Audit Committee Membership and its Consequences
ANDREW LUMSDEN
Partner Corporate Advisory, Corrs Chambers Westgarth
(a) There has been an extraordinary run of recent actual or perceived financial failures: Halliburton, Enron, Dynergy, Adelphia, Tyco, WorldCom, , , Global Crossing and Qwest have all been mentioned. In Australia, we have had Harris Scarfe, One.Tel and HIH. Phrases like “earnings management” are now in common parlance. Before the real lessons from any of these “failures” have been learnt, public pressure for accountability and reform will intensify. Nowhere will the pressure be more acutely felt than around those board tables where audit committees meet to discuss their financial statements. Earnings have always and will always be “manageable”. The application of accounting principles to a business always involves fine judgment. This article suggests a number of practical measures that audit committee members can take to ensure they are satisfying their obligations under Australian law as directors and delegates and that their discretions are being exercised in reasonable way.
(i) Introduction
Too often our media fail to recognise that financial fraud is a sophisticated business. That is why boards of directors, regulators and auditors find it so hard to stop. In a world where equity markets are unforgiving and management compensation is tied to the achievement of higher earnings, pressures cascade through an organisation and translate into pressure on financial management, audit committees and auditors.
The audit committee has become the subject of considerable focus as a way of cracking down on fraudulent financial reporting and more effective monitoring of the financial reporting process. The focus of recent times has been on the audit committee while there has been surprisingly little attention given to the potential liability of committee members.
A well functioning audit committee is an important element of good large company corporate governance, but it is not a universal panacea. The best and most diligent will sometimes be deceived. That is not to say regulators should capitulate, rather, we need to recognise the limitations of regulation.
The importance of accurate financial information cannot be underestimated; it is the lifeblood of markets, and our scheme of corporate regulation needs to actively preserve the integrity of financial information. In the near future it is likely that one of the costs of participating in public financial markets will be the necessity to establish, resource and supervise an audit committee.
Given the importance of the audit committee in enhancing financial statement reliability and credibility, there will be increasing pressure on companies (via either the ASX, in accordance with the recommendations of the Ramsay Report, or through market pressure) to establish independent audit committees. Already more than 186 of ASX top-200 companies have audit committees; of these only 26 included executive directors.
The push to a greater monitoring role for audit committees means they will be charged with greater liability for the failure of financial reporting systems over and above their existing liability as directors of the company. There have been recent statements by the United Kingdom Financial Services Authority (FSA) that it believes it is appropriate to look to the audit committee if there is an audit failure. This trend will most likely be replicated if and when the audit committees of HIH, Enron, WorldCom etc come before the courts. The audit committee will assume primary responsibility for the oversight of the company’s financial statements, possibly to the exclusion of all other directors.
There are concerns that the increasing focus on the audit committee as the governance instrument responsible for the regulation of financial management has brought with it increased liability for audit committee members. The following discussion focuses on the theoretical and practical potential liability of audit committee members and how, if properly followed, procedures could be established to manage and possibly reduce an audit committee’s existing exposure to liability.
(A) Audit “failure”
An important rationale for the audit committee is to reduce the risk of audit failure. Audit failure generally refers to an instance where a company’s financial statements are materially misstated and either “failed to discover the misstatement or acquiesced in the inclusion of the misstatement in the company’s financial statements”. An audit failure may precede a corporate collapse that might otherwise have been avoided, possibly where an industry regulator chooses to rely on financial statements that have been audited by a reputable accounting firm.
(ii) What is an audit committee
The board is responsible for managing the company. It delegates its management to executives who are responsible for the day-to-day management of the company and to various specific board committees to oversee particular areas in a review or advisory capacity.
The ability of a board to effectively monitor the company’s financial performance is increasingly being focused through the audit committee. The audit committee is seen as the monitor of the company’s financial integrity and internal controls; the board’s “structured and professional vertical probe”.
An appropriately structured and qualified audit committee plays a key role in assisting a board fulfil its overseeing responsibilities to oversee financial reporting, internal control structure, risk management systems and the internal and external audit functions. The committee also provides an effective mechanism for the auditor to communicate in an informal and private way with the directors (assuming the committee is composed, entirely of independent non-executive directors) about these issues as well as potentially troublesome issues at a relatively early stage and to broach sensitive issues in an uninhibited fashion.
Virtually all sets of corporate governance guidelines recommend that boards of large and/or publicly listed companies should have (at least) an audit committee. However, the Corporations Act, common law and the ASX Listing Rules do not provide much guidance on how the audit committee should be structured or how it should function.
A listed company is required to disclose in its annual report whether it has an audit committee. If it does not have one, it must disclose why. There is no requirement to say anything about the composition or functions of the committee. Listed companies are also required to ensure that their financial statements contain a statement of corporate governance practices operating during the reporting period, including rules for the nomination of external auditors and reviewing the existing external audit arrangements.
(iii) Overseas practice
Throughout the mid to late 1990s the SEC was making noises about the integrity of the reporting of American public companies. There was a clear feeling in the United States that market expectations would lead to greater levels of “earnings management”. The quarterly reporting model put substantial pressure on United States management to achieve Wall Street’s predictions – consequently some US management pushed the boundaries of United States GAAP in preparing their financial reports.
The NYSE and NASD Blue Ribbon Committee on improving effectiveness of corporate audit committees was established with the SEC’s encouragement to examine and make recommendations to monitor earnings management oversight by audit committees.
In summary the Blue Ribbon Committee recommended:
• mandated audit committees for all large listed companies comprising a minimum of three directors, each of whom is independent (where independence is rigorously defined), financially literate or who becomes financially literate within a reasonable period of time after his or her appointment and where at least one member has accounting or similar expertise;
• the adoption of a formal charter. The charter must specify that the audit committee is responsible for several matters. First, for ensuring that the auditor submits periodically to the audit committee a formal written statement delineating all relationships between the auditor and the company. Second, for actively engaging in a dialogue with the auditor regarding any disclosed relationships that may impact the auditor’s objectivity and independence. Third, for recommending that the board of directors takes appropriate action in response to the auditor’s statement to satisfy itself of the auditor’s independence; and
• the company must file a “written affirmation” with the exchange each year, and after any change in the audit committee’s composition, disclosing the audit committee’s members and confirming that the company is complying with the requirements summarised above.
In the United States the Sarbanes-Oxley Act 2002 deals with corporate responsibility and enhanced financial disclosure. It provides that the audit committee is directly responsible for the appointment, compensation, and oversight of the work of the public company auditors.
The Sarbanes-Oxley Act provides that the audit committee members must be independent from company management. It requires that the audit committee develop procedures for addressing complaints concerning auditing issues and also that they put in place procedures for employee whistleblowers to submit their concerns regarding accounting. The legislation specifically provides that an employee should be protected in going to the audit committee.
In the United Kingdom the Combined Code recommends that companies have an audit committee, and that the committee consist exclusively of non-executive directors (with at least a majority being independent non-executives). Listed United Kingdom companies must disclose annually whether they have complied with the Combined Code’s recommendations and, if not, why not.
The experiences of these two dominant capital market jurisdictions (although different in emphasis) will most likely travel to Australia either by regulation or by the increasing uniform international institutional corporate governance expectations.
