Introduction to the audit committee
The audit committee delivers oversight of internal and external audits and the financial reporting and controls operating within an organisation. It is largely backwards-facing, reviewing existing processes and procedures for efficacy and undertaking historical reviews of financials, actions and issues. The main area of divergence from this is in respect of reviews of audit plans and their alignment to strategy and the future of the organisation.
The audit committee is often merged with the risk committee, in which case the oversight of risk as a whole is monitored. Where these committees are separate, the audit committee would maintain oversight of financial risk within the company, coordinating with the risk committee to ensure that no risks fall between these two forums or are duplicated.
Within financial reporting and controls, the audit committee provides specific
- the financial reporting systems in place within the organisation and their effectiveness
- the controls and associated financial risk management systems
- compliance with applicable laws and regulations
- where requested, the annual report and other external financial reporting on behalf of the board.
Oversight of internal and external audit incorporates:
- the audit process itself, reflecting the process where an internal audit function exists or where this function is not in place
- the interaction between internal and external audit processes
- the appointment process for external auditors.
Terms of reference
While the prevalence of an audit committee is relatively universal in large companies across countries, differences in its roles and responsibilities can be seen under different legislation and should be considered if looking at the audit committee across jurisdictions or when expanding governance controls across multiple countries.
In general, the framework for the audit committee terms of reference is standard concerning the meeting schedule aligning to audit and financial reporting timetables.
Given the importance of the financial oversight that the audit committee undertakes,
and its reporting to the board, the audit committee should also report to members or shareholders, most prevalently via the annual report, the details of any issues that
remain outstanding between the committee and the board.
The terms of reference should reflect the size and requirements of the organisation, including whether an internal audit function is in place. Where it is not, the audit committee role should include an annual review as to whether one should be implemented and, if the audit committee errs towards its creation, should advise the board accordingly. The decision of whether to implement an audit function or not then rests with the board or the executive committee on their behalf. If the board decides not to implement an audit function against the recommendations of the audit committee, this should be documented in both the board and audit committee minutes, with content reflecting why the decision was made and any additional considerations given.
It is the board’s responsibility to determine the composition of the audit committee. However, best practice is to appoint at least two, and preferably three, independent non-executive directors, with at least one member of the committee having recent and relevant financial experience. The chair of the board should not ordinarily be a member of the audit committee.
Duties, responsibilities and tasks
Detail within the terms of reference will reflect the dual role of oversight of financial reporting and controls and internal and external audit. Financial reporting and controls encompass all elements of financial reporting, related systems and controls and the application of regulatory and legislative requirements and responsibilities.
There is a wide variety, form and timetable of financial reporting within all organisations and the integrity of the data to underpin wider decision making is key. The audit committee role in ensuring that this integrity is intact should be at the heart of the purpose of an audit committee.
To undertake this, the committee should monitor all financial statements distributed by and within the organisation. This should include its annual and half-yearly reports, interim management statements, preliminary announcements and any other formal statements relating to its financial performance. These should be critically reviewed with any significant financial reporting issues reported to the board along with any judgements which those statements contain. This should also have regard to any matters communicated to it by the auditor. The committee should make an independent judgement, based on the expertise and experience of its members, of whether the organisation has adopted appropriate accounting policies and made appropriate estimates and judgements. This should take into account the external auditor’s views on the financial statements without using the auditor as the sole source.
The audit committee should also review the financial elements of all reporting by the organisation, including within strategic reports, governance statements and reports to members, shareholders or regulators.
Where the committee has concerns or is not satisfied with any aspect of the proposed financial reporting by the company, it should report its views to the board as a matter of priority.
Within the annual report, the board should confirm that the contents of the annual report provide a true and fair representation of the business. The audit committee should be prepared to review the annual report on behalf of the board in support of the board making this statement within the accounts.
The audit committee should review the internal financial control systems that identify, assess, manage and monitor financial risks. Within this, they should review the resourcing available to ensure that controls and systems are maintained and working. This should also extend to risk management systems concerning financial risks, in coordination with the risk committee where there is one or for all risks where there isn’t.
The audit committee should review and approve the statements to be included in the annual report concerning internal control, risk management and the viability statement.
Where an organisation has multiple divisions or