comprehensive audit committee training emac
TRANSCRIPT
www.elsamconsult.com 1
EMAC
AUDIT COMMITTEE TRAINING
By: Sako Mayrick
Dar Es Salaam
ELSAM MANAGEMENT CONSULTANTS
www.elsamconsult.com 2
EMAC
Who are we? Elsam Management Consultants
(EMAC) is a pool of professional consultants in management disciplines established as a limited liability company since 2006
Core Functions are: Recruitment, Training and Consultancies
More details: www.elsamconsult.com
Welcoming Remarks
www.elsamconsult.com 3
EMAC
Introduction of facilitators Self introduction to others on your team Recap- Share something on personal
experience in Risk Management and high level expectations of this training
Pick 1-Identify a risk-discuss it as both a threat and an opportunity
Report to the a large group pick a spokesperson
Welcoming Remarks
EMAC
Contents
1. Introduction 2. Audit Committee Issues3. Financial Management4. Operations Management5. External and Internal Audit6. Other Considerations and
Reporting
EMAC
Introduction Audit Committee is a part of governance
of entity Governance is the system by which
organizations are directed and controlled. It includes rules and procedures for
making decision on corporate affairs to ensure success while maintaining the right balance with stakeholder’s interest.
Audit Committee is one of the major pillars of governance system in public companies
EMAC
Role of Audit Committee General
Oversight of financial reporting Risk management Internal control Compliance Ethics Management Internal audit
Management, the board and the audit committee all play critical roles in entity’s tone at the top
Role of Audit Committee
• TO OVERSEE & REPORT TO BOT NOT TO MANAGE
• TO SUPPORT/ADVISE MANAGEMENT NOT TO STIFLE OPERATIONAL PERFORMANCE
• TO HAVE MEANINGFUL, RELEVANT AND TRANSPARENT INFORMATION
NOT TO HAVE INFORMATION OVERLOAD
• TO THINK, JUDGE AND ACT ON SIGNIFICANT GOVERNANCE/RISK ISSUES
NOT TO BE TOO PROCESS - DRIVEN
• TO ENSURE CONFORMANCE FOR GOVERNANCE AND BETTER PERFORMANCE
NOT TO BE INDIFFERENT TO RESULTS
CORPORATE GOVERNANCE COMPACT
INTERNAL AUDIT
EXTERNAL AUDIT
AUDIT COMMITTEE
BOARD OF TRUSTEES
EMAC
What is an audit committee?
It is established with aim of enhancing confidence in the integrity of entity process and procedure relating to internal controls and corporate reporting including financial reporting
It provides an independent re-assurance to the board through its monitoring and oversight roles
EMAC
Responsibilities of Audit Committees
Monitor integrity of financial statements of entity Review the Entity’s internal control system and Risk
Management Systems Unless a separate Committee exists
Monitor and review of entity’s internal audit function Recommend to the board in relations to the
appointment of external auditor Approves remuneration Approves terms of engagement
Monitoring the effectiveness of the external auditor’s performance and their independence and objectivity
Develop and implement policy on the engagement of the external auditor to supply non-audit services
EMAC
Responsibilities of AC … It is not a replacement for the Board It is a committee of the board and
therefore subordinate to the Board It must be given written terms of
reference for audit committee. The Terms of Reference must be
reviewed annually The Board must review annually the
effectiveness of audit committee
Sako Mayrick Apt Financial Consultants
EMAC
Audit Committees in Public Sector Sections 28-35 of the Public Finance Regulation, 2001 as
revised in 2010 give explanation regarding the Audit Committee and Internal Audit Service Unit
There shall be in each Ministry Department, Agency or Region a Committee to be known as the Audit Committee.
Composition Senior members of MDA nominated by AO One from outside an organisation Total number no more than 5 not less than 3 One member must have experience of accounting and auditing CAG to be informed of all meetings and have right to be
represented to the meetings What are the legal and regulatory framework of Audit
Committees? Discussions
EMAC
Charting the courseAn audit committee charter is a blueprint for its operation and should address:
Processes Procedures Responsibilities
EMAC
Charting the course Sample audit Committee Charter
Introduction Authority and independence Role Duties and Responsibilities Risk Management Internal Control Internal audit External Audit Compliance Reporting Membership and meetings (Chair, Secretary, ethical
practices,meeting and attendance), quorum, agenda) Relationships (Internal Audit, External audit, other executive
management) Evaluation of Committee activities Review of the charter Approval of the charter
EMAC
Case study 2
Roles and Responsibilities Audit Committees
a. What do you think to be the critical role of Audit Committee at Entity
b. Do you think there is a gap?c. What should be done?
