 |
1. Understand the significant risks facing the company
‘Risk’ is the number one audit committee priority. Audit committees should ensure they have an appropriate understanding of the significant risks facing the organisation and how they, and any resulting vulnerabilities are disclosed to shareholders. Particular attention should be paid to ‘scanning the horizon’ for the unexpected and consideration of the lessons from the financial crisis and recent corporate failings. What’s changed in the operating environment? Have there been any failures – or near misses? What are the risks posed by the extended organisation – procurement, outsourcing, sales and distribution channels? How good are our disaster recovery plans? Are emerging risks – whether slow-moving or fast-hitting – getting sufficient agenda time? Does the audit committee have a good sense of the company’s risk culture beyond the boardroom and senior management level (the tone from the middle is increasingly important)? What steps have management taken to ensure risk management is embedded in the fabric of the organisation? Is the company’s risk appetite clearly articulated and understood?
2. Ensure the system of internal control is fit for purpose and working as intended
The significant risks facing the company and the company’s risk appetite drive the system of internal control. Audit committees should ensure appropriate internal control procedures are in place (whether from operations, head office functions or internal/external audit) for all significant risks including operational risk, compliance risk and risks arising in the wider financial arena - such as indirect tax, treasury, etc. Particular attention should be placed on the low probability, high impact risks. What measures have been taken to identify any changes in the likelihood of such risks crystallising? What steps are in place in the unlikely event of such risks transpiring?
3. Continue to monitor fair value issues, impairments, and management's assumptions underlying critical accounting estimates
These issues, together with loss contingencies, pension funding shortfalls and going-concern challenges, will continue to be a major area of focus for audit committees. Audit committees should recognise that the greatest financial reporting risks are often in those areas where there is a range of possible outcomes, and management is called upon to make difficult judgements and estimates. Has the audit committee considered the processes in place to generate forecasts of cash flow and accounting valuation information, including the choice and consistent use of key assumptions? Are the forecasts and valuation processes supported by appropriate internal controls and reasonableness checks and have those internal controls been tested by internal and/or external audit? Further helpful questions can be found in the FRC’s November 2010 Paper ‘Update for Audit Committees: Issues arising from current economic conditions’.
4. Look beyond the numbers when reviewing corporate reports
Narrative reporting (such as the Business Review), earnings releases and analyst briefings can pose difficult issues because they contain important business information which often does not come from the financial reporting system, is not audited, and is not subject to internal controls. Ensuring management have processes in place to ensure the consistency of the narrative reporting and financial statements – particularly with respect to segmental reporting and the recognition of intangible assets on acquisition – can prevent unwelcome attention from the regulators. The audit committee should also seek assurance as to the adequacy and appropriateness of any non-GAAP measures disclosed within corporate reports. The disclosure of risk and uncertainty is also of increasing concern to regulators and other stakeholders. Are the risks clearly and simply stated? Are there many of them and if so, are they really the principal risks? Is it clear how the risks might affect the company? Further helpful questions can be found in the FRC’s November 2010 Paper ‘Update for Audit Committees: Issues arising from current economic conditions’.
5 Review the anti-bribery and corruption processes.
There are an increasing number of investigations around the world. Penalties are higher, profits are being eliminated, directors and employees are being laid bare to extradition, reputations damaged and companies disqualified from public sector work. For companies operating in Ireland and the UK, the last year has brought new requirements. The Irish anti-money laundering legislation has widened both those with statutory duties in this area and the definition of money laundering, which now extends to holding any form of proceeds as a result of any offence. And the UK Bribery Act applies robust anti-corruption provisions both within the UK and on an extra-territorial basis. Audit committees should ensure that management has implemented ‘adequate procedures’ to prevent bribery and that particular attention is paid to ‘risky’ countries/operations and some of the less well understood areas such as facilitation payments, entertaining costs etc. Is there a comprehensive and regular evaluation of the nature and extent of the bribery and corruption risks to which the company is exposed? Is there the right ‘tone from the top’? Are the policies and procedures clear and practical and appropriately embedded across the organisation? Are they applicable to all employees and to all entities over which the company has control? Does the company engage in appropriate due diligence with respect to all its business relationships, including the supply chain, agents, intermediaries and joint ventures? Do whistle blowing and other feedback mechanisms support the continuous improvement of the anti-bribery regime?
6 Prepare for the potential impact of accounting and other regulatory changes
Audit committees should ensure they are fully appraised regarding the impact of the many changes to GAAP and governance initiatives expected in the near future; for Irish listed companies these include extensions to the corporate governance code introduced by the ISE. The proposed regime for Irish / UK GAAP convergence together with some of the proposed new and revised International Financial Reporting Standards (IFRSs) – not least those addressing lease accounting and revenue recognition - will have a potentially profound impact on the financial statements, business systems, bank covenants, performance related remuneration and taxation. Audit committees need to be sufficiently up-to-speed to ensure management (and the external auditor) is focused on the key issues. Audit committees should also be mindful of governance developments and other regulatory initiatives. The Dodd-Frank Act in the US and the EU Green Papers on ‘Corporate Governance of Financial Institutions’ and ‘Audit Policy’ are all likely to throw up particular challenges in the year ahead.
7 Understand the company’s significant tax risks
Tax authorities are ratcheting-up their enforcement efforts and more aggressively sharing information with a view to increasing the effectiveness of their tax audits. Given this tax risk environment, audit committees should seek to understand the company’s tax risk appetite and management’s processes for managing tax risk. Who is involved? When did the audit committee last meet the Head of Tax? The committee also needs to be cognisant of changes to the tax regime and the potential impact on both the company and key personnel. Are there tax drivers for re-locating the company or reasons for (say) carrying out research and development activities in a better tax regime? What are the risks?
8 Make sure internal audit is properly focused and fully utilised
Help ensure internal audit is adequately resourced and has refined its scope for changes to the company’s risk profile. Internal audit is not accountable or responsible for risk management, but it should provide added assurance to the audit committee regarding the adequacy of the company's risk management processes. Internal audit is most effective when it is focused on risk: ensure that the internal audit plan is risk-based and focuses on the critical risks to the business and not just compliance and financial risks.
9 Understand the impact of performance based remuneration on behaviour
While no single governance model has emerged from the financial crisis as being ‘better’ or more ‘robust’ than the others – the importance of ‘behaviour’ has been demonstrated again and again. While remuneration committees have a role in setting the remuneration of executive directors and senior management, audit committees must also understand the impact of performance based remuneration on behaviour and ensure appropriate checks and balances are in place. Particular attention should be paid when results are ‘at the margin’. When was the last time the audit committee met the chairman of the remuneration committee? Is there cross-membership between the two committees?
10 Evaluate their role in major transactions
With global M&A activity set to recover, audit committees are re-evaluating their role in major transactions. Responsibility generally lies with the full board, but audit committees can be asked to play a larger role both pre and post transaction. In the pre-transaction phase audit committees can provide balance in transaction discussions, oversee due diligence activity and the risks associated with the deal, and provide assurance to the board that management are able to successfully integrate post deal. In the post-transaction phase the audit committee has a role in helping ensure the transaction is accurately reported and that the right controls are in place. The committee might also have a role in monitoring post investment return/progress with a view to improving long-term decision making and learning from anything that went wrong.
Audit Committee Institute Ireland,
Russell Court,
St. Stephen’s Green,
Dublin 2.
Tel: +353 1 410 1160
email: info@auditcommitteeinstitute.ie
www.auditcommitteeinstitute.ie
