KPMGs Audit Committee Institute has provided a list of the top 10 to-dos for audit committee members this year.
When considering and carrying out their 2010 agendas, audit committees should:
1. Regain control of the audit committee agenda. The challenges of the economic crisisaccess to capital, cash flow, counterparty risks, impairments, etc.have dominated audit committee agendas. As signs of recovery emerge, take the opportunity to develop more focused (yet flexible) agendas, with an eye on the companys key financial reporting risks. To improve the efficiency of committee meetings, insist on quality pre-meeting materials, spend less time on low-value or checklist activities, and engage in discussions rather than listening to presentations. Dont let compliance activities crowd-out substantive discussion.
2. Understand the risks posed by cost reductions made in response to the economic crisis. Cost cutting has been a key response of most companies to the economic crisis. Every board and audit committee should be asking whether the companys delivery model has been changed permanently, and whether a cost-reduced business model can be sustained. Did we cut too much? How quickly can we restore critical infrastructure such as IT and the sales force? How far have we extended the organization through outsourcing and off-shoring? As companies cut costs and reduce their workforce, the control environment becomes even more critical. Now is not the time to cut-back on internal audits budget. (See #6.)
3. Focus closely on all financial communications. Earnings releases and scripts for analyst calls often pose more issues than the 10-Qs because they contain important business informationwhich often does not come from the financial reporting system, is not audited, and is not subject to internal controls. If you havent already done sogiven the uncertainties created by the economic crisisreconsider the types of earnings guidance the company issues. Engage early on in reviewing 2010 proxy disclosures, particularly new disclosures regarding risk, compensation and corporate governance. Understand the companys policy on the use of Twitter and other social media networks to reach investors and customers.
4. Continue to monitor fair value issues, impairments, and managements assumptions underlying critical accounting estimates. These issues, together with pension funding shortfalls and going-concern challenges, will continue to be a major area of focus for audit committees. At the same time, there are important new financial reporting developmentsincluding changes in accounting for transfers of financial assets, revenue recognition, and IFRSthat may require the committees attention. Set aside time at each committee meeting for a deep dive into a specific financial reporting development impacting the company.
5. Rethink the audit committees role in risk oversightwith an eye to narrowing the scope. The tremendous focus on risk todayand the SECs new rules requiring disclosures about the boards role in risk oversightis an opportunity for the board to reassess the role of the audit committee (and the full board and the other standing committees) in overseeing risk. Does the audit committee have the expertise and time to deal with strategic, operational, and other risks? Is the expertise of other board members being leveraged? Audit committees already have a lot on their plates with oversight of financial reporting risks.
6. Make sure internal audit is properly focused and fully utilized. Help refine internal audits roleand focus internal audits activities on key areas of risk, as well as risk management generally. Internal audit is not accountable or responsible for risk management, but it should provide added assurance to the audit committee regarding the adequacy of the companys risk management processes. Internal audit is most effective when it is focused on risk: Ensure that the internal audit plan is risk-based and focuses on the critical risks to the businessnot just compliance and financial risks.
7. Prepare for the potential impact of key public policy initiatives on compliance, risk, and governance processes. Major public policy changese.g., health care, the environment, energy, and financial services regulationwill affect a broad cross-section of companies and industries, and may impose additional reporting, transparency, and compliance obligations. These, in turn, will require new or modified compliance, risk and governance oversight processes. As we have already seen, the adoption of the American Recovery and Reinvestment Act of 2009, coupled with the creation of new federal programs and the availability of stimulus funds, has created complex mandates, and companies have had to adjust their compliance programs.
8. The economic crisis continues to put pressure on compliance and anti-fraud programs. Be vigilant. The economic downturn has placed tremendous pressure on management to achieve operating results; at the same time, cost cuts and workforce reductions may have exacerbated these pressures. How has the company treated its employees? How do they think theyve been treated? A comprehensive review of the companys anti-fraud and compliance programs, including its Foreign Corrupt Practices Act compliance program, may be in order. The right tone at the top and throughout the finance organization is critical.
9. Help link change and riskand monitor critical alignments. Change creates risk. During times of dramatic change, the risk of misalignmentof the companys strategy, goals, risk, controls, compliance, incentives, and peoplegoes up exponentially. Given the audit committees role in overseeing risk, internal controls, compliance, and ultimately the impact of significant changes on the companys financials, the committee is in a unique position to help reduce the risk of misalignment.
10. Take a fresh look at the audit committees composition and leadership. The audit committees effectiveness and accountability hinges on meaningful self-assessmentsof the audit committee as a group as well as individual members. Take a hard look at the committees composition, independence and leadership. Is there a need for a fresh set of eyes?
