10 best practices for ac
TRANSCRIPT
8/3/2019 10 Best Practices for AC
http://slidepdf.com/reader/full/10-best-practices-for-ac 1/4
audit committee
B e s tP r a c t i c e s
F o r
A u d i t C o m m i t t e e sresult of the accounting scandals of recent
fears is the enormous attention given to audit
committees of public compa-
nies and the subsequ ent cha nge
in the committee's rote and pract ices
Th e Sarbanes-Oxley Act of 2002 effec-tively transferred certain powers from
the CEO and the CFO to the audit com-
mittee. The enhanced role requires
audit committee members with more
expertise to devo te subs tantially more
by Frederick D. Lipman
1stablish an effective internal
audit function t h a t reports to
the audi t commit tee. Estab-
lishing such an internal audit func-
tion is probably the most important
thing the audit committee can do. The
internal auditor must be hired and
compensated by the audit committee
of the hoard of directors. The primary
responsibility of the internal auditor
should be to assist the board In per-
forming its fiduciary duty to monitor
management — or, in other words.
The publiccompany auditcommittee now
has an enhancedrole and needs torevise some of its
practices. Here aresome key areas to
focus on.
act as the eyes and ears of the audit
committee.
Other operational duties may be
assigned to the internal auditor by
management, but these other duties
should not interfere with the primary
responsibility of the internal auditor.
It is clear from the WorldCom Inc.
time and effort to their task. In deed , in many cases^ time
spent on audit committee work has increased as much
as 100 percent.
in light of these changes, spurred not
only by the scandals but the new rules
and regulations that followed the scan-dals, there are some key areas to focus on .
The following d iscusses 1 0 best practices
for audit comm ittees sum marized from a
list of 30 that are includ ed in a new book
on the subject by this author.
fiasco that the audit committee must
control the operations of the internal
audit department to the extent that
those functions deal with the au dit of
financial reporting. WorldCom'.^
audit committee allowed manage-
ment to control the internal audit
department and created an incentive
structure that required the internal
audit group to emphasize opera-
tional audits, which saved money for
WorldCom or otherwise produced
"value." This resulted in an internal
8/3/2019 10 Best Practices for AC
http://slidepdf.com/reader/full/10-best-practices-for-ac 2/4
audit group that had neither the
staffing nor funding to provide ade-
quate information to the audit com-
mittee on financial reporting issues.
Serious consideration should be
given to structuring the compensation
of the head of the internal audit to
avoid excessive reliance on compen-
sation driven by accoun ting results. Toproperly maintain the watchdog
function of the internal auditor, he or
she should not receive significant
incentives based on profitability.
Some companies prefer to out-
source all or part (so-called "co-
sourcing") of the internal audit func-
tion. Under these circumstances, the
audit committee should control not
only the selection and retention of the
outside internal auditor, but also the
compensation arrangements.
li*^ Create an ethical, law-abidingculture within the organization
^ wi tho ut di scouraging ent re-
preneurial risk- taking. A key element
of such a cultu re is the tone at the top
of the organization.
Employees must be sensitized to
the need to communicate significant
legal risks to management and to the
audit committee or nominating/cor-porate governance committee of the
board of directors. The U. S. Depart-
ment of Justice guidelines require the
board to create an ethical, law-abid-
ing culture to avoid criminal indicS-
ment of the organization. Financial
incentives should be provided to the
CEO to create such a culture.
f= The audit committee should
'^ communicate wi th key peoplethroughout the organizat ion.
In addition to the outside auditors,
the CEO and CFO, the audit comm it-
tee should consider interviewing, at
least once a year, employees and
service prov iders in these key roles:
controller and assistant con-
troller (ask it there are any ac counting
policies or procedures with which
they are uncomfortable);
head of sales (ask if there are any
side deals with any customers, chan-
nel stuffing, so called "round-trip"
sales, etc.);
tax mana ger (ask if there are any
aggressive tax strategies being pur-
sued by the company);
inside and outside counsel;
head of disclosure committee;
corporate governance officer;
head of information technology;
head of corporate development;
an d
head of purchasing.
Audit committees cannot operate
properly without having information
from diverse sources, both from
within and outside the company.
Altho ugh all the facts ar e not clear, it
appears that the audit committees at
Enron Corp. and WorldCom relied
primarily — if not exclusively — on
information provided to them bymembers of the management team
over which they were required to
exercise oversight, as well as on
information provided to them by the
outside auditor.
Each of the persons named above
should be interviewed separately
and not in the presence of superiors
within the company; prosecutors
have known for many years that sub-
ordinates do not talk freely when
their bosses are present.
Monitor management sales ofstock. The temptation to inflate
earnings is greatest prit)r to the
intended sale of stock by manage-
ment. Audit committees should con-
duct more intensive and extensive
audits on the eve of insider sales of
significant anwunts of stock. The
audit committee should adopt a pol-
icy requiring written notice of insid-er sales several months before the
actual date of such sale, so as to
arrange the necessary audits.
Other "warning" events are
included in Best Practice No. 5.
Be aware of other "w ar ni ng "events. There are certain other
warning events that should
alert an audit committee to conduct
more intensive and extensive audits.
If sho rt sellers take a significant posi-
tion in the company stock, the audit
committee should investigate whether
the short sellers know something the
audit committee does not. Other
warning events may include: the
company never fails to meet an earn-
ings projection; the CEO or CFO is
under personal financial pressure,which may stem from a lavish
lifestyle, divorce, gambling habits or
other issues.
Never failing to meet an earnings
projection should raise a red flag.
Personal financial pressure on the
CEO or CFO should trigger a closer
look by the audit committee at the
company's financial statements, par-
ticularly if any large bonus or salary
increase depe nds upon the com pany 's
financial results.
