What elements make up an effective audit committee?
During this article I outline the basic requirements for an effective audit committee, discuss how effectiveness varies between different organisations – setting out some of the key common / problem areas – and conclude with a number of practical suggestions as to how effectiveness can be evaluated and improved.
An overarching theme is that ‘success is not guaranteed’ and the ongoing vigilance of committee members is a crucial. The recent AIRMIC report Roads to Ruin provides a chilling insight into how a number of major disasters ‘slipped between the fingers’ of risk management systems, senior managers and board committees.
Basics and sources
The FRC has published two key reference documents:
- the UK Corporate Governance Code (formerly known as the combined code) sets out standards of good practice in relation to board leadership and effectiveness, remuneration, accountability and relations with shareholders. It provides a ‘big picture’ sense of what the board (and as a consequence its sub-committees) should do (both codes were updated after the financial crisis in 2008 and again in September 2012)
- the FRC’s guidance on audit committees, which highlights the role of the audit committee in overseeing the following key areas: financial reporting; narrative reporting; whistle-blowing; internal controls; risk management systems; the internal audit process; the external audit process and communications with shareholders regarding its activities.
The guidance then goes on to discuss more practical aspects involved in effectively discharging its role including: membership appointments; the frequency and attendance of meetings; the resources to be made available to the committee; remuneration; the skills, experience and training of the committee members and its relationship with board.
Recognising the diversity of different organisations
The FRC’s guidance is targeted at companies listed on the London Stock Exchange on a ‘comply or explain’ basis, sending the message that it is the spirit, not the letter, of the code that is more important. This approach allows appropriate variations in what should be done based on the challenges and context of the organisation in question.
Audit committee members of overseas organisations, banks and other financial institutions, public bodies, charities, housing associations etc. may need to acquaint themselves with other relevant codes/regulations that set out, specifically, what they need to do.
What do we mean by effectiveness, and how is it typically evaluated?
‘”Am I compliant’ should only be the start’: Audit Committee Chair
‘Am I compliant’ is an understandable question that audit committee members might ask. To answer this, it is common to gather views from audit committee members (and other key managers involved in these meetings) through a written or internet-based survey, reviewing the consolidated results for discussion.
Checklists and surveys are freely available on the internet, but all too often these simply repeat the FRC (or other relevant) guidance, and can turn the effectiveness review into something of a paper chase. When this happens, the challenge for those involved in the evaluation becomes ‘seeing the wood for the trees’.
Some of the compliance-based actions that can emerge from survey-based effectiveness review include:
- updating the audit committee charter
- developing an induction programme for audit committee members
- the need to provide briefings on specific accounting policies and practices (with tax accounting a common improvement area).
However, it is not unusual to find that the outcomes from a survey-based effectiveness review are largely in the category of ‘tightening up the paperwork and housekeeping arrangements’. Often, after a few years, there can be a sense that effectiveness surveys have not really helped the committee to significantly ‘step up its game’. This becomes most clear when a new chair of the audit committee is appointed, and they rapidly judge that more fundamental changes are needed.
‘The problem with self-assessment is the self’: Mannie Sher, Tavistock Institute
The low energy around audit committee effectiveness surveys can stem from audit committee members’ past experiences of surveys that have largely seemed to be about being compliant, and proving that all is in order, with some improvement areas not properly coming to the fore.
One area that can remain ‘below the surface’ would be a feeling from audit committee members that management is not always fully open with them and that they are being managed, or kept at arms length. Conversely, executive management can sometimes feel that the audit committee does not really properly understand the organisation and its issues, regarding committee meetings as a necessary inconvenience, rather than something truly wanted and value-adding.
To avoid the problem of audit committee effectiveness being seen as a compliance / tick box exercise, it is vital to approach audit committee effectiveness with a positive frame of mind that there will be areas for improvement, often aiming to ‘unblock’ hitherto unspoken concerns and reservations. When this is done, audit committee members will be able to reflect on and discuss, in confidence, on how their meetings are working. Usually this will result in more meaningful recommendations that focus on whether the committee is properly discharging its full role and – at the same time – add greater value to senior management and the wider organisation.
The points that follow draw out some of the key areas that can emerge from approaching committee effectiveness reviews through facilitated discussions. These examples cover some of the common areas of difficulty, the reasons for this and some of the pragmatic improvement areas that can emerge.
‘Time waste differs from material waste in that there can be no salvage. The easiest of all wastes and the hardest to correct is the waste of time, because wasted time does not litter the floor like wasted material’: Henry Ford
As outlined earlier, the FRC believes that an audit committee should oversee a range of key risk areas on behalf of the board. Of course, oversight of the accounts, accounting policies/provisions, and accounting disclosures should always be ‘task number 1’; however, the focus on financial accounting and reporting can mean that other roles (eg overseeing the effectiveness of risk management and internal controls) can be marginalised: getting the ‘bare minimum’ amount of time.
On a practical note: ask for a summary of how the audit committee spent its time over the last 12 months, mapping this to its key remit areas. Often one or two blind spot areas (where little time has been spent) may emerge, and equally it may be realised that some other areas have received too much attention. This can include focusing on minor details from whistle-blowing complaints/investigations to extensive discussions about new regulatory compliance requirements or other hot topic areas (eg in the past: the millennium bug and pandemic flu preparedness).
There is clearly nothing wrong with taking a deep dive on important risk areas, but committee members should be mindful of the risk of ‘risk fads’ and risk blind spots; paying close attention to agenda items that run over the allocated time, and also to the agenda items that are regularly squeezed (with internal audit updates commonly emerging as a common area that gets squeezed).
