audit committees 2nd edition chapter 1 extract
TRANSCRIPT
Audit CommitteesA Guide to Good PrActice
Second edition
Audit Committees: A guide to good practice second edition
An independent audit committee is a fundamental component of good corporate governance. its objectives and responsibilities are clearly defined and documented in its charter, and it operates under the delegation of authority from the board. this second edition recognises changes in the governance landscape and also makes reference to ASIC v Healey (2011), an important recent case, which re-emphasised director duties to the company in relation to its financial statements.
this guide is primarily for directors and audit committees of Australian listed companies. However, directors, boards of management and audit committees of not-for-profit, public sector, and other private sector entities, may also find this guide to be a useful reference.
Audit Committees: A guide to good practice is a joint publication from the Auditing and Assurance standards Board, Australian institute of company directors and the institute of internal Auditors-Australia.
Au
dit C
om
mitte
es
A G
uid
e t
o G
oo
d p
rA
ct
ice
sec
on
d e
dit
ion
Audit CommitteesA Guide to Good PrActice
Second edition
A joint publication from the
Auditing and Assurance Standards Board,
Australian Institute of Company Directors and
The Institute of Internal Auditors-Australia
2Logo colours
To cater for the numerous applications which will carry our branding we have developed a selection of logo colour variants. To help you, a library of master logo artworks has been specially created for your use.
Our logo has been specially drawn. To maintain consistency always use an original artwork from the Artwork Library.
1
Masterbrand colour paletteOur logo can be used in a variety of colours when used for masterbrand applications, all are acceptable and which is used will depend on the application.
2
Secondary colour paletteWhen using our logo on colours from our secondary colour palette it can only appear in blue to maintain legibility and consistency.
3
Mono logo (positive)For black and white applications, such as fax sheets, use the mono version of the logo. The entire logo reproduces in solid black.
4
Mono logo (negative)This version is for use only when the logo must appear in white on third party applications, when acting as a sponsor or partner. The entire logo reverses white out of a solid background.
1
3 4
2
AUDIT COMMITTEES A GUIDE TO GOOD PRACTICE
copyrightcopyright in this material is strictly reserved. Any disputes arising out of the Material are subject to Australian copyright law. no part of the Material covered by copyright should be copied or reproduced in any form or by any means without the joint written permission of the Auditing and Assurance Standards Board, the Australian institute of company directors and the institute of internal Auditors-Australia. the Auditing and Assurance Standards Board, Australian institute of company directors and the institute of internal Auditors-Australia endeavour to contact copyright holders and request permission to reproduce all copyright Material. Where they have been unable to trace or contact copyright holders, if notified, the Auditing and Assurance Standards Board, the Australian institute of company directors and the institute of internal Auditors-Australia will ensure full acknowledgement of the use of copyright Material.
disclaimerthe Material has been prepared for information purposes only and is not intended to embody any professional or legal standard. the Material does not constitute legal, accounting or other professional advice. While all reasonable care has been taken in its preparation, neither the Auditing and Assurance Standards Board, Australian institute of company directors, institute of internal Auditors-Australia, nor any contributor, makes any express or implied representations or warranties as to the completeness, currency, reliability or accuracy of the Material. the Material should not be used or relied upon as a substitute for professional advice or as a basis for formulating business decisions. to the extent permitted by law, the Auditing and Assurance Standards Board, the Australian institute of company directors, the institute of internal Auditors-Australia and all contributors exclude all liability for any loss or damage arising out of the Material. Any links to third party websites are provided for convenience only and do not represent endorsement, sponsorship or approval of those third parties, any products and services offered by third parties, or as to the accuracy or currency, of the information included in third party websites.
© Auditing and Assurance Standards Board, Australian institute of company directors and institute of internal Auditors-Australia 2012.