(iv) General obligations
The board’s responsibilities go beyond strategic matters. The Corporations Act imposes specific responsibilities on directors; for example, the directors have specific responsibility for the company’s financial statements.
Directors have statutory and fiduciary duties to shareholders to act in good faith in the best interests of the company and for a proper purpose. Individual directors and/or the individual members of the audit committee will be judged by this standard in circumstances of audit failure (for example, failure to prevent earnings management).
Our courts have not separately reviewed the role of an audit committee as distinct from the director’s role as a board member. Further there is some doubt about whether the kind of distinctions drawn by Rogers CJ in AWA Ltd v Daniels (1992) 9 ACSR 383 regarding executive and non-executive directors can be sustained. To be liable under s 181 the committee member would need to be shown not to have acted with “the degree of care and diligence that a reasonable person would exercise if they occupied” the position of an audit committee member and to not be entitled to the protection of the business judgment rule.
While the case law in the United States is sparse, United States courts have found that audit committee members have an obligation “to question the information being presented to them”. The general theme of the United States cases is that audit committee members are “inside directors” and as such have a heightened exposure to liability, that is they have a higher monitoring obligation than non-audit committee members and other non-executive directors.
In Australia after Daniels v AWA (1995) 16 ACSR 607 (AWA appeal) decision the position is not clear regarding the level of duty imposed on executive and non-executive directors and axiomatically between committee members and other directors. The better view is probably that the standard of reasonableness expected of directors varies depending on the level of understanding of the relevant director and their role, for example as audit committee member (see below).
An Australian court is likely to assess whether the audit committee members have satisfied their statutory and common law obligations to act with a reasonable degree of care and diligence by reference to industry practice. The best current guide to industry best practice is Audit Committees: Best Practice Guide and the Ramsay Report. In order to satisfy their obligations, audit committee members need to see these “standards” and their own charter as benchmarks against which they will be judged.
(A) Business judgment rule
Under the statutory business judgment rule the court will only review the committee’s decision regarding say, earnings management, for rationality provided the prerequisites in s 181(2) of the Corporations Act are satisfied.
In the present context probably the most important prerequisite for the application of the business judgment rule is that the committee members have informed “themselves about the subject matter of the judgment to the extent they reasonably believe appropriate”, that is, the audit committee came to an informed decision.
Embracing the Ramsay Report recommendations regarding process would substantially aid an audit committee in demonstrating that its decision was an informed one and thus ought to be entitled to the favourable presumption of the business judgment rule.
If the audit committee examined the financial statements, discussed them with management and the outside auditor and took steps to investigate the independence of the outside auditor (see a more detailed discussion of the probable best practice steps below) before deciding whether to recommend the financial statements, it would be very difficult for a court to conclude that they had failed to appropriately inform themselves about the quality of the financial statements before recommending them to the board.
(1) Avoiding conflicts of interest
If audit committee members wish to avail themselves of the business judgment rule they will need to be continuously vigilant to identify circumstances of conflicting interests, that is, circumstances where they have a material personal interest in the matter before the committee. If, for instance, committee members hold significant numbers of share options that vest during the reporting period, they may well have a disqualifying personal interest. In ASIC v Adler [2002] NSWSC 171, Santow J held that Mr Adler and Mr Williams each as major shareholders in HIH had “a material personal interest precluding the application of the business judgment rule”.
If for some reason the business judgment rule is not available, following the processes referred to in the Ramsay Report recommendations could protect audit committee members from claims that they breached their duty of care to act with a reasonable degree of care and diligence. A diligent focus on the Ramsay Report recommendations will demonstrate that even though the committee may have recommended to the board financial statements, which later prove to be wrong, they will not have been in breach of their directorial obligations.
(B) Delegation and its consequences
The Corporations Act recognises that the directors may delegate their powers to a variety of people including a committee of directors. Once delegated each director is responsible for the exercise of the power by the delegate as if the directors themselves had exercised the power unless the directors can establish that the committee was reliable and competent in relation to the power delegated. Clearly a properly constituted and qualified audit committee can effectively shift primary liability for the monitoring and preparation of the company’s financial information to the audit committee.
The Corporations Act allows the directors to delegate their powers regarding financial matters to the audit committee. Section 189 provides specific authority for the rest of the board to reasonably rely on information or advice provided to the board by the audit committee; however, the provision requires that the board make an independent assessment of the “advice, having regard to [their] knowledge of the corporation and the complexity of the structures and operations of the corporation”. The provision does not require the board to separately have the audit committee determinations reviewed by, for example, an independent expert accountant but it does require them to have listened to and assessed what is being proposed by the audit committee. They must bring their own mind to bear on the issue using such skill and judgment as they possess.
The board should also ensure they adopt a written charter to govern the audit committee and establish the reasonableness of their reliance on the information coming to the board from the audit committee. If the directors have taken these steps then they will usually have established that they have satisfied their statutory and common law duties irrespective of the audit failure.
Adopting the charter alone is not sufficient; there should be an annual assessment by the audit committee of the adequacy of the charter. The audit committees (and boards of directors as a whole) should carefully review and, if necessary, update their audit committee’s charter to ensure that it not only meets the applicable requirements but also properly addresses the role the committee will in fact play in the financial reporting process. Audit committees should consider what, if anything, different from the past they will do. In addition, the audit committee should assure itself that in the course of its activities it in fact addresses the matters the charter contemplates that it will address.
(v) Practical steps to satisfy the obligations of audit committee membership
The role of the audit committee in most modern public companies is to engage in the pro-active oversight of the company’s financial reporting and disclosure process and the outputs of that process. Obviously, the committee is not responsible for the day-to-day tasks involved in making sure of the accuracy of the accounts. That is the role of management. Nor are they liable to micromanage the finances of the company. However, relying on the external auditor, financial management and internal auditors, the committee must exercise a high level of due diligence into the accuracy of the final statements.
During my almost eight years at the Commission, I have come to believe that one of the most reliable guardians of the public interest is a competent, committed, independent and tough-minded audit committee. The audit committee stands to protect and preserve the integrity of America’s financial reporting process. I encourage your committee to take every step possible to ensure that the integrity of the financial statements, and by extension, the interest of shareholders, remains second to none … [The] audit committees should encourage a “tone at the top” that conveys basic values of ethical integrity as well as legal compliance and strong financial reporting and control.
(A) Composition
Having regard to overseas practice and Ramsay Report recommendations, it is more than likely that in the near future audit committee members will need to have a reasonable level of financial literacy. However, the law and/or the ASX Listing Rules are not likely to go so far as to require every member of the committee to be an accountant.
All the members of the audit committee must be “independent”. An audit committee member will only be independent if he or she has no relationship with the company that may interfere with the exercise of independent judgment; the Ramsay Report recommendations set out a possible set of criteria to determine independence. Similarly, the chair of the board of directors should not be the chair of the audit committee. The Sarbanes-Oxley Act on the other hand defines independence by reference to the absence of any consulting, advisory or other compensatory fee from the company and the absence of any affiliation with the company or any subsidiary, in this context affiliation probably refers to any commercially beneficial arrangements.
In the United States a distinction exists in audit committee independence requirements between small capitalisation and large capitalisation companies. This distinction recognises that requirements for independent directors can be costly and that this cost may be relatively higher for small capitalisation companies than for large capitalisation companies. In the case of smaller companies (say less than $100 million market capitalisation) the audit committee requirements may vary so that they contain at least one director meeting the independence criteria, instead of all directors of the audit committee being required to meet the independence criteria.
