BY JOHN M. SEERAM
THE month of May is designated International Internal Audit Awareness Month by the Institute of Internal Auditors, Global (IIAG). The Guyana Chapter is affiliated to the IIAG, hence it has planned a month of activities to recognize this noble profession. One of its activities is to publish articles on the internal audit profession in order for practitioners to develop, among others, their skills and knowledge.
In so doing, the topic chosen by this writer is on the Roles and Responsibilities of the Audit Committee.
The audit function is indeed crucial in order to ensure the integrity of a company’s/entity’s financial systems. It includes not only its financial results but also the control systems and the code of ethics which are the cornerstones of an accurate financial reporting system. The key player in this is the audit committee, which is comprised of directors who report directly to the Board of Directors.
What is the Audit Committee?
An audit committee is a standing committee of the Board of Directors and should be comprised primarily of non-executive directors. These directors should not be involved in the management of the entity.
Organisation of the Audit Committee
Board of Directors should carefully give consideration to their appointments of directors to audit committees.
• Number of Directors: The number of independent directors appointed to audit committees depends on the nature of the business and also industry dynamics, the size of the entity, and the size of the Board of Directors. The general consensus is that a minimum of three and a maximum of five are adequate.
• Composition: Because members of audit committees have varied backgrounds and occupations, they provide a mix of skills and experience. Although the members have different levels of expertise, it is strongly advisable to have at least one individual who has a finance/accounting and auditing background. It can be more useful to have some directors with a solid operational knowledge of the industry in which the entity operates, these directors can spot potential control weaknesses, based on their knowledge of how transactions flow in an industry or specific environment.
• Meetings: Audit Committees should meet at least four times a year, however, these meetings can be increased due to matters to be addressed.
Nature of Audit Committee Responsibilities
Board of Directors will define their role and responsibilities of their audit committees. This charge is usually disclosed in the audit committees’ written charter which should include the terms of reference such as the mission statement, size and composition, term of service, frequency of meetings, scope of responsibilities, and reporting responsibilities. In effect, audit committees are primarily responsible for the quality related to matters such as
• External auditing process
• Internal auditing process
• Financial reporting process
• Internal controls
• Conflicts of interest
• Regulatory and legal matters
• Information technology
• Other matters
Recognising that audit committees operate on a part-time basis and serve in an advisory capacity to boards, it is therefore essential that boards place limitations on the scope of the committee’s performance, as well as to protect the committees against legal claims for their inactions that are outside their charge. The major tasks the audit committee should be focusing on would be centred on tasks related to external auditors, to internal auditors and to the financial systems.
Tasks Related to External Auditors
• To Recommend the Hiring of External Auditors – It should ensure that a truly independent auditor is hired, rather than one who has connections with the entity in some way or the other that may influence the review of the financial statements. The audit committee should also base its recommendations on the auditor’s expertise in the industry, the quality of its services, the extent to which it performs other services for the entity, as an example, consultancies.
• Review Auditors Recommendations – Ensure control, governance and risk management issues raised are properly dealt with by the management team, thereby resulting in a stronger environment.
• Review any disagreement between the External Auditors and Management – Disagreement will normally occur on the auditors’ findings and/or recommendations which should be addressed and be determined by the audit committee. Also with the Audit Opinions issued on the accounts.
Task Related to Internal Audits
The audit committee can strengthen the entity’s internal audit function by ensuring that management has established and is maintaining an adequate and effective internal audit structure. Here are specific roles, in the internal audit area, expected to be done by the audit committee
• Appointment of the Chief Internal Auditor (CIA) – The CIA typically reports administratively to the entity’s management, however, the audit committee is responsible for the hiring and dismissal of the CIA. The objective here is not to deny the entity’s management the right to name the person who will administer the internal audit department, which serves the combine needs of the entity’s management and the audit committee. Rather, the significance of the audit committee’s participation is to ensure the independence of the internal audit function(s) when there is need to speak out regarding issues identified in the review and appraisal of internal controls and other activities of the entity.