EMAC
Audit Committee Issues Financial accuracy Risk Management Control Assessment External Audit Oversight Effective use of internal audit
Objectivity Reporting structure Risk management Staffing Priotization Adding value
EMAC
Best Practices in AC Should comprise of Independent non-
executive directors Chairman of the company should not be an
audit committee member But may attend the committee meeting as
invited guest At least one member of the AC should have
significant, recent and relevant financial experience at senior level
Members should have experience in corporate financial matters
EMAC
Best Practices in AC Should at least annually meet the external and internal auditors,
without management, to discuss issues arising from the audit Sufficient internal should be allowed between audit committee
meetings and main board meetings to allow any work arising from AC meeting to be carried out and reported to the board
Should have sufficient resources to undertake its duties New committee members should be given an induction program
Role of audit committee, ToR, Overview of company’s business Identifying the main business and financial dynamics and risks Meeting some company staff
Regular training should be given to all members of audit committee Understanding the financial reporting and financial statements Company law or entity memorandum Formal courses Internal Agency talks and seminars Briefing by external advisers
EMAC
Best Practices in AC AC should review financial reporting issues on
financial statements, interim reports and related statements Judgments Clarity Completeness of disclosure
AC should monitor the integrity of internal financial controls
AC should assess the scope and effectiveness of the systems established by management to identify, assess, manager and monitor Risks ( unless there is a separate committee on risks
EMAC
Best Practices for Audit Committee Annually the AC should consider
whether there is a need for internal audit function and make recommendation to the board
AC should review the complementing effect of internal and external audit
AC should approve the appointment or termination of appointment of CAE
AC should review and monitor internal audit activities
EMAC
Best Practices for AC AC should ensure that
CAE has direct access to the board chairman and audit committee and is accountable to audit committee
AC should review and assess annual internal audit work plan
AC should receive a report on the result of the internal auditors’ work on a periodic basis
Review and monitor management responsiveness to the Internal auditor findings and recommendations
Meet with the head of Internal audit at least once a year without the presence of management
Monitor and assess the role and effectiveness of internal audit function in overall company context of risk management.
EMAC
Best Practices of AC
AC should ensure independence and objectivity of the external auditor annually
At start of audit cycle, the AC should ensure that appropriate plans are in place for the audit
AC should review with the external auditors, the finding of their work
At end of audit work the AC should assess the effectiveness of external audit process
EMAC
Audit Committee Issue
The duties of care and loyalty, and the expectation that directors will act in good faith.
These are the primary source of Trustee liability.
EMAC
Audit Committee Issues(cont.)Board members who wish to become empowered guardians and builders of corporate value must:
Learn and follow best practices, avoid conflicts of interest, pay strict attention to board matters, drawing on appropriate expertise,
including their own. AC members should be “eyes on”
“hands off” The lines of authority for AC and management
should be clear and understood AC members must communicate openly with
management as appropriate
EMAC
Audit Committee Issues Financial accuracy Risk Management Control Assessment External Audit Oversight Effective use of internal audit
Objectivity Reporting structure Risk management Staffing Priotization Adding value
EMAC
Challenges of Audit Committees
Understanding the organization The few hours they meet is a challenge. So?