(B) Duty to monitor
The directors of a company have a duty to monitor the company and its employees. Specifically, the directors collectively have a duty to ensure that there is an adequate corporate information and reporting system. Management’s accounts are subject to review by the auditor; the role of the committee is to monitor.
Adopting the sorts of processes identified below will help the audit committee demonstrate that it took steps to assure itself that it obtained the information needed to properly monitor the executives’ creation of financial statements and the auditors’ review. The committee should establish a system of overseeing the external reporting of the company.
Audit committees are uniquely positioned to oversee the construction and operation of a company’s financial affairs. If the actions and influence of audit committees are to be real they must extend beyond prescribed rules, obligations and responsibilities. The boundaries of an audit committee’s effort must be guided by an unwavering commitment to investors and a dedication to the integrity of high quality financial reporting.
The functions discussed below are designed to operate as indicia of best practice that, if followed, should provide evidence of the committee’s meeting its common law and statutory obligations. The following are not intended to suggest that the audit committee’s focus should shift from oversight to active management.
(C) Financial reporting
The audit committee has a key role in monitoring the component parts of the audit. In this pivotal role, aptly described by the Blue Ribbon Committee as “first among equals”, the committee oversees management who have and must accept the primary responsibility for the financial statements. It is important that this oversight role be timely, robust, diligent and probing.
The committee should be aware of the many specific periodic and continuous filing obligations and work with management to settle a work program to ensure adequate time is available to meet each of the financial filing obligations imposed on the company, some of these include:
•
•
• preparation and distribution of full and half year reports (full or concise) reconciled with any preliminary final report;
• information likely to have a material effect on the value of securities, as and when the company becomes aware of it;
• preliminary final report in the form set out in Appendix 4B of the ASX Listing Rules.
Warren Buffett, a major investor, has suggested that audit committees ask auditors:
1. If the auditor were solely responsible for preparation of the company’s financial statements, would the reports have been prepared in any way differently from the manner selected by management? The audit committee should inquire as to both material and non-material differences. If the auditor would have done anything differently from what management would have done, an explanation should be made of management’s argument and the auditor’s response.
2. If the auditor were an investor, would he have received the information essential to a proper understanding of the company’s financial performance during the reporting period?
3. Is the company following the same internal audit procedure that would be followed if the auditor himself were CEO? If not, what are the differences and why?
In a similar vein Mr Harvey Pitt, the chairman of the Securities and Exchange Commission, has suggested that audit committees ask their auditors to identify the five assumptions that make the biggest difference to the companies’ financial statements and to show how the numbers would look if different assumptions were made.
In the United States the Sarbanes-Oxley Act also requires that the auditor report to the audit committee:
(1) all critical accounting policies and practices to be used;
(2) all alternative treatments of financial information within generally accepted accounting principles that have been discussed with management officials of the issuer, ramifications of the use of such alternative disclosures and treatments, and the treatment preferred by the registered public accounting firm.
Additionally, s 401 of the Sarbanes-Oxley Act requires all financial statements that are prepared or reconciled to United States GAAP to reflect all “material correcting adjustments” that have been identified by an auditor in accordance with GAAP and SEC rules and regulations.
While probably now of little more than historical interest it is worth noting that the Second Corporate Law Simplification Bill 1996 included a general management discussion and analysis (MD&A) requirement that was omitted from the Bill in favour of a requirement to discuss in general terms information relating to a company’s operations and activities. This change was strongly opposed by the Securities Institute of Australia, the Accounting Bodies together and many other key organisations, including IFSA:
The MD&A would help users of financial reports to understand a company’s performance, financial position and future prospects. The Accounting Bodies believe that the absence of a regulatory framework for MD&A disclosure in Australian company reports is a significant shortcoming in the quality of financial reporting to users, especially as this form of reporting is required or encouraged in other major capital markets, such as the United States, United Kingdom and Canada. We do not believe that the Bill’s approach, that is, allowing the provision of a MD&A to be voluntary is appropriate. Although directors can incorporate interpretative information on the financial statements, our observations indicate that among a cross-section of companies of different size this type of information is not generally reported.
A different view on the need for a MD&A requirement was presented by the ASX who believed that a form of management discussion and analysis reporting was already required under the present Corporations Law requirements for directors’ reports. This misses the point of making the management (and the CEO and CFO in particular) separately responsible for discussion and analysis in the annual report; this is still an option available to Australian companies.
(D) Financial press releases
The audit committees ought to review and consider all the company’s publicly released material concerning financial information. There has been considerable recent criticism of press releases that convey an incomplete or inaccurate picture to investors; these have sometimes been referred to as an “EBS” or “Everything but Bad Stuff” release. Typically, these releases set forth the “pro forma” numbers before the actual operating results.
Audit committees need to view critically the company’s releases of financial information to ensure it is unbiased and balanced.
(E) Internal control structures and risk management systems
Many companies in Australia follow a best practice of including a management report on internal controls in their annual report to shareholders. Internal accounting controls are critical to the quality and timeliness of financial reporting by any company.
An effective audit committee ought to give due consideration to having the company include a report on the effectiveness of their internal accounting controls in the annual report. This will close the circle of reporting to the company’s shareholders by each of management, the independent auditor and the audit committee.
Each year, the audit committee should insist on and obtain from management a written report to the committee addressing whether the company’s internal controls are operating effectively.
Following the new United States rules the committee ought to consider developing procedures for addressing complaints concerning auditing issues and also that they put in place procedures for employee whistleblowers to anonymously submit their concerns regarding accounting or auditing issues.
(F) Internal audit functions
The audit committee should ensure that the internal auditor should have an unobstructed and clear communication channel to the audit committee. This is especially important today as the internal auditor can evaluate and report to the audit committee on the adequacy and effectiveness of a company’s internal controls. The internal audit functions and adequate systems and control procedures are key in the preparation of reliable financial statements. History shows that financial frauds often involve the overriding of internal controls by a company’s chief executive officer and/or chief financial officer.
(G) Related party transactions
If there is no separate committee to review these types of transactions (and in general where there are large shareholders with which the company does business there should be) the audit committee should review the frequency and significance of all transactions with related parties and assess their propriety.
The audit committee should give particular regard to whether they ought to have the advantage of advice from an independent lawyer (not otherwise employed by the company) in these types of matters. Few independent directors know how to handle the type of transactions that can be involved with related parties (whether management or shareholders). The committee will often benefit from advice from independent and experienced solicitors who will appreciate what is involved and can advise the committee. Ideally this advice should be completely independent of any affiliation with management, and separate solicitors should be retained to independently advise the committee. The solicitors should be providing the committee with written advice.
In this context “independent” refers to the restrictions on relationships between the solicitors providing the advice and management and/or third parties that might affect the solicitors’ capacity to provide zealous representation and advice to the audit committee and should be determined in a way that is consistent with the committee’s approach to audit independence.
(H) Management letter comments
Auditors often identify improvements that can or should be made to a company’s internal controls, policies and financial disclosures. The auditor typically communicates these observations to management and the audit committee in what is referred to as a “management letter”. This letter is a valuable and integral part of each audit.