Forward planning the audit committee agenda
‘If you don’t know where you’re going, any road will get you there’: Lewis Carroll
It is clear that the task of planning the topics to be discussed by the audit committee is something that should not simply be left to the finance director and committee secretary, with the audit committee chair mostly ‘rubber stamping’ what is proposed. The best audit committees typically have the committee and its chair playing a proactive role alongside dialogue with the CFO and committee secretary to develop a rolling agenda of topics to be covered, that ties back into the remit of the committee, alongside key risk areas where assurance is required.
The best CFOs regard audit committee suggestions and challenges as a useful way of ‘keeping the organisation on its toes’. A further related weakness reported to me by heads of internal audit is the rigour with which audit committee requests and actions are completed or implemented on a timely basis. Good committees will make a point of following up on earlier action requests and obtain assurances on what has been done.
The question of how to gain a complete and robust view of the key risks facing an organisation, and alongside this, to obtain a robust, comprehensive and ‘joined up’ set of assurances, is a large topic, and will be covered in more detail in a follow-on article.
Audit committee papers
‘I am sorry this letter is so long; I didn't have the time to make it shorter’: Winston Churchill
When topics are tabled, it is clearly important that papers are submitted in plenty of time to be read and that they clearly set out their purpose and the actions/decisions required. In addition, in the committee meeting, care needs to be taken in repeating what has already been said in the paper, since it is not uncommon to hear a committee say: ‘too much time has been spent on procedural matters and going over old ground, rather than debating the substantive matters in hand’, often followed by an admission that some committee members appear not to have properly considered the contents of briefing papers in advance.
To address these weaknesses, committees need to develop strong disciplines around time management in meetings, and encourage solid leadership from the committee chair to encourage proper discussions on big-ticket items, rather than ‘going down rabbit holes’.
In addition, the best audit committees will carry out private ‘how did that go?’ discussions at the end of each meeting. Through these discussions issues of poor papers (often overly long or complex), or unhelpful diversions (by ill-prepared committee members), or apparent evasions by management, can be aired and fed back to both executive managers and audit committee members. These can be delicate points to raise, but timely dialogue about these and other concerns can make audit committee effectiveness a live and on-going process, closely tied to properly examining key risk management and accounting issues for the organisation.
Many of the issues highlighted to date may seem somewhat obvious, even normal, and clearly there needs to be some pragmatism and realism in any committee effectiveness assessment. However, these ‘subtle’ or ‘soft’ areas are often at the heart of what differentiates a reasonable from a great audit committee. In particular, committee members should be mindful of three key behavioural traps, which might be categorised using the language of group dynamics. The three key traps to be mindful of are:
1) The ‘halo effect’ and ‘group think’
It is easy for audit committee members to ‘fall under the spell’ of an impressive CFO or audit committee chair and start to feel that ‘if they think it’s acceptable, they must be right’. By the same token if committee members start to develop a pattern of agreeing on most issues most of the time, the possibility of ‘group think’ (first named by Irving Janus) needs to be considered.
This highlights the importance of being clear about decision making at the audit committee; if the committee are being asked to approve something is this normally a ‘fait accompli’, or does it depend on the view of the chair, or a majority vote? These questions and other group dynamic issues were highlighted during the Walker review into the financial crisis, which emphasised, among other things, the need for a ‘challenge board’.
Within these the audit committee may split along certain lines (eg executive and non-executive, CFO and audit committee chair, or between colleagues with similar backgrounds, or aligned interests). This can result in many matters being discussed offline, with instances of conflicts and stalemates that are not fully resolved; sometimes preventing the organisation from tackling the real issues that threaten it.
3) Fight / flight
In which the committee gets ‘excited’ about issues (eg a fraud, item in the newspaper, or something that affects the committee members personally) out of proportion to the real importance of the issue. This is one of the reasons time management can be challenging, as discussed earlier. This dynamic can also result in the committee looking for a scapegoat when an issue or surprise arises (eg ‘why didn't internal audit find that issue?'), rather than looking at the wider cultural and systemic reasons for the problem (ie do management feel accountable for risk and control as part of ‘business as usual’?; could staff incentives or resource constraints be encouraging ‘corner cutting’?)
It is noteworthy that the Walker report of 2009 examined the lessons learned from the financial crisis and concluded that board behaviour should be a key area for close attention in the future. In that report there is an annex that discusses board dynamics, including the difficulties that can arise between a board and its sub-committees. This annex (co-authored by my good colleague Mannie Sher of the Tavistock Institute) is commended to those interested in exploring these issues in more detail.
It should not surprise audit committee members that one of the reasons that audit committee effectiveness reviews can be rather underwhelming is precisely because of the presence of these, and other, group dynamics. This is why a skilled facilitator, with an awareness of these issues, and an ability to navigate constructively through them, can add so much value to an effectiveness discussion.
I hope you have gained a fresh perspective on some of the key aspects of running an effective audit committee, along with some of the key practical ways effectiveness can easily be improved.
Such effectiveness is best approached via open discussions, supported by good evidence, and with the mindset of looking for ways to maximise the audit committee contribution (glass half full), rather than by noting a list of (glass half empty) short-comings, based on subjective impressions, that may not be closely connected to important accounting or risk management issues.
In my experience there is no such thing as a perfect audit committee, no matter how experienced its committee members are. Paradoxically therefore, it is probably the committees that are most aware of ‘room for improvement’ and are proactively working on this, that are the most effective.
Board behavior – Walker Report
James Paterson is the director of Risk & Assurance Insights Ltd. He consults and trains across a range of risk and assurance areas for ACCA, IIA and CIPFA as well as on his own account. He works alongside the Tavistock Institute on matters related to lean systems and board effectiveness.
James was formerly a member of the supervisory committee of the Institute of Internal Auditors for the UK & Ireland, and before that was chief internal auditor for AstraZeneca PLC.