Second edition published August 2012 by: the Auditing and Assurance Standards Board, the Australian institute of company directors, the institute of internal Auditors-Australia
related publications:1997: Audit committees: best practice guide2001: Audit committees: best practice guide (Second edition)2008: Audit committees: a guide to good practice
design by Kirk Palmer designPrinted by Ligare Pty Ltd
national Library of Australia cataloguing-in-Publication entrytitle: Audit committees: a guide to good practice (Second edition)iSBn 978-1-876604-05-91. Audit committees-Australia 2. Finance, Public-Australia-Auditing 3. expenditure, Public-Australia-Auditing 4. Administrative agencies-Australia-Auditing 5. executive departments-Australia-Auditing
iii
Introduction 1
Who should use this guide? 2
Purpose of this guide 2
Recent developments regarding audit committees 3
The board and board committees 5
Role of the audit committee 7
Regulatory context 9
Corporations Act 2001 9
ASX Listing Rules and Corporate Governance Guidelines 9
AASB Accounting Standards 11
AUASB Auditing Standards 11
International Professional Practices Framework 12
Accounting Professional and Ethical Standards Board 12
Australian Securities and Investments Commission 13
Australian Prudential Regulatory Authority 13
Standards Australia 14
Responsibilities of the audit committee 15
Financial reporting 15
Annual financial report 16
other external reporting 19
External audit 20
Internal audit 21
Risk management and internal control 23
Compliance and ethics 25
Fraud 26
Contents
iv AUDIT COMMITTEES A GUIDE TO GOOD PRACTICE
Relationships 29
Board 29
role 29
responsibilities 29
External Auditor 30
role 30
responsibilities 31
Promoting effective two-way communication 31
Establishing whether the preconditions for an audit are present 32
Agreeing on the terms of the audit engagement 32
Establishing and maintaining independence 32
Discussing elements of audit planning 32
Discussing significant related party relationships and transactions 33
Enquiring about fraud 33
Communicating significant findings from the audit 33
Responding to questions 34
Internal Auditor 35
role 35
responsibilities 35
Discussing elements of internal audit planning 35
Communicating on independence 36
Communicating matters arising from an internal audit 36
Responding to requests 37
Engaging with the audit committee on matters associated with risk management, internal control and other matters 37
Developing an effective charter 39
Membership 43
Audit committee composition 43
Selection of audit committee members 44
v COnTEnTs
Independent and non-executive members 45
Audit committee chair 46
Induction of new members 47
Ongoing training 48
Rotation 49
Conducting meetings 51
Frequency of meetings 51
Structure of meetings 52
Attendance 54
Reporting by the audit committee 55
To the board 55
To shareholders 57
To other stakeholders 57
Assessing performance 59
Assessing the audit committee’s performance 59
Evaluation of individual audit committee members 60
Further reading 61
Appendix 1 Sample audit committee charter 63
Sample audit committee charter 63
Appendix 2 Self-assessment guide for audit committees 73
Assessing audit committee performance 73
AUDIT COMMITTEES A GUIDE TO GOOD PRACTICE vi
Appendix 3 Management representation letter 81
Matters commonly included in a management representation letter 81
Glossary 83
chief audit executive (cAe) 84
concise financial report 84
continuous disclosure obligations 84
external auditor 84
Financial report (as set out in the Corporations Act 2001) 84
Financial statements 85
internal audit activity 85
internal auditor 85
international Financial reporting Standards (iFrS) 85
risk appetite 86
risk profile 86
representation letter 86
those charged with governance 86
List of Acronyms 87
Contact details 89
1
1 See Principle 4 Safeguard Integrity in Financial Reporting, Recommendation 4.1 of the ASX Corporate Governance Council’s Corporate Governance Principles and Recommendations with 2010 Amendments.
2 See glossary for definitions.
Introduction
An audit committee is a committee of a board of directors (board), operating under delegation of authority from the board. Its objectives are clearly defined and documented in its charter and its efficiency and effectiveness
is measured by reference to its objectives. An independent audit committee is a fundamental component of good corporate
governance.1 Typically, an audit committee:
1. focuses on issues relevant to the integrity of an entity’s financial reporting2. oversees external audit, internal audit, risk management, internal control and
compliance 3. liaises with the board, internal and external auditors2 and management.