• Approval of the Internal Audit Charter (IAC) – An IAC serves as a basis of authorization of every effective internal audit program. An adequate IAC is particularly important to define the roles and responsibilities of internal audit, and its responsibility to serve the audit committee properly. It is here that the mission of internal audit must clearly provide service to the audit committee as well as to senior management. The audit committee is responsible for recommending to the Board the approval of the IAC.
• Approval of Internal Audit Plans and Budgets – Ideally, the audit committee should have developed an overall understanding of the total internal audit needs of the entity. This high-level appraisal covers various special control and financial-reporting issues, allowing the audit committee to determine the portion of audit or risk assessment needs to be performed by either internal audit or other providers. As part of this role, the audit committee is responsible for reviewing and approving all internal audit higher-level plans and budgets. This responsibility is consistent with the audit committee’s role as the ultimate coordinator of the total audit effort. The committee’s review of all internal audit plans is essential if the policies and plans for the future are to be determined most effectively.
• Audit Committee Review and Action on Significant Audit Findings – An audit committee’s most important responsibility is to review and take action on significant audit findings reported to it by the internal and external auditors, management, and others. While the audit committee has responsibility for all of these areas, the focus here is on the importance of internal audit to report all significant findings to the audit committee regularly and promptly. Part of this reporting will occur through internal audit’s distribution of all audit reports to the audit committee. Reacting to significant audit findings requires a combination of understanding, competence, and cooperation by all of the major parties of interest: internal audit, management, external auditors, and the audit committee itself.
Roles in the Financial Reporting Area
The financial process and ensuring reliable financial information is one of the most important functions of the audit committee. While the audit committee should not become involved in day-to-day operations, there is pressure from the oversight role for the audit committee to get more involved in ensuring the integrity of the financial reporting process. Hence, audit committees are expected to:
• Review all financial statements, whether interim or annual, before they are approved by the Board of Directors and to ensure their objectiveness, accuracy, and timeliness.
• Review all existing accounting policies, and concentrate on the impact on the financial statement of any changes in accounting policies including the likely impact of any contemplated changes.
• Evaluate exposure to fraud.
• Appraise key management estimates, judgements, and valuations where they are thought to be material to the financial statements.
• Evaluate the adequacy of financial statement disclosures.
• Review the adequacy of the entity’s structure, including management’s implementation of internal controls, risk management and governance.
• Review all significant transactions, especially those that are non-routine and those that may be illegal, questionable, or unethical.
The Guyana Situation
The Institute of Internal Auditors, Guyana Chapter has been playing an active role in promoting the establishment of audit committees in entities in the private, public and governmental sectors. Here in Guyana, there is still more work to be done in this area, which is an on-going exercise.
To those committees in existence, it is imperative that they comply with the pronouncements and best practices globally on their expected roles and responsibilities. Hence, entities with established audit committees should be aware of the pronouncements being made from time to time and to keep abreast with the best practices globally. Audit committees today are operating in an immensely complex modern business world. Over the years, there have been some reports (in Guyana) of audit committees not having a healthy working relationship with the entity’s management and with its CIA. In such a situation, then each party needs to understand that they have to function in an environment of trust, since each needs the other to succeed. The shortcomings by members of an audit committee in terms of lack of specific technical skills should be addressed. One possible approach is to have training seminars/workshops for directors since their competence is being judged by the board and the management of the entity. Not much research has yet been done on the roles and responsibilities of audit committees in Guyana by virtue of publications. This is an area which needs to follow up and to promote in keeping with the global best practices, hence the publishing of this article.
The audit committee, the CIA and management, work best when they pledge to work together. This relationship is seen as a partnership and it is most important for an entity to get it right, if it wants to attain effective governance. The success of an audit committee depends to a great extent on cultivating a strong working relationship with the management of the entity. Also, there is the need for both the management and the CIA to have a healthy and respectful relationship. All parties now have more to do, and it is imperative that each must understand the roles and responsibilities of the other. In closing, the success of an audit committee is dependent on cultivating a strong working relationship with each party and they will need each other to succeed – ‘I will help you, and you will help me, and we both know that’. That being said, it’s about trust. Audit committees, the CIA and management have to trust that each other is thoughtful, competent, and looking out for the best interests of the company/entity.