Never be afraid to ask questions even if stupid Insisting heads of functions to attend the meeting so as to
understand their roles, perspectives and control Responding to change
Corporates a changing so fast. So what to do? Ensure annual confirmation by directors and staff of compliance
of key regulations and policies Overseeing Risk and Control
Apply root course analysis Improving continuously Communicating with stakeholders Organization failures Financial literacy and changing accounting rules
EMAC
Current issues in AC Development of laws and regulations
Significant government and regulatory interferences
We need to be more balanced and refocus our attention back on the business
International Professional Practice Framework (IPPF)
Risk Management Effectiveness of Audit Committees Financial statements errors and fraud
investigations
EMAC
Financial Reporting and Controls
The central role of Audit Committee is to oversee the integrity of entity’s financial statements and related controls
AC receives a great deal of financial information and it is the key to explain the company performance
The Audit committee must properly understand the operations of the company
EMAC
Financial Reporting Understand the basic financial Reports
Statement of financial performance Statement of financial position Statement of cash flows Statement of changes in equity
Understanding the organization Review the business discussions of last year Visit company operations, zones and facilities Meet the business unit leaders to grasp the operational details Meet the finance management, internal audit, and the external
auditors Review the analyst reports about the company Review the competitors financial statements and non financial
information Understand the major business transactions and changes during
the period Understanding the company’s regulators Meet the finance, taxation, and treasury personnel to understand
capital structure, tax structure and investment strategies
EMAC
Financial Reporting The other areas of financial reporting
Complex, difficult and risker areas Materiality Accounting policies Accounting estimates Significant changes during the reporting
period Related party transactions Interim financial statements Timing issues
EMAC
Internal Controls and Risk Assessment
Internal Controls It Is an essential tool to help mitigate risks to
an acceptable level The best framework is the COSO internal
Control Framework, defines Internal Control as Process that provides reasonable assurance
a company will be able to achieve its objectives for Effectives and efficiency operations Reliability of financial reporting Compliance with applicable laws and regulations
EMAC
Role of AC on Internal Controls
Meet with individuals who are primarily responsible for internal control over financial reporting
Understanding and help set a tone at the top Discuss with management on controls in place to mitigate
key financial reporting risks including fraud risks Focus discussions on areas of greatest potential risk Understand management plans to assess the internal
control and what role internal audit and other related resources will play
Understand the external auditor’s scope and plan to test the controls
Meeting regularly with management, internal audit and external auditors to discuss significant deficiencies and material weakness and management’s action plan to respond
EMAC
Role of AC on Internal Controls
Areas of potential risk for internal controls Management override controls Outside services provider Information technology Restructuring of organsiation
EMAC
Risk Assessment
AC should oversee how management addresses risk for financial reporting
The risk assessment should be linked to company strategy and risk appetite
The AC should report to the Board on the results of committee’s review of risk management and internal control system
EMAC
Role of AC in Risk Assessment The AC have responsibility of overseeing the risk
management process How management identifies events that could put the
company at risk and how it assess the likelhood and impact of identified risks
How management has tailored the process to meet the company specific needs
Whether the process of risk management is continuous If individuals are assigned primary responsibility for
risk management and has appropriate expertise, statute within the company and available time
Ensure that all key risks are subject to the Board-level oversight
Understand the internal auditor role in risk management and the extent of its audit plan covers the key risks
EMAC
Process Owners A process owner is a person who
has ultimate responsibility for the performance of the process in realizing its objectives measured by key process indicators and has the authority and ability to make necessary changes
The focus of audit committee operations management should be on period end process owners
EMAC
Anti-Fraud programs
Fraud prevention and detection makes good business sense and can provide cost savings to entity
The following are main anti-fraud programs Performing Fraud Risk Assessments Creating a control environment Designing antifraud control activities Sharing information and communication Monitoring activities
EMAC
Fraud Risk The CFE Report in 2010 identified
Assets misappropriation (where employees steal or misuse an organization's resource) are the most common forms of fraud
Corruption ranked the second ( where an employee gains a personal benefit by violating his or her duty to the company including, bribery, extortion, and conflicts of interests)
Financial Statement fraud ranked the last but has greater impact
Weakness in internal control can make a company more susceptible to fraud
EMAC
Fraud Risk There are many company’s fraud, but the
Audit Committee is more concerned with financial reporting fraud
Financial reporting fraud is a deliberate misrepresentation of a company financial position, stemming from intentional misstatements or omissions in the financial statements
Many company’s have admitted to fraudulent financial reporting
EMAC
Motivators for financial reporting fraud
To meet political expectations Personal gain, including maximizing bonuses
and compensation Conceal bad news, such as company’s
deteriorating financial conditions Increase company value Others
Audit querries Procurement failures
EMAC
Role of AC in Fraud Risk When the motivators for fraud are present audit
committee should Review the internal control Maintaining skepticism Overseeing the company strategy on financial
reporting Assess management integrity regularly Review and understand the results of complaints to
the whistle blower hotline Fully understanding the third party transactions and
significant non routine transactions Have management periodically report on the control
environment and fraud prevention program.