Some entities establish one committee with the responsibility for all of these tasks, such as an audit and risk management committee. Other entities may establish more than one committee, such as an audit committee, together with a risk and compliance committee, health and safety committee, environmental management committee and other committees. This depends on the nature of the entity, but is more common in larger entities due to the increased work load.
2 AUDIT COMMITTEES A GUIDE TO GOOD PRACTICE
3 Federal and state bodies should also consider their own specific guidance relating to the operation of their audit committees.
Who should use this guide?
This guide is primarily for directors and audit committees of Australian listed companies. Directors, boards of management and audit committees of not- for-profit, public sector,3 and other private sector entities, may also find this guide to be a useful reference.
There is no “one size fits all” good practice solution for audit committees. The nature of the business, the regulatory environment, ownership structure, legal requirements, and audit committee membership influence the objectives and activities of an audit committee. Smaller entities with limited resources might find it impractical to meet all of the practices outlined in this guide. They may use this guide to assess the elements of good practice that are relevant for their financial reporting, corporate governance, risk management and internal control, and exercise them at the board or committee level.
Purpose of this guide
This guide provides a practical introduction to the role and responsibilities of an audit committee. It explains the context in which an audit committee typically operates and outlines good practice.
While the guide assists the board and audit committee members, it may also be helpful to risk and compliance managers, internal auditors, external auditors and senior management, as it demonstrates the interactions between the audit committee and these other parties.
Clarifying the roles and responsibilities between the audit committee, risk and compliance managers and auditors (both internal and external) assists their communication, efficiency and effectiveness. Using this guide assists audit committees in assessing an entity’s external financial and other internal and external reporting requirements. It also assists in assessing the effectiveness of an entity’s risk management and internal control systems.
This second edition of the guide reflects developments in audit committee
3
4 APRA Prudential Standards on governance for regulated institutions are available through APRA’s website www.apra.gov.au.
5 The ASX Corporate Governance Council was formed in August 2002 and brings together various business, share-holder and industry groups to enhance corporate governance practices in Australia. Its ongoing mission is to ensure that the principles-based framework it developed for corporate governance continues to be a practical guide for listed entities, their investors and the wider Australian community.
InTRODUCTIOn
practice, legislation and guidance from regulatory bodies and in leading global board practices since the previous edition was published in 2008. It has been produced by the Auditing and Assurance Standards Board, the Australian Institute of Company Directors and the Institute of Internal Auditors-Australia.
The guide does not attempt to advise directors or members of audit committees about their legal duties. For a general discussion of directors’ duties refer to Duties and Responsibilities of Directors and Officers 20th Edition by Professor Robert Baxt AO, published by the Australian Institute of Company Directors in 2012.
Recent developments regarding audit committees
Since the previous edition of this guide was published in 2008, some of the key developments in Australia include:• November2009–theAustralianPrudentialRegulationAuthority
(APRA)4 issued revised Prudential Standards on governance for APRA-regulated institutions. These standards outline the governance arrangements for authorised deposit-taking institutions and for life and general insurance entities and include requirements for board audit committees and board risk committees.
• January2010–revisedAustralianAuditingStandardscameintoeffect,some of which impact the operation of audit committees. For example, Auditing Standard ASA 260 Communication with Those Charged with Governance introduced new requirements for auditors reporting to the board, including the audit committee.
• June2010–theASXCorporateGovernanceCouncil5 released Corporate Governance Principles and Recommendations with 2010 Amendments. Theserevisedguidelinescameintoeffectfrom1January2011.
• October2010–TheInstituteofInternalAuditorsInc.(IIA)issueda
4 AUDIT COMMITTEES A GUIDE TO GOOD PRACTICE
revised International Professional Practices Framework (IPPF). The IPPF has been adopted by the Institute of Internal Auditors-Australia (IIA-A) andwaseffectivefrom1January2011.
