Serving on an audit committee can be challenging because of the sheer breadth of corporate functions the committee is required to oversee. Still, an effective audit committee plays an essential role in helping the company stay within the boundaries of regulatory obligations and avoid fines, penalties, and loss of trust from stakeholders.
One day you may be overseeing financial reporting, and the next, you’re participating in an internal investigation. Whatever the day brings, it’s important to know these six critical auditing areas that will help the company maintain its integrity and keep moving in the right direction:
- Financial Reporting
- Internal & External Audits
- Risk Management
- Environmental, Social & Governance
- Crisis Response
Let’s take a closer look at each of these critical areas of focus for audit committees, why they matter, and what audit committee members need to focus on as they examine each space.
1. Financial Reporting
First, all directors on the audit committee should understand the financial reporting process, including:
- Disclosure controls and procedures
- The closing process
- Materiality considerations
- Internal control evaluations
- Related party transactions
- Review of SEC comment letters
- And more.
The committee also needs to review actual filings and approve the earnings release.
Audit committees need to be actively engaged in reviewing non-GAAP (generally accepted accounting principles) measures.
Their main job is to understand how, when, and why management uses these measures in performance evaluation, financial reporting, and internal decision-making.
The audit committee should also work to understand tax fundamentals, including how the tax group is organized, who it reports to, and how it functions with other parts of the company. Additionally, the committee should know how tax addresses competing priorities, strategic business changes, transformation efforts, talent management, and third-party resources when special expertise is needed.
2. Internal & External Audits
To get the most out of an internal audit, the audit committee needs to ensure that:
- The chief audit officer is present for all audit committee meetings.
- There are regular one-on-one meetings between the CAO and the audit committee chair.
The person in this CAO role should also be part of any appropriate management leadership committees, and management should be held accountable for implementing internal audit recommendations in a timely fashion. Finally, all reporting lines should encourage and promote objectivity to ensure the internal audit’s success.
The external auditor’s role is to help ensure integrity in the company’s financial reporting. The audit committee is responsible for appointing, compensating, and overseeing the external auditor’s work.
For this reason, it’s vital that the audit committee build a strong working relationship with the external auditor by:
- Protecting their independence
- Communicating with and gaining insight from them beyond what’s required.
The audit committee also needs to ensure that its proxy statement disclosures include information about how it assesses external auditor performance and fulfills its oversight role.
3. Risk Management
Today’s companies face a wide range of business risks. Though risk management oversight is the job of the audit committee, it’s important for the entire board to be involved and bring their diverse skills and backgrounds to the table.
Beyond that, good risk management should always be viewed from the perspective of various stakeholders and assessed in line with the company’s long-term strategy.
As companies face uncertainty, it’s critical that the board and audit committees have a firm grasp on:
- What the company’s risk management program looks like
- The data needed to properly manage risk
- How much risk the company must take on
- How to maintain robust risk oversight disclosures to reassure stakeholders that the company is overseeing risk effectively.
With cyber threats rising and 75% of U.S. CEOs concerned about it, audit committees need to be focused as intensely on data breach response as they are on prevention. A few tips to help audit committees accomplish that goal include:
- Embedding cyber risks in strategic decisions and ensuring the CISO is involved in discussing those decisions
- Ensuring cybersecurity is part of the company culture by having senior leaders underscore its importance to all employees and implementing security-focused policies, standards, and training
- Understanding the company’s current vulnerabilities and how the cybersecurity program and crisis response plan address them
No matter who takes on the task of cybersecurity oversight, enlist the help and advice of experts who can properly assess the effectiveness of your program and ensure maximum protection throughout the business.
5. Environmental, Social & Governance
ESG concerns are more than just a hot news topic. Large institutional investors are now starting to make critical decisions based on corporate transparency. Regulators are also entering the conversation to discuss how to hold companies accountable for their sustainability efforts.
As audit committees and boards figure out how to draft investor-grade ESG enclosures, they must develop ESG metrics that are value drivers for the company and material to its operations and performance. The audit committee’s financial reporting expertise can help determine whether the company’s internal controls are good enough to ensure data accuracy.
The audit committee should also consider the most appropriate method for making ESG disclosures. As the committee inquires about management’s ESG-related procedures, it’s important to discover the company’s current ESG risks and opportunities, the frameworks or standards being used, and the way the company responds to the requests of key stakeholders and regulators.
6. Crisis Response
To properly handle an internal investigation or unexpected crisis, the audit committee needs to know whether the issue is serious enough to warrant an investigation or coordinated response. If so, the committee should take the following actions:
- Assemble an investigation committee
- Establish the scope and procedures
- Determine how the investigation team will keep the audit committee informed
- Determine reporting and disclosure requirements and best practices
Once the investigation is complete, the committee should consider its remediation plan to reduce the chances that the same type of incident will occur in the future.
Audit Committees Are Crucial to Board Oversight
Audit committees are indeed responsible for a lot. Financial reporting, internal and external audits, risk management, cybersecurity, ESG reporting, and crisis response are all critical areas that can make or break a company.
In dealing with it all, the audit committee must understand the company’s current processes, get the information it needs to make tough decisions, and maintain open lines of communication with investors and key players. While it will never be an easy job, keeping those goals front and center will help committee members maximize their effectiveness and do the best job of keeping the company on track.
About Boardroom Pulse
Boardroom Pulse is the C-suite’s trusted source for current, forward-thinking, and deeply insightful news and information focused on corporate governance practices and the latest developments in the business world.
Driven by a mission to elevate corporate governance standards and empower modern business leaders, Boardroom Pulse consistently publishes comprehensive, timely news, stories, analyses, and related content to encourage dialogue, amplify best practices, and continue to promote the most responsible leadership and corporate leadership and governance strategies in C-suites nationwide.
That’s why more and more executive directors, board members, CEOs, and other executives turn to Boardroom Pulse to understand the complexities of the business world, build a stronger foundation for sustainable success, and refine corporate governance for a better future. Be part of a rapidly growing community that values excellence, integrity, and continuous improvement in corporate governance.
Monthly Unique Visitors
Monthly Page Views