Time to Reassess the Audit Committee and Its Function

John P. Beavers
 November 2002

The investing public has lost confidence in corporate America. For capitalism to survive, that confidence must be restored. To do so will require stewardship from all involved with corporate leadership. And who better to provide this stewardship than independent directors serving on audit committees?

Both Congress, in the Sarbanes-Oxley Act of 2002 (Act), and the Blue Ribbon Committee, in its Report On Improving The Effectiveness Of Audit Committees (Report), believe that audit committees are the catalyst for improved financial reporting. The Report states:

The committee's job is clearly one of oversight and monitoring, and in carrying out this job it acts in reliance on senior financial management and the outside auditors. A proper and well-functioning system exists, therefore, when the three main groups responsible for financial reporting -- the full board including the audit committee, financial management including the internal auditors, and the outside auditors -- form a "three-legged stool" that supports responsible financial disclosure and active and participatory oversight. However, in the view of the Committee, the audit committee must be "first among equals" in this process, since the audit committee is an extension of the full board and hence the ultimate monitor of the process.

Independent members of boards of public reporting companies should heed the Act’s admonition by Congress: Retake the reins of the audit process. Although the Act does not require a public reporting company to have an audit committee, the Act does require that either the board itself or a committee established by the board must have authority for overseeing the accounting and financial reporting processes and the audits of the financial statements of the issuer.1

If boards of public reporting companies do not have a separate audit committee, these boards should reassess having a separate audit committee, and boards that have audit committees should reassess their audit committees and their functions, in light of the Act.

Membership

Independence. The Act requires that each member of the audit committee be a member of the board of directors and otherwise be independent. Independent means that no member may, other than in his or her capacity as a member of the audit committee, the board of directors, or any other board committee, do the following:

  • Accept any consulting, advisory, or other compensatory fee from the issuer; or
  • Be an affiliated person of the issuer or any subsidiary thereof.2

The Report defines “independence” as having no relationship to the corporation that may interfere with the exercise of independence from management and the corporation. Examples cited by the Report of relationships resulting in the loss of independence are:

  • Being employed by the corporation or any of its affiliates for the current year or any of the past five years;
  • Accepting any compensation from the corporation or any of its affiliates other than compensation for board service or benefits under a tax-qualified retirement plan;
  • Being a member of the immediate family of an individual who is, or has been in any of the past five years, employed by the corporation or any of its affiliates as an executive officer;
  • Being a partner in, or a controlling shareholder or an executive officer of, any for-profit business organization to which the corporation made, or from which the corporation received, payments that are or have been significant to the corporation or business organization in any of the past five years; or
  • Being employed as an executive of another company where any of the corporation's executives serve on that company's compensation committee.

Financial Expertise. The Act directs the SEC to adopt rules requiring public reporting companies to disclose whether the audit committee has at least one member who is a financial expert and, if not, why not. A “financial expert” is someone who, through “education and experience,” has:

  • An understanding of generally accepted accounting principles and financial statements;
  • Experience in (a) the preparation or auditing of financial statements of generally comparable issuers; and (b) the application of such principles in connection with the accounting for estimates, accruals, and reserves;
  • Experience with internal accounting controls; and
  • An understanding of audit committee functions.3

At a minimum, the Report recommends that each member should have "financial literacy" meaning the ability to read and understand fundamental financial statements, including a company's balance sheet, income statement, and cash flow statement. The report also recommends company-sponsored or paid training programs to maintain this literacy.

Available Time. Although not expressly required by the Act, members of the audit committee will need to devote significant time in order to carry out the authorities delegated by the Act.

Charter

Although the Act does not require audit committees to have charters describing their authority, the SEC requires public reporting companies to disclose whether the board has adopted a written charter for its audit committee or if not, why not.4 The Report recommends that each company listed on the NYSE or Nasdaq (i) adopt a formal written charter that is approved by the full board of directors and specifies the scope of the committee's responsibilities, and how it carries out those responsibilities, including structure, processes, and membership requirements, and (ii) review and reassess the adequacy of the audit committee charter on an annual basis.

The purpose of the charter is to establish contractual duties, and attendant liability for breach of those duties, that may be enforced by the board as a whole, the company, and shareholders derivatively. Boards should review any existing charters, and prepare any new charters, in light of the authority granted to audit committees by the Act.

Authority

Although the Act does not require either an audit committee or a charter, the Act expressly grants the following authority to the audit committee, or in absence of an audit committee, to the independent directors of boards of public reporting companies:

  • Hiring, firing and compensating the auditors, subject to shareholder approval;5
  • Overseeing the auditor’s work and resolving any disagreements between management and the auditor;6
  • Establishing procedure for and receiving complaints, including anonymous submissions by employees;7
  • Engaging independent counsel and other advisers, the fees of which must be paid by the issuer;8
  • Determining the scope of engagement of the auditor, subject to disclosure to investors;9
  • Receiving reports from the auditor on policies used and alternative treatments discussed with management as well as those considered preferred;10 and
  • Receiving and determining remedial action to take regarding any illegal act brought to its attention by the auditor.11

Any charter of the audit committee should reflect the forgoing authority.

