Poor culture

Recurring control weaknesses

Payment systems

Proper segregation of duties

II. Oversight of Management and Internal Audit

24

Relationship with Management

• Challenge is balancing advising and counseling management with fiduciary duty to monitor and oversee management

• To build trust, need strong, open two way communication channels

• Clear understanding on where management’s responsibilities end and committee’s begin

• Management should seek committee’s input in advance of key decisions

• Evaluate management’s performance and assess bench strength

25

Relationship with Internal Audit

• To be effective, internal audit must have appropriate stature within the company

• Accomplished by

- Having internal audit director report directly to committee

- Ensuring internal audit’s continual access to committee

- Playing key role in selection, evaluation, compensation, succession of internal audit director

26

Relationship with Internal Audit

• Also key is for committee to

- Review and approve internal audit’s charter and plans

- Monitor execution of plans and approve major changes

- Understand results of audit work, with focus on most significant findings

- Ensure internal audit has budget and resources needed

27

Relationship with external auditors

• Auditors should report directly to the committee

• Audit Committees have a role in

- Selecting, or reappointing, external auditors

- Evaluating auditors’ performance

- Ensuring auditors’ independence

- Candid and ongoing communications are vital, and timely and robust dialogue on complex issues is essential

III.Key to Audit Committee Effectiveness

29

Members’ Attributes

• Key is good understanding of the business — including company’s products, services, and industry

• Willingness to dedicate substantial time and energy

• Other relevant attributes

- Extremely high level of integrity

- Healthy skepticism and courage to challenge

- Inquisitiveness and independent judgment

• Good financial knowledge

• Regular training

30

Participants

• Both internal audit director and external auditors typically attend every meeting

• Management’s participation is important

• Meet privately with internal audit director, external auditors, finance management, and others, as warranted

• Guard against too many observers

• Audit Committees should meet at least 4 times a year

31

Evaluation

• Evaluate committee performance regularly by comparing activities against

- Charter

- Leading practice

• Assess committee dynamics, not only on what the committee does, but also on how effectively it functions

• Should be robust—not simply a “check the box” exercise

• Obtain feedback from board, management, internal audit, general counsel, and external auditors

Thank YouThank You

nidhi

Documents