Suggestions to improve the performance of audit committees.
In this blog, I discuss how the effectiveness of audit committees could be enhanced in the following areas:
- Audit tendering
- Audit oversight
- Internal financial controls
- Non-financial reporting
The core role of the audit committee is to oversee the external audit and ensure that it is conducted with the appropriate level of rigour, independence and challenge. The effective functioning of the audit committee underpins the trustworthiness of the annual report.
There are several areas in which the effectiveness of audit committees could be enhanced.
Audit quality should be prioritised, as opposed to the quantity of audit tenders. More competition does not necessarily lead to higher quality. For example, if two aircraft manufacturers have a duopoly in large commercial aircraft, economic theory would suggest this lack of competition leads to a bad deal. In practice, this is not the case. The competitive rivalry is so intense that the profitability of both companies, and indeed most of their smaller rivals, is quite modest over the cycle. Customers get a good deal, despite limited competition.
Similarly, in the audit market it may only be necessary for there to be two competitive tenders for the market to be working well. Investors understand that for many of the largest and most complex businesses, only a handful of auditors have the required skill set.
Better disclosure is needed to help investors see which audit committees provide effective oversight, challenging the external auditor and management, and which do not. Two examples spring to mind of the audit committee in action after something went wrong.
Following a profit warning, the chair of a manufacturing company offered investors a meeting to reassure them that the audit committee’s reassessment of the contract risks had been undertaken with great care. I was impressed by the level of detail the audit committee shared, the relevance of its skills, and how much time it was spending on the issues, including scrutinising the costs to completion and potential liabilities.
Following an accounting fraud, I met the chair of the audit committee of a telecommunications company to understand how the fraud had occurred. I was told how much time the audit committee had spent with members of the UK audit team, but ultimately the problem was with an overseas audit team which had not detected the risks in an overseas finance department. With the benefit of hindsight, the red flags were extremely low staff attrition in the overseas finance department and the long tenure of the local audit partner.
Disclosing the number of working days undertaken by the audit committee would be very helpful, both inside and outside meetings throughout the year, not just the number of meetings. I would expect a large acquisitive multinational conglomerate to require a lot more time and attention to ensure effective oversight than a smaller single-product domestic company.
Ideally, the audit committee report would discuss its perspective on key accounting judgements and how it challenged management in these areas. From an investor perspective, it would be interesting to compare these comments with those of the auditor and executive management. Perhaps the audit committee could summarise all its activities in a tabular format, analogous to key audit matters, listing the risks identified and the mitigating actions taken?
Internal financial controls
While there is no requirement in the UK to obtain external assurance over the financial controls, non-executive directors should have an incentive to do this, if they lack confidence in the information given to them by management.
Many investors were disappointed that the UK government’s proposals on ‘Restoring trust in audit and corporate governance’ did not contain a UK version of the US Sarbanes-Oxley Act, which requires chief executives and finance directors to sign up to the truthfulness of material facts and to the proper operation of financial controls, and an external audit of the effectiveness of those controls.
The problem in relying on the Corporate Governance Code is that the good companies honour it, but the bad ones do not.
The audit committee needs to have an appropriate mix of skills and experience to oversee non-financial reporting, such as sustainability reporting and cyber risks, as well as financial reporting.
There are many new sustainability-related standards which will require a lot more disclosure. The cost of sustainability assurance is expected to be comparable to the cost of a financial audit. The audit committee potentially faces a huge increase in workload to appoint and oversee the external sustainability assurance expert. New skills and knowledge within the audit committee are needed to oversee the emerging and complex landscape of sustainability reporting as there are different standards, different practitioner qualifications, and different assurance levels.
Against a backdrop of growing threats to information systems and business continuity, some companies charge the audit committee with the responsibility to oversee cyber risk management, while others have separate cyber committees, or joint responsibility. Investors want to have confidence that the executive and non-executive management understands, monitors and mitigates the cyber risks. It is rare to see good disclosure in this area.
To conclude, the external auditor serves as the primary guard against management bias in financial statements, but as the Roman poet Juvenal wrote, “Quis custodiet ipsos custodes?” (“Who will guard the guards?”).
For financial reporting, and increasingly non-financial reporting, part of the answer is the audit committee. Investors need to trust that the audit committee is functioning effectively.
Jeremy chairs CRUF UK, co-chairs the Capital Markets Advisory Committee (CMAC), which is one of the advisory groups of the International Financial Report Standards (IFRS) Foundation and is a member of the European Financial Reporting Advisory Group (EFRAG) Panel on Intangibles. He is a Fellow Chartered Accountant of the Institute of Chartered Accountants in England and Wales, qualifying with Ernst & Young. Jeremy holds MA and MEng degrees from Cambridge University.
Disclaimer: The views expressed in the blog are those of the author and do not necessarily represent the views of all CRUF participants. To read more about the CRUF’s views on this and other topics, please visit the ‘Our Views’ section of this website.