The audit committee should ensure they are provided with a copy of all management letter comments. It is important that this be obtained on a timely basis at the completion of each audit. In some cases, auditors may also provide management letter comments as they complete their interim audit procedures or their reviews of the quarterly financial statements.
In addition to obtaining a copy of the management comment letter, audit committees should have an in depth discussion with the internal and external auditors regarding what changes or improvements should be made in internal controls, policies or financial reporting processes. Then the audit committee should discuss with management how those changes or improvements would be implemented.
(I) Audit independence
Audit committee members should understand the importance of the auditor remaining independent. Committee members should be familiar with the rules in s 324 of the Corporations Act concerning who can and cannot be an auditor, Australian rules on auditor independence contained in The AuASB’s Auditing Standard AUS 1, and Statement of Auditing Practice AUP 32 “Audit Independence”; and the two main professional bodies’ Code of Professional Conduct.
The committee should be vigilant to ensure that the auditors be, and be seen to be, free of any interest which might be regarded – whatever its actual effect – as being incompatible with integrity and objectivity. They must not allow prejudice, bias or conflict of interest to override their objectivity.
At a minimum to monitor auditor independence issues the audit committee should:
• be advised of plans to hire personnel of the audit firm into high level positions;
• be pro-active in ensuring factors, such as time pressures on auditors, are addressed so as not to negatively impact the credibility of audits; and
• pre-approve non-audit services above an established threshold and consider certain guidelines with respect to their discussions of the auditor’s independence.
The SEC’s new rules set out five situations that automatically impair an auditor’s independence:
1. Some types of non-audit services: these rules restrict the provision of services that:
• creates a mutual or conflicting interest between the accountant and the audit client; or
• places the accountant in the position of auditing his or her own work; or
• results in the accountant acting as management or an employee of the audit client; or
• places the accountant in a position of being an advocate for the audit client.
2. Financial relationships: For example, investments in the audited company by one of the audit firm’s partners or employees working on the audit.
3. Employment relationships: For example, a close family member of an audit partner is in an accounting role or financial reporting oversight role at the audited company.
4. Business relationships: For example, a business relationship between the audit firm and one of the audited company’s directors, officers or substantial shareholders.
5. Contingent fees: An audit firm is deemed not to be independent if the firm provides any service or product to an audit client for a contingent fee or commission.
For situations falling outside the five above, there is a general rule:
The Commission will not recognize an accountant as independent, with respect to an audit client, if the accountant is not, or a reasonable investor with knowledge of all relevant facts and circumstances would conclude that the accountant is not, capable of exercising objective and impartial judgment on all issues encompassed within the accountant’s engagement.
(J) Auditors’ accountability
The audit committee should review on a regular basis the relationships between management and the internal and external auditors. It is critical that the external audit engagement partner clearly understands that he or she is responsible to and serving the investors and audit committee, not management.
The audit committee should hire the auditors, evaluate their performance and, when necessary, dismiss them. The auditor ought to issue the audit engagement letter directly to the audit committee and the audit partner and audit committee must have a clear understanding of the terms of the engagement, scope of the audit and responsibilities of the auditor for reporting to the audit committee.
Audit committees should inquire about and ensure that the audit fee does not represent a “loss leader” being used to leverage the audit into other consulting engagements. They should also inquire about the compensation scheme for the audit partner and determine if it is affected in any way by the cross-selling of consulting services.
(K) Regularly scheduled meetings
Depending on the size of the company and the complexity of its business, the audit committee should meet no less than four to six times a year. Additional or extended meetings may very well be needed when events such as material acquisitions occur or for training provided by management to new committee members on the company’s accounting practices and business operations. This basic understanding is fundamental to the ability of audit committee members to be able to adequately fulfil their responsibilities.
Most financial frauds occur in companies where audit committees meet infrequently. The type of in-depth, robust dialogue that is called for requires regular meetings to gain sound advice from the auditors, both internal and external. There can be no in-depth probing into the quality of financial reporting done by management if there is not adequate time allocated to do so.
(L) Reporting
Clearly the committee must institute a system to accurately minute the work done to assess the financial statements of the company. An effective documentation trail will be essential to establishing compliance by the audit committee with its obligations. At a minimum each year management should provide a written report to the committee addressing the effectiveness of the internal management controls. History shows that most financial fraud cases have their genesis in the breakdown of internal controls at management level.
Another step is to accurately reflect the outcomes of candid discussions undertaken by the committee with management, the internal auditor, and outside auditors regarding issues implicating judgment and impacting quality.
As discussed above there may well be justification in including in the annual report a report on the effectiveness of the company’s internal accounting controls. This sort of disclosure from management emphasises to stakeholders that the triumvirate of auditor, audit committee and financial management is operating effectively.
(M) Self-review
Finally, an audit committee that follows best practices will no doubt elect to undergo an annual evaluation. Just as the board of directors evaluates the management team and the auditor, the audit committee should perform an annual self-assessment of its performance and obtain input from the entire board of directors. There should also be 360° review of the committee’s effectiveness by management and the internal and external auditor.
(vi) Implications for insurances
Even though the business judgment rule provides some statutory protection for directors, the reality is that there will be no shortage of proceedings against directors (and audit committee members in particular) in the years to come. Qualified individuals could reasonably be more expected to be reluctant to agree to sit on audit committees. If they do sit on them they will want the highest possible level of protection from claims against them using both indemnities in the constitution and comprehensive directors and officers liability insurance.
Practically, indemnities in the constitution are subject to strict limitations as to the matters for which a company can indemnify a director; these are essentially limited to legal costs in defending proceedings and claims by third parties. The most practical solution for protecting against liability is through directors and officers (D&O) insurance.
There are restrictions on the breadth of the cover that may be provided but these have no particular application to audit committee members and would not adversely impact the kinds of D&O insurance usually carried by public companies to cover directors in respect of liabilities incurred by them in the course of carrying out their duties as directors and, in particular, as audit committee members.
Audit committee members ought to carefully review the D&O policy exclusions and consider how these exemptions might limit the cover provided, that is, the insured versus insured, professional indemnity and prospectus types of exclusions. In each case the committee should address their mind to the policy terms and in particular the level of cover provided. Plaintiffs, meanwhile, are seeking larger damages than ever. Until now, the largest settlement of a United States shareholder suit was $3.2 billion. That amount will be dwarfed by the Enron case, even if the litigation is ultimately settled for a fraction of the $60 billion in market value shareholders lost. Enron’s $350 million D&O policy, purchased from eight different carriers, will almost certainly be exhausted. That means former directors may face devastating claims against their personal assets – and that is if Enron’s D&O insurers pay at all. If the company misrepresented its financial condition when it bought the policy, the insurance companies may refuse to pay the claim.
(vii) Conclusion
Earnings management has become an anathema to regulators, governments and institutional and retail investors. Proposals for reform of the audit process abound. A well qualified audit committee is an essential element of effective governance in today’s listed companies. The audit committee properly constituted and advised can be “an independent, vigilant and capable overseer of corporate management’s preparation of financial statements with outside auditors” without overburdening the members with liability.
The audit committee members should be able to put processes in place to minimise the likelihood of audit failure and, if there is audit failure, to ensure their liability is limited. Concerns about increased liability for audit committee members are justified but, if properly followed, procedures can be established to manage and reduce an audit committee’s existing and future exposure to liability.
