Given the uncertainty of today’s environment, audit committees must continue to evolve and sharpen their focus. The primary role of any audit committee is oversight – specifically, in the areas of financial reporting, risk management, and the audit function. An effective audit committee supports the governing board in fulfilling its purpose in the essential areas of achievement – reaching the organization’s greatest potential through fulfillment of its mission; accountability – “how do we know?”, in order to ascertain progress both financially and programmatically; ownership – understanding the organization’s path; and of course, oversight – an essential and full commitment to the fiduciary obligation. Knowing what to ask comes from an understanding of the role and responsibilities.
- What are the most significant risks to financial reporting and how does the organization minimize the risk of fraudulent financial reporting? In the area of financial reporting, the audit committee is tasked with the conduct and integrity of the disclosure of financial information. Executing this responsibility requires an understanding of the significant accounting policies and procedures adopted by management, an assessment of the effectiveness of internal control over financial reporting, and an awareness of business and financial risks impacting the organization. Each of these tasks contributes to the audit committee’s fiduciary role to ensure that the financial reporting is reliable, transparent, and meaningful.
- Does management have effective risk management programs that provide reasonable assurance that risks (including opportunities) will be identified, assessed, and evaluated? An organization’s risk management process requires more depth and breadth in today’s business environment. Above and beyond the “checks and balances” of an internal control system, the risk management programs function as strategic processes, honing a foundation of operational and organizational knowledge. Evaluating the organization’s exposure to risks – financial, programmatic, technological, and/or fraud – the audit committee provides guidance to management to ensure that proper controls are designed and implemented to minimize those risks, and that the controls perform effectively.
- What do you see as the top three risks and is the organization prepared to address them? To be effective, the audit committee needs to continually strengthen its understanding of the organization, the business, and the related risks. The top risks could be related to business processes or to operations, the industry served, information technology (IT) controls, or fraud. Other risks that could be identified include financial resources, staffing resources and/or skills, tax or regulatory compliance, succession planning, or conflicts of interest/independence. Resources with respect to time, talent, and funds may be limited or not available in order to make course corrections. Asking probing questions around these issues and brainstorming with management, the internal auditors, and/or the external auditors allows the audit committee to gain insight and to make certain oversight decisions. At all times, the audit committee needs to assess the risks identified and the impact they may have on the organization as a whole and on the organization’s financial reporting and disclosure.
Audit committee members will be well served to ask these three questions. Fulfilling a vital role in governance, the audit committee ensures integrity and quality in reporting and controls, and must maintain open dialogue and effective oversight to fulfill its fiduciary obligation.