Control conflicts of interest. In
rare situations in which the
audit committee elects to
approve a conflict of interest, an
ongoing independent monitoring
mechanism must be established. This
mechanism may include more inten-
sive or extensive audits by the inde-
pendent auditor, possibly supple-
mented by oversight by the internalauditor. The results of both the inde-
pendent auditor and the internal
auditor sh ould be reported directly to
the audit committee.
The Enron audit committee
approved off-balance sheet special-
purpose entities that clearly created a
conflict of interest between certain
members of management and thf
company. Yet, based on the currently
available facts, the Enron audit com-
mittee did not create adequate over-sight mechanisms to verify that the
representat ions made by manage-
ment to the audit committee, which
induced approval of the conflict of
interest, were in fact being followed.
Ask the auditor the Warren
Buffet t quest ions. The audit
committee should ask the fol-
lowing four questions of the auditor
(as suggested by Warren Buffett):
8/3/2019 10 Best Practices for AC
http://slidepdf.com/reader/full/10-best-practices-for-ac 3/4
a. If the auditor were solely responsi-
ble for the company's financial
statements, would it have been
prepared in any way different
from the manner selected by man-
agement?
b. If tliL' auditor were an investor,
would it have received the infor-
mation essential to a proper
understanding of the company's
financial performance during the
reporting period?
c. Does the auditor know of any oper-
ational facts that caused the compa-
ny's sales or profit to move signifi-
cantly from one quarter to the next?
d. Is the com pany using the same
internal audit procedure that
would bo followed if tbe auditor
itself was CEO?
Answers to Buffett 's questions
will help elicit information from
the auditor that is useful to the
audit committee in overseeing
management preparat ion of the
financial s tatements .
' Ensure audi to r inde pend enc e.
If the auditor is not independ-
ent, both the company and the
auditor are in violation of the Secu-
rities Exchan ge Act of 1934. Toensure auditor independence, the
audit committee should adopt these
policies:
a. The enga gem ent letter from the
auditor should contain a represen-
tation that the auditor is and will
remain inde pen den t (as defined by
Securities and Exchange Commis-
sion (SEC) rules) throughout the
audit engagement.
b. Conduct a robust discussion with
the auditor of its independence atleast once a year. This robust dis-
cussion should include any rela-
tionships witb management that
migbt impair the objectivity of the
auditor. For example, it was
reported that KPMG LLP, the
aud itor for First Union Corp . (now
part of Wachovia Corp.), received
referrals from First Union of
wealthy banking clients and First
Union was, in turn, paid referral
fees by KPMG LLP. Some have
questioned whether this type ofrelationship could compromise
the impartiality of the auditor.
c. After each assignment of nonaudit
work to the auditor, the auditor
should be required to represent to
the audit committee that the
nonaudit ser\ ice does not impair its
independence. (An exception may
be made for routine nonaudit serv-
ices, such as tax return prepara tion.)
d. Care mu st be taken before hi ring
former employees of the auditing
firm as company employees, to be
certain that tbe new employee will
not impair the auditor 's independ-
ence. The HR department should be
required to notify the audit com-
mittee prior to any such hires.
Refrain from using the auditor
for tax planning and tax
preparation services. Although
tax planning services do not impairthe independence of auditors under
SEC rules, audit committees should
consider whether using the auditor for
tax planning services is in the best
interest of the company.
The audit committee should con-
sider, amon g other things, the fact that
the auditor is prohibited by auditor
independenc e rules from p roviding an
expert opinion or other expert services
for an audit client, or acting as an
audi t client's legal representativ e, forthe purpose of advocating an audit
client's interests in litigation or in a
regulatory or administrative pro-
ceeding or investigation.
The effect of this prohibition is
that the auditor is unable to assist
the company in advocating the
company's tax position before the
Internal Rc\'cnuc Service (IRS),
since the IRS inquiry might be
viewed as a "regulatory or admin-
istrative proceeding or investiga-
t ion ." Although the auditor is per-
mitted to be a fact witness in such
proceedings or investigations, i ts
inabi li ty to advocate the com pany 's
tax position handicaps the company
in the defense of its tax planning.
Carefully consider the
impact of the indepen-
dent audi tor ' s preferred
account ing t reatment . Sarb . ines-
Oxley and SEC rules require the inde-
pendent auditor to disclose any
accounting treatments preferred by
them. The audit committee must
determine on a case-by-case basis
whether any of the accounting treat-
ments preferred by the independent
auditor should be adopted by the
company and what the overall effect
would be of such adoption.
If the audit committee decides not
to adopt an independent auditor 's
preferred treatment, the reasons forthe rcjfcHon should be carefully doc-
umented by the audit committee,
with the assistance of counsel, in
order to protect the audit committee
from persona! liability.
Frederick Lipman is a Partner with
Blank Rome LLP and President of the Asso-
ciation of Audit Committee Members Inc.
The 10 audit committee best practices
described above are taken from 30 best
practices described in greater detail in Lip-man's book, Corporate Governance Best
Practices, published by John Wiley &
Sons Inc., 2006, and available in book-
stores and on Amazon.com.
One result of the accounting scandals in recent yearsis the att ent ion given to audit comm ittees of publiccompanies and the subsequent change in the commit-tee's role and practices.
The Sarbanes-Oxley Act effectively transferred certainpowers fro m the CEO and CFO to the audit comm ittee.
Establishing an effective internal audit function isprobably the most important thing the audit commit-tee can do.
Among the steps audit committees should takeis to carefully consider the independent auditor'spreferred accounting treatment.
8/3/2019 10 Best Practices for AC
http://slidepdf.com/reader/full/10-best-practices-for-ac 4/4