Partner Corporate Advisory, Corrs Chambers Westgarth
(a) There has been an extraordinary run of recent actual or perceived financial failures: Halliburton, Enron, Dynergy, Adelphia, Tyco, WorldCom, , , Global Crossing and Qwest have all been mentioned. In Australia, we have had Harris Scarfe, One.Tel and HIH. Phrases like “earnings management” are now in common parlance. Before the real lessons from any of these “failures” have been learnt, public pressure for accountability and reform will intensify. Nowhere will the pressure be more acutely felt than around those board tables where audit committees meet to discuss their financial statements. Earnings have always and will always be “manageable”. The application of accounting principles to a business always involves fine judgment. This article suggests a number of practical measures that audit committee members can take to ensure they are satisfying their obligations under Australian law as directors and delegates and that their discretions are being exercised in reasonable way.
(i) Introduction
Too often our media fail to recognise that financial fraud is a sophisticated business. That is why boards of directors, regulators and auditors find it so hard to stop. In a world where equity markets are unforgiving and management compensation is tied to the achievement of higher earnings, pressures cascade through an organisation and translate into pressure on financial management, audit committees and auditors.
The audit committee has become the subject of considerable focus as a way of cracking down on fraudulent financial reporting and more effective monitoring of the financial reporting process. The focus of recent times has been on the audit committee while there has been surprisingly little attention given to the potential liability of committee members.
A well functioning audit committee is an important element of good large company corporate governance, but it is not a universal panacea. The best and most diligent will sometimes be deceived. That is not to say regulators should capitulate, rather, we need to recognise the limitations of regulation.
The importance of accurate financial information cannot be underestimated; it is the lifeblood of markets, and our scheme of corporate regulation needs to actively preserve the integrity of financial information. In the near future it is likely that one of the costs of participating in public financial markets will be the necessity to establish, resource and supervise an audit committee.
Given the importance of the audit committee in enhancing financial statement reliability and credibility, there will be increasing pressure on companies (via either the ASX, in accordance with the recommendations of the Ramsay Report, or through market pressure) to establish independent audit committees. Already more than 186 of ASX top-200 companies have audit committees; of these only 26 included executive directors.
The push to a greater monitoring role for audit committees means they will be charged with greater liability for the failure of financial reporting systems over and above their existing liability as directors of the company. There have been recent statements by the United Kingdom Financial Services Authority (FSA) that it believes it is appropriate to look to the audit committee if there is an audit failure. This trend will most likely be replicated if and when the audit committees of HIH, Enron, WorldCom etc come before the courts. The audit committee will assume primary responsibility for the oversight of the company’s financial statements, possibly to the exclusion of all other directors.
There are concerns that the increasing focus on the audit committee as the governance instrument responsible for the regulation of financial management has brought with it increased liability for audit committee members. The following discussion focuses on the theoretical and practical potential liability of audit committee members and how, if properly followed, procedures could be established to manage and possibly reduce an audit committee’s existing exposure to liability.
(A) Audit “failure”
An important rationale for the audit committee is to reduce the risk of audit failure. Audit failure generally refers to an instance where a company’s financial statements are materially misstated and either “failed to discover the misstatement or acquiesced in the inclusion of the misstatement in the company’s financial statements”. An audit failure may precede a corporate collapse that might otherwise have been avoided, possibly where an industry regulator chooses to rely on financial statements that have been audited by a reputable accounting firm.
(ii) What is an audit committee
The board is responsible for managing the company. It delegates its management to executives who are responsible for the day-to-day management of the company and to various specific board committees to oversee particular areas in a review or advisory capacity.
The ability of a board to effectively monitor the company’s financial performance is increasingly being focused through the audit committee. The audit committee is seen as the monitor of the company’s financial integrity and internal controls; the board’s “structured and professional vertical probe”.
An appropriately structured and qualified audit committee plays a key role in assisting a board fulfil its overseeing responsibilities to oversee financial reporting, internal control structure, risk management systems and the internal and external audit functions. The committee also provides an effective mechanism for the auditor to communicate in an informal and private way with the directors (assuming the committee is composed, entirely of independent non-executive directors) about these issues as well as potentially troublesome issues at a relatively early stage and to broach sensitive issues in an uninhibited fashion.
Virtually all sets of corporate governance guidelines recommend that boards of large and/or publicly listed companies should have (at least) an audit committee. However, the Corporations Act, common law and the ASX Listing Rules do not provide much guidance on how the audit committee should be structured or how it should function.
A listed company is required to disclose in its annual report whether it has an audit committee. If it does not have one, it must disclose why. There is no requirement to say anything about the composition or functions of the committee. Listed companies are also required to ensure that their financial statements contain a statement of corporate governance practices operating during the reporting period, including rules for the nomination of external auditors and reviewing the existing external audit arrangements.
(iii) Overseas practice
Throughout the mid to late 1990s the SEC was making noises about the integrity of the reporting of American public companies. There was a clear feeling in the United States that market expectations would lead to greater levels of “earnings management”. The quarterly reporting model put substantial pressure on United States management to achieve Wall Street’s predictions – consequently some US management pushed the boundaries of United States GAAP in preparing their financial reports.
The NYSE and NASD Blue Ribbon Committee on improving effectiveness of corporate audit committees was established with the SEC’s encouragement to examine and make recommendations to monitor earnings management oversight by audit committees.
In summary the Blue Ribbon Committee recommended:
• mandated audit committees for all large listed companies comprising a minimum of three directors, each of whom is independent (where independence is rigorously defined), financially literate or who becomes financially literate within a reasonable period of time after his or her appointment and where at least one member has accounting or similar expertise;
• the adoption of a formal charter. The charter must specify that the audit committee is responsible for several matters. First, for ensuring that the auditor submits periodically to the audit committee a formal written statement delineating all relationships between the auditor and the company. Second, for actively engaging in a dialogue with the auditor regarding any disclosed relationships that may impact the auditor’s objectivity and independence. Third, for recommending that the board of directors takes appropriate action in response to the auditor’s statement to satisfy itself of the auditor’s independence; and
• the company must file a “written affirmation” with the exchange each year, and after any change in the audit committee’s composition, disclosing the audit committee’s members and confirming that the company is complying with the requirements summarised above.
In the United States the Sarbanes-Oxley Act 2002 deals with corporate responsibility and enhanced financial disclosure. It provides that the audit committee is directly responsible for the appointment, compensation, and oversight of the work of the public company auditors.
The Sarbanes-Oxley Act provides that the audit committee members must be independent from company management. It requires that the audit committee develop procedures for addressing complaints concerning auditing issues and also that they put in place procedures for employee whistleblowers to submit their concerns regarding accounting. The legislation specifically provides that an employee should be protected in going to the audit committee.
In the United Kingdom the Combined Code recommends that companies have an audit committee, and that the committee consist exclusively of non-executive directors (with at least a majority being independent non-executives). Listed United Kingdom companies must disclose annually whether they have complied with the Combined Code’s recommendations and, if not, why not.
The experiences of these two dominant capital market jurisdictions (although different in emphasis) will most likely travel to Australia either by regulation or by the increasing uniform international institutional corporate governance expectations.
(iv) General obligations
The board’s responsibilities go beyond strategic matters. The Corporations Act imposes specific responsibilities on directors; for example, the directors have specific responsibility for the company’s financial statements.