• August2011–theAustralianNationalAuditOffice(ANAO)publishedits revised better practice guide, Public Sector Audit Committees.
• September2011–APRAreleasedanewconsolidatedPrudentialStandardCPS510Governance,whichcameintoeffecton1July2012and replaces the previous prudential standard on governance.
• June2012–theCorporations Legislation Amendment (Audit Enhancement) Act 2012 made changes to the Corporations Act 2001 and the Australian Securities and Investments Commission Act 2001 (ASIC Act) that are relevant to audit committees. The new provisions relate to extending the rotation period for the external audit engagement partner, subject to certain requirements; annual transparency reports to be published by external auditors in certain circumstances; audit deficiency reports that may be published by the Australian Securities and Investments Commission (ASIC) in certain circumstances; and new powers for ASIC to communicate directly with the audit committee, the board or senior management of an entity in certain circumstances.
Mainly due to the ongoing global financial crisis, there has been continuing focus on corporate governance around the world. This has resulted in the review of existing governance frameworks, including accounting and auditing frameworks and regulatory reforms, to strengthen corporate governance.
Businesses, regulators, investors and members of the public have increasingly called for more transparency in corporate reporting.
The audit committee plays a pivotal role in assisting the board in fulfilling its corporate governance obligations and enhancing the integrity and transparency of corporate reporting, particularly financial reporting, and consequently, some of the proposed reforms relate to clarifying and expanding the role of the audit committee.
5
6 This requirement does not include alternative directors, and two of the three directors (one for proprietary companies) need to ordinarily reside in Australia.
7 See glossary.
under the Corporations Act 2001 in section 201A, every company must have at least one director and public companies must have at least three directors.6
Collectively, the directors are known as the board of directors (board) and its overriding responsibility is to supervise the company on behalf of shareholders and other stakeholders.
The boards of larger entities often establish committees of directors to better use their time and to help deal with complex or specialised areas, such as financial reporting and audit, compliance, risk management, sustainability or health and safety.
Committees make recommendations for action to the full board, which retains collective responsibility for decision-making.
The audit committee plays a key role in assisting the board to fulfil its corporate governance and oversight responsibilities. These responsibilities can include an entity’s financial reporting, risk management and internal control, compliance, the internal audit activity7 and external audit. For example, the audit committee may assist the board in achieving the following objectives of the entity: • Facilitatingwell-informed,efficientandeffectivedecision-making,
particularly by the board• Promotingandmonitoringanethicalculturethroughouttheentity
The board and board committees
6 AUDIT COMMITTEES A GUIDE TO GOOD PRACTICE
• Ensuringacodeofconductisappropriatelydesignedandimplementedand compliance with the code is monitored
• Implementinganeffectivesystemofriskoversightandmanagement,which may typically include:• policies dealing with material business risks, clearly describing the roles
and responsibilities of the board, audit committee, management and internal audit activity
• documenting the entity’s risk profile and the risk appetite of the board• effective reporting of material business risks• ongoing monitoring of the entity’s risk profile• risk-based internal audit plans
• Implementinganeffectiveandefficientinternalcontrolsystem,including:• a strong control environment, commensurate with the risk appetite of
the board• identification and management of risk• adequate design and operation of business policies and procedures to
safeguard assets, protect against fraud and comply with applicable laws, regulations and standards
• ongoing monitoring of internal controls• an independent, internal audit activity to provide assurance over the
internal control systems• timely responsiveness to internal and external audit recommendations
to enhance the internal control environment• Ensuringhighqualityinternalandexternalreporting(financialand
non-financial), including:• complete, timely, accurate and useful information• appropriate accounting policies and procedures• reasonable judgements and estimates
• Obtaininganindependent,effectiveandefficientexternalaudit• Promotingeffectivecommunicationbetweentheboardandtheinternal
and external auditors, and providing timely and appropriate responses to matters arising from audits.