8/3/2019 10 Best Practices for AC

http://slidepdf.com/reader/full/10-best-practices-for-ac 1/4

audit committee

B e s tP r a c t i c e s

F o r

A u d i t C o m m i t t e e sresult of the accounting scandals of recent

fears is the enormous attention given to audit

committees of public compa-

nies and the subsequ ent cha nge

in the committee's rote and pract ices

Th e Sarbanes-Oxley Act of 2002 effec-tively transferred certain powers from

the CEO and the CFO to the audit com-

mittee. The enhanced role requires

audit committee members with more

expertise to devo te subs tantially more

by Frederick D. Lipman

1stablish an effective internal

audit function t h a t reports to

the audi t commit tee. Estab-

lishing such an internal audit func-

tion is probably the most important

thing the audit committee can do. The

internal auditor must be hired and

compensated by the audit committee

of the hoard of directors. The primary

responsibility of the internal auditor

should be to assist the board In per-

forming its fiduciary duty to monitor

management — or, in other words.

The publiccompany auditcommittee now

has an enhancedrole and needs torevise some of its

practices. Here aresome key areas to

focus on.

act as the eyes and ears of the audit

committee.

Other operational duties may be

assigned to the internal auditor by

management, but these other duties

should not interfere with the primary

responsibility of the internal auditor.

It is clear from the WorldCom Inc.

time and effort to their task. In deed , in many cases^ time

spent on audit committee work has increased as much

as 100 percent.

in light of these changes, spurred not

only by the scandals but the new rules

and regulations that followed the scan-dals, there are some key areas to focus on .

The following d iscusses 1 0 best practices

for audit comm ittees sum marized from a

list of 30 that are includ ed in a new book

on the subject by this author.

fiasco that the audit committee must

control the operations of the internal

audit department to the extent that

those functions deal with the au dit of

financial reporting. WorldCom'.^

audit committee allowed manage-

ment to control the internal audit

department and created an incentive

structure that required the internal

audit group to emphasize opera-

tional audits, which saved money for

WorldCom or otherwise produced

"value." This resulted in an internal

8/3/2019 10 Best Practices for AC

http://slidepdf.com/reader/full/10-best-practices-for-ac 2/4

audit group that had neither the

staffing nor funding to provide ade-

quate information to the audit com-

mittee on financial reporting issues.

Serious consideration should be

given to structuring the compensation

of the head of the internal audit to

avoid excessive reliance on compen-

sation driven by accoun ting results. Toproperly maintain the watchdog

function of the internal auditor, he or

she should not receive significant

incentives based on profitability.

Some companies prefer to out-

source all or part (so-called "co-

sourcing") of the internal audit func-

tion. Under these circumstances, the

audit committee should control not

only the selection and retention of the

outside internal auditor, but also the

compensation arrangements.

li*^ Create an ethical, law-abidingculture within the organization

^ wi tho ut di scouraging ent re-

preneurial risk- taking. A key element

of such a cultu re is the tone at the top

of the organization.

Employees must be sensitized to

the need to communicate significant

legal risks to management and to the

audit committee or nominating/cor-porate governance committee of the

board of directors. The U. S. Depart-

ment of Justice guidelines require the

board to create an ethical, law-abid-

ing culture to avoid criminal indicS-

ment of the organization. Financial

incentives should be provided to the

CEO to create such a culture.

f= The audit committee should

'^ communicate wi th key peoplethroughout the organizat ion.

In addition to the outside auditors,

the CEO and CFO, the audit comm it-

tee should consider interviewing, at

least once a year, employees and

service prov iders in these key roles:

controller and assistant con-

troller (ask it there are any ac counting

policies or procedures with which

they are uncomfortable);

head of sales (ask if there are any

side deals with any customers, chan-

nel stuffing, so called "round-trip"

sales, etc.);

tax mana ger (ask if there are any

aggressive tax strategies being pur-

sued by the company);

inside and outside counsel;

head of disclosure committee;

corporate governance officer;

head of information technology;

head of corporate development;

an d

head of purchasing.

Audit committees cannot operate

properly without having information

from diverse sources, both from

within and outside the company.

Altho ugh all the facts ar e not clear, it

appears that the audit committees at

Enron Corp. and WorldCom relied

primarily — if not exclusively — on

information provided to them bymembers of the management team

over which they were required to

exercise oversight, as well as on

information provided to them by the

outside auditor.

Each of the persons named above

should be interviewed separately

and not in the presence of superiors

within the company; prosecutors

have known for many years that sub-

ordinates do not talk freely when

their bosses are present.

Monitor management sales ofstock. The temptation to inflate

earnings is greatest prit)r to the

intended sale of stock by manage-

ment. Audit committees should con-

duct more intensive and extensive

audits on the eve of insider sales of

significant anwunts of stock. The

audit committee should adopt a pol-

icy requiring written notice of insid-er sales several months before the

actual date of such sale, so as to

arrange the necessary audits.

Other "warning" events are

included in Best Practice No. 5.

Be aware of other "w ar ni ng "events. There are certain other

warning events that should

alert an audit committee to conduct

more intensive and extensive audits.

If sho rt sellers take a significant posi-

tion in the company stock, the audit

committee should investigate whether

the short sellers know something the

audit committee does not. Other

warning events may include: the

company never fails to meet an earn-

ings projection; the CEO or CFO is

under personal financial pressure,which may stem from a lavish

lifestyle, divorce, gambling habits or

other issues.

Never failing to meet an earnings

projection should raise a red flag.

Personal financial pressure on the

CEO or CFO should trigger a closer

look by the audit committee at the

company's financial statements, par-

ticularly if any large bonus or salary

increase depe nds upon the com pany 's

financial results.