EMAC
Role of AC in Fraud Risk
Assessing the tone at the top
Overseeing company compliance programs
Review the whistleblower programs
EMAC
Whistleblower process owner
Whistleblower have become another source of information for Audit Committees
They are used to identify inappropriate behavior on part of company personnel involving issues such as sexual harassment or violation of anti-bribery programs
Many experts believe that providing mechanism to allow employees to report concerns anonymously is core to compliance programs
Best practices requires audit committees to establish procedures for the receipt, retention, and resolution of any complain regarding Accounting Internal accounting controls Auditing matters
But other organizations have put in place regulations to prohibit whistle blowing procedures that encourage anonymous reporting.
The organizations using whistleblowing believe that it will decrease the likelhood that managers who engage on wrong doing will be able to suppress staff concerns over the long term
EMAC
Role of AC in Whistleblowing The whistleblowing must be reported periodically to the audit committee.
It is important to get a summary of all complaints received at least annually.
Audit committees should determine how often they wish to receive information
EMAC
Operations Management Management has deep insight into
company and its challenges, and therefore is best positioned to recommend what information the audit committee needs
The audit committee can add value for management
AC should work with management to add value by bringing an objective perspective on financial reporting decisions and counseling on how to handle difficult issues
EMAC
Operations Management Audit committee should have positive,
trusting relationship with management , they need to maintain their skepticism an be ready to question management on uncomfortable topic including Fraud risk Appropriateness of judgments
Management should expect rigorous questioning from audit committee
Failure of management to provide clear responses or overly defensive that should raise red flag for the committee
EMAC
Operations Management The degree of interactions and involvement
between the committee and management shifts with changes in The business environment Changes in company circumstances Capabilities of individuals in the finance function
When the company is running in a steady state, the committee continues to review information carefully and challenge management when necessary, but properly relies on management to resolve everyday issues
EMAC
Operations Management The knowledge and technical competence of the
finance team is vital to an audit committee faith in the financial reports it reviews
There should be discussions with the CFO on how he/she ensures the finance team is qualified
Assessment of performance of the finance personnel based on witnesses at committee meetings and responses to queries
Reviewing confidential feedback from internal and external auditors
The AC should also monitor succession plan for the CFO position
EMAC
Operations Management The AC should ensure that there are formal and
informal meetings with management for a strong relationship
Management’s participation should focus on engaging in meaningful dialogue with the committee, answering questions and providing additional insights
The following members could attend the meeting; the CFO, CA and controller, treasurer, head of PMU and chief information officer
AC should hold private sessions with internal audit head and external auditors
EMAC
Pre-Audit
Scope & DepthTeam Selection
Budget
DocumentsPreps
Team Meeting
Audit
Entry MeetingPhysical Insp..
Functional AreasFindings
Daily Meetings
Post-Audit
Company De-briefAudit Report
Wrap-up Activities
Follow-Up
Start Finish64
Corrective Action Follow Up
Basic Audit Activities
EMAC
AC and Internal Auditor Internal auditing is an independent,
objective assurance and consulting activity designed to add value and improve organization's operations. It helps an organization o accomplish it objectives by bringing systematic, disciplined approach to evaluate and improve effectiveness of risk management, control and governance process
They are day to day tools for audit committees
EMAC
AC and Internal Auditor The internal auditors deals with issues
that are fundamentally important to the survival of an organisation.
Unlike external auditors, they look beyond financial risks and statements to consider wider issues such as organisation’s reputation, growth, its impact on environment and the way it treats its employees.