Expected Roles in the Audit Process Prior to the Act

The Report describes the board and its audit committee, the outside auditor and the internal auditor as the “three-legged stool” responsible for soundness of an issuer’s financial reporting. Expressly under the Report and at least implicitly under the Act, the board or its audit committee is the “first among equals,” in that it is to oversee and monitor the financial reporting and auditing processes.

The company’s management is expected to be principally responsible for company accounting policies and the preparation of the financial statements. This includes:

  • Maintaining a system of effective internal controls to be implemented by the internal auditor;
  • Maintaining books and records accurately reflecting transactions from which financial statements can be prepared in accordance with GAAP; and
  • Preparing financial statements and related financial disclosures.

The outside auditor is expected to audit and provide an opinion regarding the company's overall financial statements and to evaluate the company's internal controls. This includes:

  • Testing by obtaining evidence supporting the amounts and the disclosures made in the financial statements;
  • Assessing the accounting principles used and estimates made by management in its preparation of the financial statements; and
  • Assessing the overall presentation of information in the financial statements.

Accordingly, the audit committee is expected to oversee both management and the outside auditors in their respective performances of the responsibilities discussed in the preceding two paragraphs. As part of such oversight, the audit committee is expected under existing SEC rules to:

  • Review and discuss the audited financial statements with the company’s management;12
  • Discuss with the outside auditors (1) methods used to account for significant unusual transactions; (2) the effect of significant accounting policies in controversial or emerging areas for which there is a lack of authoritative guidance or consensus; (3) the process used by management in formulating particularly sensitive accounting estimates and the basis for the auditor's conclusions regarding the reasonableness of those estimates; (4) disagreements with management over the application of accounting principles, the basis for management's accounting estimates, and the disclosures in the financial statements; and (5) any other matters required to be discussed by SAS 61;13
  • Discuss with the outside auditors the auditors’ independence, including receiving the written disclosures and the letter from the independent accountants required by Independence Standards Board Standard No. 1;14
  • Prior to finalizing and filing the Company’s Form 10-K annual report, review the selection, application and disclosure of critical accounting policies, be apprised of the evaluative criteria used by management in their selection of the accounting principles and methods, and if appropriate have proactive discussions with the company's senior management and the outside auditor about critical accounting policies;15
  • Make a recommendation to the board regarding inclusion of the audited financial statements in the company's Form 10-K annual report;16 and
  • Issue an audit committee report on the forgoing matters and additionally stating the name of each member of the audit committee for inclusion in the company’s proxy materials at least once each fiscal year.17

Expansion of Roles Mandated by the Act

The Act changes or at least mandates certain roles of the audit committee, management and the outside auditor:

Internal controls. The CEO and CFO are to be responsible for:

  • Designing, establishing and maintaining internal controls;
  • Evaluating the effectiveness of internal controls;
  • Based on their evaluations, reporting their conclusions about the effectiveness of internal controls, including any significant changes in internal controls or in other factors that could significantly affect internal controls subsequent to the date of their evaluation, as well as any corrective actions with regard to significant deficiencies and material weaknesses; and
  • Disclosing to the board of directors and the outside auditor all significant deficiencies in the design or operation of internal controls as well as any fraud, whether or not material, that involves management or other employees who have a significant role in the internal controls.18

Outside Auditor Independence. The outside auditor of a public reporting company must be a public accounting firm registered with the Public Company Accounting Oversight Board created by the Act.19 To maintain independence, the outside auditor may not simultaneously provide to the company any of the following non-auditing services:

  • Bookkeeping or other services related to the accounting records or financial statements of the audit client;
  • Financial information systems design and implementation;
  • Appraisal or valuation services, fairness opinions, or contribution-in-kind reports;
  • Actuarial services;
  • Internal audit outsourcing services;
  • Management functions or human resources;
  • Broker or dealer, investment adviser, or investment banking services;
  • Legal services or expert services unrelated to the audit; and
  • Any other service that the Board determines, by regulation, is impermissible.20

The lead (or coordinating) audit partner having primary responsibility for the audit, or the audit partner responsible for reviewing the audit, is to rotate at least once during every five fiscal years of the company.21 An auditor may not perform any audit service for a public reporting company if a CEO, controller, CFO, chief accounting officer, or any person serving in an equivalent position for the company, was employed by that auditor and participated in any capacity in the audit of that company during the preceding year.22

Evidence of Securities Violations and Breach of Fiduciary Duty. Any attorney or firm, including a legal department, whose practice consists of representing companies before the SEC, is required to report to the chief legal counsel or CEO any evidence, including an anonymous email or memorandum, of a material violation of securities law or breach of fiduciary duty or similar violation by the company or any agent thereof. If the chief legal counsel or executive officer does not take appropriate action, the attorney is required to report the evidence to the audit committee or another committee comprised solely of directors not employed directly or indirectly by the company.23

