"Corporate audit committee members know they have a sizeable task in 2010 as they confront high shareholder expectations, new regulations and legislative reforms, and a tenuous economic recovery", said Mary Pat McCarthy, executive director of the Audit Committee Institute (ACI) and a Vice Chair of KPMG LLP, the U.S. audit, tax and advisory firm.
To help audit committees focus their agendas on key challenges in the year ahead, KPMG's Audit Committee Institute again offers its annual "memo" to directors: "Ten To-Do's for Audit Committees in 2010", highlighting issues that should be top of mind.
"The year ahead is sure to test virtually every audit committee, and these to-do's can be a great catalyst for shaping the audit committee's agenda and focusing its discussions", McCarthy said.
When considering and carrying out their 2010 agendas, audit committees should:
- Regain control of the audit committee agenda. The challenges of the economic crisis – access to capital, cash flow, counterparty risks, impairments, etc. – have dominated audit committee agendas. As signs of recovery emerge, take the opportunity to develop more focused (yet flexible) agendas, with an eye on the company's key financial reporting risks. To improve the efficiency of committee meetings, insist on quality pre-meeting materials, spend less time on low-value or checklist activities, and engage in discussions rather than listening to presentations. Don't let compliance activities crowd-out substantive discussion.
- Understand the risks posed by cost reductions made in response to the economic crisis. Cost cutting has been a key response of most companies to the economic crisis. Every board and audit committee should be asking whether the company's delivery model has been changed permanently, and whether a "cost-reduced" business model can be sustained. Did we cut too much? How quickly can we restore critical infrastructure such as IT and sales force? How far have we extended the organization through outsourcing and off-shoring? As companies cut costs and reduce their workforce, the control environment becomes even more critical. Now is not the time to cut-back on internal audit's budget. (See #6.)
- Focus closely on all financial communications. Earnings releases and scripts for analyst calls often pose more issues than the 10-Qs because they contain important business information – which often does not come from the financial reporting system, is not audited, and is not subject to internal controls. If you haven't already done so – given the uncertainties created by the economic crisis – reconsider the types of earnings guidance the company issues. Engage early-on in reviewing 2010 proxy disclosures, particularly new disclosures regarding risk, compensation, and corporate governance. Understand the company's policy on the use of Twitter and other social media networks to reach investors and customers.
- Continue to monitor fair value issues, impairments, and management's assumptions underlying critical accounting estimates. These issues, together with pension funding shortfalls and going-concern challenges, will continue to be a major area of focus for audit committees. At the same time, there are important new financial reporting developments – including changes in accounting for transfers of financial assets, revenue recognition, and IFRS – that may require the committee's attention. Set aside time at each committee meeting for a deep dive into a specific financial reporting development impacting the company.
- Rethink the audit committee's role in risk oversight – with an eye to narrowing the scope. The tremendous focus on risk today – and the SEC's new rules requiring disclosures about the board's role in risk oversight – is an opportunity for the board to reassess the role of the audit committee (and the full board and the other standing committees) in overseeing risk. Does the audit committee have the expertise and time to deal with strategic, operational, and other risks? Is the expertise of other board members being leveraged? Audit committees already have a lot on their plates with oversight of financial reporting risks.
- Make sure internal audit is properly focused and fully utilized. Help refine internal audit's role – and focus internal audit's activities on key areas of risk, as well as risk management generally. Internal audit is not accountable or responsible for risk management, but it should provide added assurance to the audit committee regarding the adequacy of the company's risk management processes. Internal audit is most effective when it is focused on risk: ensure that the internal audit plan is risk-based and focuses on the critical risks to the business – not just compliance and financial risks.
- Prepare for the potential impact of key public policy initiatives on compliance, risk, and governance processes. Major public policy changes – e.g., healthcare, the environment, energy, and financial services regulation – will impact a broad cross-section of companies and industries, and may impose additional reporting, transparency, and compliance obligations. These, in turn, will require new or modified compliance, risk, and governance oversight processes. As we have already seen, the adoption of the American Recovery and Reinvestment Act of 2009, coupled with the creation of new federal programs and the availability of stimulus funds, has created complex mandates, and companies have had to adjust their compliance programs.
- The economic crisis continues to put pressure on compliance and anti-fraud programs. Be vigilant. The economic downturn has placed tremendous pressure on management to achieve operating results; at the same time, cost cuts and workforce reductions may have exacerbated these pressures. How has the company treated its employees? How do they think they've been treated? A comprehensive review of the company's anti-fraud and compliance programs, including its Foreign Corrupt Practices Act compliance program, may be in order. The right tone at the top and throughout the finance organization is critical.
- Help link change + risk – and monitor critical alignments. Change creates risk. During times of dramatic change, the risk of misalignment – of the company's strategy, goals, risk, controls, compliance, incentives, and people – goes up exponentially. Given the audit committee's role in overseeing risk, internal controls, compliance, and ultimately the impact of significant changes on the company's financials, the committee is in a unique position to help reduce the risk of misalignment.
- Take a fresh look at the audit committee's composition and leadership. The audit committee's effectiveness and accountability hinges on meaningful self-assessments – of the audit committee as a group as well as individual members. Take a hard look at the committee's composition, independence, and leadership. Is there a need for a "fresh set of eyes?"
Reprinted with permission from KPMG's Audit Committee Institute