They help organizations to succeed by combination of assurance and consulting
EMAC
Evaluating External Auditors Audit Committee should evaluate
external auditors based on its own experience and ask management and internal audit to provide their own assessment
EMAC
Evaluating External Auditors Areas of evaluation
Caliber of external audit firm (cases, reputation and resources)
Quality process ( approach, control, personnel and risk) Audit Team (competence, knowledge, resources, scope,
team member) Audit Scope (agreement, regulations, understanding, areas
covered) Audit Fees (comparison with other, variation between actual
and estimated fee, service) Audit Communication (inform AC on risk, governance,
controls, access with AC, feedback of service) Audit governance and independence ( does the AC or
management control relationship with external auditors?, communication of internal control weaknesses
EMAC
Evaluating of internal auditors
The following are main areas for evaluation Understanding Charter and Structure Skills and experience Communication Performance Planning Skills and experience Work program Overall performance
EMAC
Assessment of audit committee
In addition to reviewing its ToR, the AC members should review the effectiveness of audit committee annually
This is done using AC self Assessment Areas includes
Creating an effective audit committee Running an effective Audit Committee Professional development Overseeing financial reporting Overseeing risk management and internal control Overseeing external audit Overseeing internal audit
EMAC
WHAT MAKES AUDIT COMMITTEE EFFECTIVE
Member experience/educational qualifications Inquiry Diligence Decision making Integrity Independence Leadership Communication Ability to work with othersNo two audit committees are equalThe only way to know and factor this is at annual evaluation
EMAC
Qualities of an effective audit committee
Strong interpersonal and communication skills Disciplined and focused Conversant with the current issues of the industry In-Depth knowledge of Strategic Plans Technical Financial Expertise Industry regulation knowledge Understand Audit Review findings Monitor quality of internal audit Help build right team Meet regularly with internal auditors Resource allocation
EMAC
Qualities of an effectives committee member
Has appropriate and requisite experience Has appropriate and requisite technical knowledge
about accounting, auditing, tax, internal control and other necessary subject areas
Satisfies requisite independence requirements Is interested and committed to the company Is knowledgeable about the company, and its industry Has a willingness to learn about matters relating to the
audit committee function Has a thorough understanding of his or her legal
responsibilities Demonstrates leadership and tone at the top Has sufficient time availability
EMAC
Qualities of an effectives committee member Has sufficient time availability
Has integrity; doing the right thin attitude After due consideration is comfortable (i.e.,
satisfied) that the committee has complied with the laws, regulations, rules , and charter provisions that govern and related to audit committee activities
Reviews and is comfortable of financial statements related documents, securities filings and corporate communications to the extent required by laws, regulations, rules, and audit committee Charter provisions
Reviews and is comfortable with the accuracy of all documents and statements signed by or attributed to the committee members, or the committee
EMAC
Qualities of an effectives committee member Is comfortable with other audit committee
members, CEO, CFO, inside auditor, outside auditor, board, counsel and others
What is more: individual self-confidence, humility and conviction
Meetings are conducted in a collaborative, participatory, interactive and organised manner
The services of the outside auditor, and the outside auditor selection process are evaluated annually, and more often as necessary
There is an appropriate and effective anonymous whistle blower and complaint, inquiry and investigation processes.
EMAC
Other attributes of Audit Committee
The ease and demeanor of communications between committee members are appropriate
The ease and demeanor of communication with other people outside of the committee are appropriate, including the CEO, CFO, Controller, outside auditor, inside auditor, board, legal counsel and others
The committee has appropriate accessibility to information and resources paid for by the company
The committee has appropriate accessibility to continuing education about core areas, new developments, and hot topics, paid for by the company
The committee has a accessibility to independent legal counsel and consultants, paid for by the company
EMAC
Other attributes of Audit Committee
There is an audit committee charter. There are prudent process for the documentation
of committee activities The activities and performance of audit
committee are evaluated annually; or more often as necessary
There is prudent procedures for the timing, calendaring, and organization of committee activities
There is effective meeting agenda and dissemination process
EMAC
Annual Assessment Audit Committee Chairperson should continuously
monitor the effectiveness of the Audit Committee Areas of assessment includes
Audit Committee Charter Audit Committee composition Audit Committee independence Meetings and Attendance Risk Management Assignments Code of Conduct – Supplier relationship management Reporting of fraud and illegal Acts – Whistleblower function Financial Expert Oversight Oversight of External Auditor Oversight of internal auditor Oversight of self assessment
EMAC
Sample evaluation forms Evaluation of external auditors Evaluation of internal audit Audit committee self Assessment Checklist for oversight of internal auditors Checklist for oversight of external auditors