Ultimate Recipient of Reports and Other Communications. The Act expands the oversight role of the audit committee to become the ultimate recipient of numerous reports and other communications, including:

  • Information detected by or otherwise coming to the attention of the outside auditor regarding an illegal act by the company or its agents having an impact on financial statements (whether or not perceived to have a material effect)24 as well as information about related party transactions not fully disclosed in financial statements and any doubts about the ability of the company to continue as a going concern;25
  • Information regarding all services performed and agreement to perform services for the company by the outside auditor because all such services and agreements are required to be approved by the audit committee;26
  • Report by the outside auditor on (i) all critical accounting policies and practices to be used; (ii) all alternative treatments of financial information discussed with management, ramifications of the use of such alternative disclosures and treatments, and the treatment preferred by the registered public accounting firm; and (iii) other material written communications between the outside auditor and management, such as any management letter or schedule of unadjusted differences;27
  • Complaints received by the company regarding accounting, internal accounting controls, or auditing matters, including expressly any anonymous submission by employees of concerns regarding questionable accounting or auditing matters are to be received by the audit committee or otherwise are to be received, retained and investigated pursuant to procedures established by the audit committee;28
  • Disclosures from the company’s CEO and CFO, including (i) significant deficiencies in the design or operation of internal controls and (ii) any fraud, whether or not material, that involves management or other employees who have a significant role in the issuer's internal controls;29
  • Reports of the company’s CEO and CFO as part of the certification requirements, including each of their evaluations of the effectiveness of the company's internal controls and significant changes in internal controls or in other factors that could significantly affect internal controls subsequent to the date of their evaluations;30
  • Reports of any action taken by any officer, director or other person acting under the direction thereof to take any action to fraudulently influence, coerce, manipulate, or mislead the outside auditor in the performance of an audit;31
  • Reports from attorneys representing the issuer of any evidence received by them of material violations of securities law or material breaches of fiduciary duty not appropriately responded to by the company’s chief legal officer or CEO;32
  • Information from the outside auditor regarding material correcting adjustments that have been identified by the auditor in accordance with generally accepted accounting principles and the rules and regulations of the SEC in order to assure compliance by the company with its obligations for accurate financial statements under new section 13(i) added by the Act to the Securities Exchange Act of 1934;
  • Information regarding off-balance sheet transactions, arrangements, obligations (including contingent obligations), and other relationships of the company with unconsolidated entities or other persons, that may have a material current or future effect on the financial condition, changes in the financial condition, results of operations, liquidity, capital expenditures, capital resources, or significant components of revenues or expenses in order to assure compliance by the company with its obligations under new section 13(j) added by the Act to the Securities Exchange Act of 1934.

Endnotes

 1.  See new §3(a)(58) added by the Act to the Securities Exchange Act 1934.

 2.  See new §10A(m)(3) added by the Act to the Securities Exchange Act 1934.

 3.  See §407 of the Act.

 4.  See item 7(e)(3) of Schedule 14A.

 5. See new §10A(m)(2) added by the Act to the Securities Exchange Act of 1934.

 6.  Ibid.

 7.  See new §10A(m)(4) added by the Act to the Securities Exchange Act of 1934.

 8.  See new §§10A(m)(5) and (6) added by the Act to the Securities Exchange Act of 1934.

 9.  See new §§10A(g), (h) and (i) added by the Act to the Securities Exchange Act of 1934.

10.  See new §10A(k) added by the Act to the Securities Exchange Act of 1934.

11.  See new §10A(b) added by the Act to the Securities Exchange Act of 1934.

12.  See item 306 of Regulation S-K and item 306 of Regulation S-B.

13.  Ibid.

14.  Ibid.

15.  See SEC Release 34-45149 (December 12, 2001).

16.  See item 306 of Regulation S-K and item 306 of Regulation S-B.

17.  See item 7(e) of Schedule 14A.

18.  See §302 of the Act.

19.  See §102 of the Act which makes if unlawful for anyone not a public accounting firm registered with the Board from prepare or issue, or to participate in the preparation or issuance of, any audit report with respect to a public reporting company.

20.  See §10A(g) added by the Act to the Securities Exchange Act of 1934.

21.  See §10A(j) added by the Act to the Securities Exchange Act of 1934.

22.  See §10A(l) added by the Act to the Securities Exchange Act of 1934.

23.  See §307 of the Act.

24.  See §10A(b) of the Securities Exchange Act of 1934.

25.  See §10A(a) of the Securities Exchange Act of 1934.

26.  See §§10A(h), (i) and (m)(2) added by the Act to the Securities Exchange Act of 1934.

27.  See §10(A)(k) added by the Act to the Securities Exchange Act of 1934.

28.  See §10A(m)(4) added by the Act to the Securities Exchange Act of 1934.

29.  See §302(a)(5) of the Act.

30.  See §302(a)(5) of the Act.

31.  See §303 of the Act.

32.  See §307 of the Act.

More articles ...