Control conflicts of interest. In

rare situations in which the

audit committee elects to

approve a conflict of interest, an

ongoing independent monitoring

mechanism must be established. This

mechanism may include more inten-

sive or extensive audits by the inde-

pendent auditor, possibly supple-

mented by oversight by the internalauditor. The results of both the inde-

pendent auditor and the internal

auditor sh ould be reported directly to

the audit committee.

The Enron audit committee

approved off-balance sheet special-

purpose entities that clearly created a

conflict of interest between certain

members of management and thf

company. Yet, based on the currently

available facts, the Enron audit com-

mittee did not create adequate over-sight mechanisms to verify that the

representat ions made by manage-

ment to the audit committee, which

induced approval of the conflict of

interest, were in fact being followed.

Ask the auditor the Warren

Buffet t quest ions. The audit

committee should ask the fol-

lowing four questions of the auditor

(as suggested by Warren Buffett):

8/3/2019 10 Best Practices for AC

http://slidepdf.com/reader/full/10-best-practices-for-ac 3/4

a. If the auditor were solely responsi-

ble for the company's financial

statements, would it have been

prepared in any way different

from the manner selected by man-

agement?

b. If tliL' auditor were an investor,

would it have received the infor-

mation essential to a proper

understanding of the company's

financial performance during the

reporting period?

c. Does the auditor know of any oper-

ational facts that caused the compa-

ny's sales or profit to move signifi-

cantly from one quarter to the next?

d. Is the com pany using the same

internal audit procedure that

would bo followed if tbe auditor

itself was CEO?

Answers to Buffett 's questions

will help elicit information from

the auditor that is useful to the

audit committee in overseeing

management preparat ion of the

financial s tatements .

' Ensure audi to r inde pend enc e.

If the auditor is not independ-

ent, both the company and the

auditor are in violation of the Secu-

rities Exchan ge Act of 1934. Toensure auditor independence, the

audit committee should adopt these

policies:

a. The enga gem ent letter from the

auditor should contain a represen-

tation that the auditor is and will

remain inde pen den t (as defined by

Securities and Exchange Commis-

sion (SEC) rules) throughout the

audit engagement.

b. Conduct a robust discussion with

the auditor of its independence atleast once a year. This robust dis-

cussion should include any rela-

tionships witb management that

migbt impair the objectivity of the

auditor. For example, it was

reported that KPMG LLP, the

aud itor for First Union Corp . (now

part of Wachovia Corp.), received

referrals from First Union of

wealthy banking clients and First

Union was, in turn, paid referral

fees by KPMG LLP. Some have

questioned whether this type ofrelationship could compromise

the impartiality of the auditor.

c. After each assignment of nonaudit

work to the auditor, the auditor

should be required to represent to

the audit committee that the

nonaudit ser\ ice does not impair its

independence. (An exception may

be made for routine nonaudit serv-

ices, such as tax return prepara tion.)

d. Care mu st be taken before hi ring

former employees of the auditing

firm as company employees, to be

certain that tbe new employee will

not impair the auditor 's independ-

ence. The HR department should be

required to notify the audit com-

mittee prior to any such hires.

Refrain from using the auditor

for tax planning and tax

preparation services. Although

tax planning services do not impairthe independence of auditors under

SEC rules, audit committees should

consider whether using the auditor for

tax planning services is in the best

interest of the company.

The audit committee should con-

sider, amon g other things, the fact that

the auditor is prohibited by auditor

independenc e rules from p roviding an

expert opinion or other expert services

for an audit client, or acting as an

audi t client's legal representativ e, forthe purpose of advocating an audit

client's interests in litigation or in a

regulatory or administrative pro-

ceeding or investigation.

The effect of this prohibition is

that the auditor is unable to assist

the company in advocating the

company's tax position before the

Internal Rc\'cnuc Service (IRS),

since the IRS inquiry might be

viewed as a "regulatory or admin-

istrative proceeding or investiga-

t ion ." Although the auditor is per-

mitted to be a fact witness in such

proceedings or investigations, i ts

inabi li ty to advocate the com pany 's

tax position handicaps the company

in the defense of its tax planning.

Carefully consider the

impact of the indepen-

dent audi tor ' s preferred

account ing t reatment . Sarb . ines-

Oxley and SEC rules require the inde-

pendent auditor to disclose any

accounting treatments preferred by

them. The audit committee must

determine on a case-by-case basis

whether any of the accounting treat-

ments preferred by the independent

auditor should be adopted by the

company and what the overall effect

would be of such adoption.

If the audit committee decides not

to adopt an independent auditor 's

preferred treatment, the reasons forthe rcjfcHon should be carefully doc-

umented by the audit committee,

with the assistance of counsel, in

order to protect the audit committee

from persona! liability.

Frederick Lipman is a Partner with

Blank Rome LLP and President of the Asso-

ciation of Audit Committee Members Inc.

The 10 audit committee best practices

described above are taken from 30 best

practices described in greater detail in Lip-man's book, Corporate Governance Best

Practices, published by John Wiley &

Sons Inc., 2006, and available in book-

stores and on Amazon.com.

One result of the accounting scandals in recent yearsis the att ent ion given to audit comm ittees of publiccompanies and the subsequent change in the commit-tee's role and practices.

The Sarbanes-Oxley Act effectively transferred certainpowers fro m the CEO and CFO to the audit comm ittee.

Establishing an effective internal audit function isprobably the most important thing the audit commit-tee can do.

Among the steps audit committees should takeis to carefully consider the independent auditor'spreferred accounting treatment.

8/3/2019 10 Best Practices for AC

http://slidepdf.com/reader/full/10-best-practices-for-ac 4/4