Best Practices for Audit Committees

Lew Burnham

The role of the audit committee of the board of directors depends first on the adequacy of the corporate governance framework of the enterprise. It also depends on the way in which the board is structured to carry out its responsibilities and what authority and functions are delegated to its permanent committees. Therefore, the beginning of this «best practices» discussion will be the optimum committee structure for a board.

The board should, of course, have a majority of non-management directors, without any ties to the company or its management that would impair their independence or make it appear that they have conflicts of interest in performing their duties. Each of the board committees should have a majority of, or be made up solely of, independent directors. Here is list of these committees, showing an optimum division of responsibility and a brief description of some of their major functions:

• Strategy and policy – Develop and/or approve overall strategies, major objectives, and operational guidance for the enterprise. Oversee implementation of the enterprise’s risk management policies and processes, including environmental compliance, emergency response, and business resumption planning. Oversee the development and adoption of the enterprise’s code of ethics compliance program. Periodically review and update these strategies, processes, etc. Some management directors, including the CEO, should be on this committee, but should not comprise a majority.
• Planning and budgeting – Based on the guidance of the strategy committee, review and approve the more detailed plans and budgets for new lines of business, major projects, acquisition of significant assets and their financing, and similar decisions. Review and approve the criteria and processes for accountability and measurement of management performance. This committee should have at least one management director, but not a majority from management.
• Executive recruitment and compensation – Oversee the search for and hiring of senior executives, including the CEO, as well as the establishment of their regular salaries and an annual review of salary increases and incentive compensation. Review the general policies and practices of the enterprise for compensation of managers and employees. Oversee the search for new directors and approve their nomination (to be voted on by the shareholders). This committee should be made up solely of independent directors.
• Audit and compliance – Oversee the activities and results of independent and internal auditors, review financial statements and disclosures prior to their submission for approval by the entire board, oversee management controls (including management of information technology). In addition, review the risk management processes (particularly with respect to contingent liabilities and similar matters relating to financial statements and disclosures), supervise administration of the ethics compliance program, and institute and supervise special investigations, as needed. This committee should be comprised only of independent directors.

The committees function best if they are relatively small (3-5 members). Independent directors should serve on more than one committee, especially where duties and responsibilities are related (e.g., strategy and planning). It is a good idea to rotate board members periodically among the committees.

An expanded discussion of the responsibilities and functions of the audit committee, along with comments on how it supports the other committees and the board as a whole, is set forth below:

• Oversee the appointment of independent auditors and the director of internal auditing.
• Understand and be satisfied with information systems and processes used in applying accounting standards and preparing financial statements, especially when significant changes are proposed.
• Review draft financial statements and disclosures to ensure that the information is timely, reliable, and represents economic reality. This means, in effect, that it has been prepared and presented in accordance with International Accounting Standards (IAS).
• Receive regular reports and meet with independent and internal auditors, as well as with appropriate members of senior management, to discuss results of audit work and drafts of quarterly and annual financial statements and disclosures.
• Also meet with the auditors, special investigators and consultants, and management, to discuss their activities and results in other audit committee areas. Examples of such areas are risk management, internal control and accountability, environmental compliance, code of ethics, compliance with laws and regulations, and other important aspects of internal control.
• Meet as often as needed (usually 3-4 times a year). Hold executive sessions without management present, including at least annual executive sessions with independent and internal auditors (separately) to inquire as to their concerns, lack of authority or resources, etc.
• Make timely reports to the full board on significant matters requiring their knowledge or approval.
• Periodically review the committee’s charter, resources, training of new members, emerging issues, and potential problems.

It is readily apparent that timely, reliable information, financial and non-financial, is essential to the effectiveness of all of these committees, but particularly to the audit committee. It is also evident that, even though Russia enacts an ideal corporate governance framework, and is determined to apply it to Russian enterprises, its corporate governance will not be good, as it would have to depend on inadequate information systems. The auditing framework for both independent and internal audits, also is not yet adequate to support good corporate governance. Therefore, in addition to the above «best practices,» some early steps needed to improve the effectiveness of boards of directors are:

• prompt and full adoption of IAS, International Standards of Auditing (ISA), and Standards for the Professional Practice of Internal Auditing, issued by the Institute of Internal Auditors (IIA),
• training/retraining accountants and auditors in these standards, as well as in the systems and techniques that support them, and
• implementation and vigorous enforcement of these standards, initially for large publicly-traded enterprises and large state-owned enterprises (including banks, insurance companies, and others in which public trust is be placed), and subsequently for all enterprises seeking access capital markets for significant equity or credit.

Much more could be written about the functions of boards and their committees, particularly about audit committees, but the foregoing main points will suffice for this overview. Through articles in Accounting Report, presentations at conferences and seminars, and information to professional and regulatory bodies, ICAR has espoused its ideas and recommendations about governance and professional standards. Readers interested in obtaining more information on those ideas and recommendations, can access ICAR’s website (http://www.icar.ru), where there are copies of prior issues of Accounting Report and other relevant publications.

ICAR has in its reference library a comprehensive research study and guide called «Audit Committee Effectiveness» issued in 2000 by the IIA Research Foundation. ICAR also is in process of acquiring a companion guide on «Corporate Governance and the Board» also issued by the IIA. These practical guides contain, in addition to frameworks and detailed descriptions of how to optimize boards and audit committees, their recommended model charters and self-assessment tools for evaluating these functions (or for starting them). Readers of Accounting Report are welcome to visit ICAR to consult these guides and other materials on IAS, ISA, and IIA standards.

Lew Burnham is a retired financial executive and a volunteer consultant to ICAR and other international organizations.