Directors have statutory and fiduciary duties to shareholders to act in good faith in the best interests of the company and for a proper purpose. Individual directors and/or the individual members of the audit committee will be judged by this standard in circumstances of audit failure (for example, failure to prevent earnings management).
Our courts have not separately reviewed the role of an audit committee as distinct from the director’s role as a board member. Further there is some doubt about whether the kind of distinctions drawn by Rogers CJ in AWA Ltd v Daniels (1992) 9 ACSR 383 regarding executive and non-executive directors can be sustained. To be liable under s 181 the committee member would need to be shown not to have acted with “the degree of care and diligence that a reasonable person would exercise if they occupied” the position of an audit committee member and to not be entitled to the protection of the business judgment rule.
While the case law in the United States is sparse, United States courts have found that audit committee members have an obligation “to question the information being presented to them”. The general theme of the United States cases is that audit committee members are “inside directors” and as such have a heightened exposure to liability, that is they have a higher monitoring obligation than non-audit committee members and other non-executive directors.
In Australia after Daniels v AWA (1995) 16 ACSR 607 (AWA appeal) decision the position is not clear regarding the level of duty imposed on executive and non-executive directors and axiomatically between committee members and other directors. The better view is probably that the standard of reasonableness expected of directors varies depending on the level of understanding of the relevant director and their role, for example as audit committee member (see below).
An Australian court is likely to assess whether the audit committee members have satisfied their statutory and common law obligations to act with a reasonable degree of care and diligence by reference to industry practice. The best current guide to industry best practice is Audit Committees: Best Practice Guide and the Ramsay Report. In order to satisfy their obligations, audit committee members need to see these “standards” and their own charter as benchmarks against which they will be judged.
(A) Business judgment rule
Under the statutory business judgment rule the court will only review the committee’s decision regarding say, earnings management, for rationality provided the prerequisites in s 181(2) of the Corporations Act are satisfied.
In the present context probably the most important prerequisite for the application of the business judgment rule is that the committee members have informed “themselves about the subject matter of the judgment to the extent they reasonably believe appropriate”, that is, the audit committee came to an informed decision.
Embracing the Ramsay Report recommendations regarding process would substantially aid an audit committee in demonstrating that its decision was an informed one and thus ought to be entitled to the favourable presumption of the business judgment rule.
If the audit committee examined the financial statements, discussed them with management and the outside auditor and took steps to investigate the independence of the outside auditor (see a more detailed discussion of the probable best practice steps below) before deciding whether to recommend the financial statements, it would be very difficult for a court to conclude that they had failed to appropriately inform themselves about the quality of the financial statements before recommending them to the board.
(1) Avoiding conflicts of interest
If audit committee members wish to avail themselves of the business judgment rule they will need to be continuously vigilant to identify circumstances of conflicting interests, that is, circumstances where they have a material personal interest in the matter before the committee. If, for instance, committee members hold significant numbers of share options that vest during the reporting period, they may well have a disqualifying personal interest. In ASIC v Adler [2002] NSWSC 171, Santow J held that Mr Adler and Mr Williams each as major shareholders in HIH had “a material personal interest precluding the application of the business judgment rule”.
If for some reason the business judgment rule is not available, following the processes referred to in the Ramsay Report recommendations could protect audit committee members from claims that they breached their duty of care to act with a reasonable degree of care and diligence. A diligent focus on the Ramsay Report recommendations will demonstrate that even though the committee may have recommended to the board financial statements, which later prove to be wrong, they will not have been in breach of their directorial obligations.
(B) Delegation and its consequences
The Corporations Act recognises that the directors may delegate their powers to a variety of people including a committee of directors. Once delegated each director is responsible for the exercise of the power by the delegate as if the directors themselves had exercised the power unless the directors can establish that the committee was reliable and competent in relation to the power delegated. Clearly a properly constituted and qualified audit committee can effectively shift primary liability for the monitoring and preparation of the company’s financial information to the audit committee.
The Corporations Act allows the directors to delegate their powers regarding financial matters to the audit committee. Section 189 provides specific authority for the rest of the board to reasonably rely on information or advice provided to the board by the audit committee; however, the provision requires that the board make an independent assessment of the “advice, having regard to [their] knowledge of the corporation and the complexity of the structures and operations of the corporation”. The provision does not require the board to separately have the audit committee determinations reviewed by, for example, an independent expert accountant but it does require them to have listened to and assessed what is being proposed by the audit committee. They must bring their own mind to bear on the issue using such skill and judgment as they possess.
The board should also ensure they adopt a written charter to govern the audit committee and establish the reasonableness of their reliance on the information coming to the board from the audit committee. If the directors have taken these steps then they will usually have established that they have satisfied their statutory and common law duties irrespective of the audit failure.
Adopting the charter alone is not sufficient; there should be an annual assessment by the audit committee of the adequacy of the charter. The audit committees (and boards of directors as a whole) should carefully review and, if necessary, update their audit committee’s charter to ensure that it not only meets the applicable requirements but also properly addresses the role the committee will in fact play in the financial reporting process. Audit committees should consider what, if anything, different from the past they will do. In addition, the audit committee should assure itself that in the course of its activities it in fact addresses the matters the charter contemplates that it will address.
(v) Practical steps to satisfy the obligations of audit committee membership
The role of the audit committee in most modern public companies is to engage in the pro-active oversight of the company’s financial reporting and disclosure process and the outputs of that process. Obviously, the committee is not responsible for the day-to-day tasks involved in making sure of the accuracy of the accounts. That is the role of management. Nor are they liable to micromanage the finances of the company. However, relying on the external auditor, financial management and internal auditors, the committee must exercise a high level of due diligence into the accuracy of the final statements.
During my almost eight years at the Commission, I have come to believe that one of the most reliable guardians of the public interest is a competent, committed, independent and tough-minded audit committee. The audit committee stands to protect and preserve the integrity of America’s financial reporting process. I encourage your committee to take every step possible to ensure that the integrity of the financial statements, and by extension, the interest of shareholders, remains second to none … [The] audit committees should encourage a “tone at the top” that conveys basic values of ethical integrity as well as legal compliance and strong financial reporting and control.
(A) Composition
Having regard to overseas practice and Ramsay Report recommendations, it is more than likely that in the near future audit committee members will need to have a reasonable level of financial literacy. However, the law and/or the ASX Listing Rules are not likely to go so far as to require every member of the committee to be an accountant.
All the members of the audit committee must be “independent”. An audit committee member will only be independent if he or she has no relationship with the company that may interfere with the exercise of independent judgment; the Ramsay Report recommendations set out a possible set of criteria to determine independence. Similarly, the chair of the board of directors should not be the chair of the audit committee. The Sarbanes-Oxley Act on the other hand defines independence by reference to the absence of any consulting, advisory or other compensatory fee from the company and the absence of any affiliation with the company or any subsidiary, in this context affiliation probably refers to any commercially beneficial arrangements.
In the United States a distinction exists in audit committee independence requirements between small capitalisation and large capitalisation companies. This distinction recognises that requirements for independent directors can be costly and that this cost may be relatively higher for small capitalisation companies than for large capitalisation companies. In the case of smaller companies (say less than $100 million market capitalisation) the audit committee requirements may vary so that they contain at least one director meeting the independence criteria, instead of all directors of the audit committee being required to meet the independence criteria.
(B) Duty to monitor
The directors of a company have a duty to monitor the company and its employees. Specifically, the directors collectively have a duty to ensure that there is an adequate corporate information and reporting system. Management’s accounts are subject to review by the auditor; the role of the committee is to monitor.
Adopting the sorts of processes identified below will help the audit committee demonstrate that it took steps to assure itself that it obtained the information needed to properly monitor the executives’ creation of financial statements and the auditors’ review. The committee should establish a system of overseeing the external reporting of the company.
Audit committees are uniquely positioned to oversee the construction and operation of a company’s financial affairs. If the actions and influence of audit committees are to be real they must extend beyond prescribed rules, obligations and responsibilities. The boundaries of an audit committee’s effort must be guided by an unwavering commitment to investors and a dedication to the integrity of high quality financial reporting.
The functions discussed below are designed to operate as indicia of best practice that, if followed, should provide evidence of the committee’s meeting its common law and statutory obligations. The following are not intended to suggest that the audit committee’s focus should shift from oversight to active management.
(C) Financial reporting
The audit committee has a key role in monitoring the component parts of the audit. In this pivotal role, aptly described by the Blue Ribbon Committee as “first among equals”, the committee oversees management who have and must accept the primary responsibility for the financial statements. It is important that this oversight role be timely, robust, diligent and probing.
The committee should be aware of the many specific periodic and continuous filing obligations and work with management to settle a work program to ensure adequate time is available to meet each of the financial filing obligations imposed on the company, some of these include:
•
•
• preparation and distribution of full and half year reports (full or concise) reconciled with any preliminary final report;
• information likely to have a material effect on the value of securities, as and when the company becomes aware of it;
• preliminary final report in the form set out in Appendix 4B of the ASX Listing Rules.
Warren Buffett, a major investor, has suggested that audit committees ask auditors:
1. If the auditor were solely responsible for preparation of the company’s financial statements, would the reports have been prepared in any way differently from the manner selected by management? The audit committee should inquire as to both material and non-material differences. If the auditor would have done anything differently from what management would have done, an explanation should be made of management’s argument and the auditor’s response.
2. If the auditor were an investor, would he have received the information essential to a proper understanding of the company’s financial performance during the reporting period?
3. Is the company following the same internal audit procedure that would be followed if the auditor himself were CEO? If not, what are the differences and why?
In a similar vein Mr Harvey Pitt, the chairman of the Securities and Exchange Commission, has suggested that audit committees ask their auditors to identify the five assumptions that make the biggest difference to the companies’ financial statements and to show how the numbers would look if different assumptions were made.
In the United States the Sarbanes-Oxley Act also requires that the auditor report to the audit committee:
(1) all critical accounting policies and practices to be used;
(2) all alternative treatments of financial information within generally accepted accounting principles that have been discussed with management officials of the issuer, ramifications of the use of such alternative disclosures and treatments, and the treatment preferred by the registered public accounting firm.
Additionally, s 401 of the Sarbanes-Oxley Act requires all financial statements that are prepared or reconciled to United States GAAP to reflect all “material correcting adjustments” that have been identified by an auditor in accordance with GAAP and SEC rules and regulations.
While probably now of little more than historical interest it is worth noting that the Second Corporate Law Simplification Bill 1996 included a general management discussion and analysis (MD&A) requirement that was omitted from the Bill in favour of a requirement to discuss in general terms information relating to a company’s operations and activities. This change was strongly opposed by the Securities Institute of Australia, the Accounting Bodies together and many other key organisations, including IFSA:
The MD&A would help users of financial reports to understand a company’s performance, financial position and future prospects. The Accounting Bodies believe that the absence of a regulatory framework for MD&A disclosure in Australian company reports is a significant shortcoming in the quality of financial reporting to users, especially as this form of reporting is required or encouraged in other major capital markets, such as the United States, United Kingdom and Canada. We do not believe that the Bill’s approach, that is, allowing the provision of a MD&A to be voluntary is appropriate. Although directors can incorporate interpretative information on the financial statements, our observations indicate that among a cross-section of companies of different size this type of information is not generally reported.
A different view on the need for a MD&A requirement was presented by the ASX who believed that a form of management discussion and analysis reporting was already required under the present Corporations Law requirements for directors’ reports. This misses the point of making the management (and the CEO and CFO in particular) separately responsible for discussion and analysis in the annual report; this is still an option available to Australian companies.
(D) Financial press releases
The audit committees ought to review and consider all the company’s publicly released material concerning financial information. There has been considerable recent criticism of press releases that convey an incomplete or inaccurate picture to investors; these have sometimes been referred to as an “EBS” or “Everything but Bad Stuff” release. Typically, these releases set forth the “pro forma” numbers before the actual operating results.
Audit committees need to view critically the company’s releases of financial information to ensure it is unbiased and balanced.
(E) Internal control structures and risk management systems
Many companies in Australia follow a best practice of including a management report on internal controls in their annual report to shareholders. Internal accounting controls are critical to the quality and timeliness of financial reporting by any company.
An effective audit committee ought to give due consideration to having the company include a report on the effectiveness of their internal accounting controls in the annual report. This will close the circle of reporting to the company’s shareholders by each of management, the independent auditor and the audit committee.
Each year, the audit committee should insist on and obtain from management a written report to the committee addressing whether the company’s internal controls are operating effectively.
Following the new United States rules the committee ought to consider developing procedures for addressing complaints concerning auditing issues and also that they put in place procedures for employee whistleblowers to anonymously submit their concerns regarding accounting or auditing issues.
(F) Internal audit functions
The audit committee should ensure that the internal auditor should have an unobstructed and clear communication channel to the audit committee. This is especially important today as the internal auditor can evaluate and report to the audit committee on the adequacy and effectiveness of a company’s internal controls. The internal audit functions and adequate systems and control procedures are key in the preparation of reliable financial statements. History shows that financial frauds often involve the overriding of internal controls by a company’s chief executive officer and/or chief financial officer.
(G) Related party transactions
If there is no separate committee to review these types of transactions (and in general where there are large shareholders with which the company does business there should be) the audit committee should review the frequency and significance of all transactions with related parties and assess their propriety.
The audit committee should give particular regard to whether they ought to have the advantage of advice from an independent lawyer (not otherwise employed by the company) in these types of matters. Few independent directors know how to handle the type of transactions that can be involved with related parties (whether management or shareholders). The committee will often benefit from advice from independent and experienced solicitors who will appreciate what is involved and can advise the committee. Ideally this advice should be completely independent of any affiliation with management, and separate solicitors should be retained to independently advise the committee. The solicitors should be providing the committee with written advice.
In this context “independent” refers to the restrictions on relationships between the solicitors providing the advice and management and/or third parties that might affect the solicitors’ capacity to provide zealous representation and advice to the audit committee and should be determined in a way that is consistent with the committee’s approach to audit independence.
(H) Management letter comments
Auditors often identify improvements that can or should be made to a company’s internal controls, policies and financial disclosures. The auditor typically communicates these observations to management and the audit committee in what is referred to as a “management letter”. This letter is a valuable and integral part of each audit.
The audit committee should ensure they are provided with a copy of all management letter comments. It is important that this be obtained on a timely basis at the completion of each audit. In some cases, auditors may also provide management letter comments as they complete their interim audit procedures or their reviews of the quarterly financial statements.
In addition to obtaining a copy of the management comment letter, audit committees should have an in depth discussion with the internal and external auditors regarding what changes or improvements should be made in internal controls, policies or financial reporting processes. Then the audit committee should discuss with management how those changes or improvements would be implemented.
(I) Audit independence
Audit committee members should understand the importance of the auditor remaining independent. Committee members should be familiar with the rules in s 324 of the Corporations Act concerning who can and cannot be an auditor, Australian rules on auditor independence contained in The AuASB’s Auditing Standard AUS 1, and Statement of Auditing Practice AUP 32 “Audit Independence”; and the two main professional bodies’ Code of Professional Conduct.
The committee should be vigilant to ensure that the auditors be, and be seen to be, free of any interest which might be regarded – whatever its actual effect – as being incompatible with integrity and objectivity. They must not allow prejudice, bias or conflict of interest to override their objectivity.
At a minimum to monitor auditor independence issues the audit committee should:
• be advised of plans to hire personnel of the audit firm into high level positions;
• be pro-active in ensuring factors, such as time pressures on auditors, are addressed so as not to negatively impact the credibility of audits; and
• pre-approve non-audit services above an established threshold and consider certain guidelines with respect to their discussions of the auditor’s independence.
The SEC’s new rules set out five situations that automatically impair an auditor’s independence:
1. Some types of non-audit services: these rules restrict the provision of services that:
• creates a mutual or conflicting interest between the accountant and the audit client; or
• places the accountant in the position of auditing his or her own work; or
• results in the accountant acting as management or an employee of the audit client; or
• places the accountant in a position of being an advocate for the audit client.
2. Financial relationships: For example, investments in the audited company by one of the audit firm’s partners or employees working on the audit.
3. Employment relationships: For example, a close family member of an audit partner is in an accounting role or financial reporting oversight role at the audited company.
4. Business relationships: For example, a business relationship between the audit firm and one of the audited company’s directors, officers or substantial shareholders.
5. Contingent fees: An audit firm is deemed not to be independent if the firm provides any service or product to an audit client for a contingent fee or commission.
For situations falling outside the five above, there is a general rule:
The Commission will not recognize an accountant as independent, with respect to an audit client, if the accountant is not, or a reasonable investor with knowledge of all relevant facts and circumstances would conclude that the accountant is not, capable of exercising objective and impartial judgment on all issues encompassed within the accountant’s engagement.
(J) Auditors’ accountability
The audit committee should review on a regular basis the relationships between management and the internal and external auditors. It is critical that the external audit engagement partner clearly understands that he or she is responsible to and serving the investors and audit committee, not management.
The audit committee should hire the auditors, evaluate their performance and, when necessary, dismiss them. The auditor ought to issue the audit engagement letter directly to the audit committee and the audit partner and audit committee must have a clear understanding of the terms of the engagement, scope of the audit and responsibilities of the auditor for reporting to the audit committee.
Audit committees should inquire about and ensure that the audit fee does not represent a “loss leader” being used to leverage the audit into other consulting engagements. They should also inquire about the compensation scheme for the audit partner and determine if it is affected in any way by the cross-selling of consulting services.
(K) Regularly scheduled meetings
Depending on the size of the company and the complexity of its business, the audit committee should meet no less than four to six times a year. Additional or extended meetings may very well be needed when events such as material acquisitions occur or for training provided by management to new committee members on the company’s accounting practices and business operations. This basic understanding is fundamental to the ability of audit committee members to be able to adequately fulfil their responsibilities.
Most financial frauds occur in companies where audit committees meet infrequently. The type of in-depth, robust dialogue that is called for requires regular meetings to gain sound advice from the auditors, both internal and external. There can be no in-depth probing into the quality of financial reporting done by management if there is not adequate time allocated to do so.
(L) Reporting
Clearly the committee must institute a system to accurately minute the work done to assess the financial statements of the company. An effective documentation trail will be essential to establishing compliance by the audit committee with its obligations. At a minimum each year management should provide a written report to the committee addressing the effectiveness of the internal management controls. History shows that most financial fraud cases have their genesis in the breakdown of internal controls at management level.
Another step is to accurately reflect the outcomes of candid discussions undertaken by the committee with management, the internal auditor, and outside auditors regarding issues implicating judgment and impacting quality.
As discussed above there may well be justification in including in the annual report a report on the effectiveness of the company’s internal accounting controls. This sort of disclosure from management emphasises to stakeholders that the triumvirate of auditor, audit committee and financial management is operating effectively.
(M) Self-review
Finally, an audit committee that follows best practices will no doubt elect to undergo an annual evaluation. Just as the board of directors evaluates the management team and the auditor, the audit committee should perform an annual self-assessment of its performance and obtain input from the entire board of directors. There should also be 360° review of the committee’s effectiveness by management and the internal and external auditor.
(vi) Implications for insurances
Even though the business judgment rule provides some statutory protection for directors, the reality is that there will be no shortage of proceedings against directors (and audit committee members in particular) in the years to come. Qualified individuals could reasonably be more expected to be reluctant to agree to sit on audit committees. If they do sit on them they will want the highest possible level of protection from claims against them using both indemnities in the constitution and comprehensive directors and officers liability insurance.
Practically, indemnities in the constitution are subject to strict limitations as to the matters for which a company can indemnify a director; these are essentially limited to legal costs in defending proceedings and claims by third parties. The most practical solution for protecting against liability is through directors and officers (D&O) insurance.
There are restrictions on the breadth of the cover that may be provided but these have no particular application to audit committee members and would not adversely impact the kinds of D&O insurance usually carried by public companies to cover directors in respect of liabilities incurred by them in the course of carrying out their duties as directors and, in particular, as audit committee members.
Audit committee members ought to carefully review the D&O policy exclusions and consider how these exemptions might limit the cover provided, that is, the insured versus insured, professional indemnity and prospectus types of exclusions. In each case the committee should address their mind to the policy terms and in particular the level of cover provided. Plaintiffs, meanwhile, are seeking larger damages than ever. Until now, the largest settlement of a United States shareholder suit was $3.2 billion. That amount will be dwarfed by the Enron case, even if the litigation is ultimately settled for a fraction of the $60 billion in market value shareholders lost. Enron’s $350 million D&O policy, purchased from eight different carriers, will almost certainly be exhausted. That means former directors may face devastating claims against their personal assets – and that is if Enron’s D&O insurers pay at all. If the company misrepresented its financial condition when it bought the policy, the insurance companies may refuse to pay the claim.
(vii) Conclusion
Earnings management has become an anathema to regulators, governments and institutional and retail investors. Proposals for reform of the audit process abound. A well qualified audit committee is an essential element of effective governance in today’s listed companies. The audit committee properly constituted and advised can be “an independent, vigilant and capable overseer of corporate management’s preparation of financial statements with outside auditors” without overburdening the members with liability.
The audit committee members should be able to put processes in place to minimise the likelihood of audit failure and, if there is audit failure, to ensure their liability is limited. Concerns about increased liability for audit committee members are justified but, if properly followed, procedures can be established to manage and reduce an audit committee’s existing and future exposure to liability.
posted by Andrew Lumsden @ Wednesday, January 11, 2006
0 Comments:
Post a Comment
<< Home