In the wake of several high-profile collapses and scandals, political and regulatory attention remains heavily focused on the audit profession.

Back in 2014, IFAC published the article Making Financial Reporting Better: Strengthening the Financial Reporting Supply Chain asking the question:

"Is it sufficient to wait until the next crisis hits and ask only: “where were the auditors?"

The article highlighted that to improve the quality of financial reporting, only a holistic, critical assessment of the entire financial reporting chain will be effective - a coordinated approach that considers all the people and processes involved in the preparation, approval, audit, analysis, and use of financial reports.

Yet almost 5 years later, the issue still stands that audit is being considered in isolation of the wider ecosystem. Corporate failures have resulted from significant failures in governance, and proposed audit remedies are not likely to succeed unless other aspects of the system are also addressed. This includes reviewing the roles of the audit committee and executive management, the effectiveness of the CFO and finance function (including their role in supporting those charged with governance), and the value of the internal audit function.

The IFAC PAIB Committee considered these topics at its recent meeting in March, which included a presentation from the Institute of Internal Auditors on its plan to update the ‘Three Lines of Defense’ model, and development of a tool to evaluate the effectiveness of the finance function (to be published later this year).    

In addition, four PAIB Committee members shared their experiences on audit committee effectiveness, drawing from their roles on boards and audit committees, or from their interactions with audit committees. The PAIB Committee then considered what was enabling and disabling audit committee effectiveness in their jurisdictions.

Laurie Tugman, Canada:


The external perception of audit committees focuses on their role in oversight of financial reporting and of the auditors. But the reality is that only a small number of companies run into trouble because of issues with their financial reporting or audit.

Considering instead the internal perspective, the vast majority of audit committees are facing a different set of challenges. While there is no question that financial reporting and oversight of the auditors are still dominant agenda items, audit committees are facing a growing list of new obligations on top of their core responsibilities. This presents a number of challenges, including:

  • Workload and time commitment. Obligations are being added to their mandate, but nothing is being removed. The volume of materials an audit committee must review can easily exceed 800 pages.
  • Expertise to deal with new items to the agenda. Audit committees are increasingly forced to seek advice from outside expertise on:
    • Cyber security and other IT related matters;
    • Risk management, which commonly comes under the purview of the audit committee where there is no separate risk committee. Often members may not have expertise in risk management beyond financial risk, which is too narrow a definition as it relates to risk management; and
  • Composition of the audit committee. In Canada, all audit committee members must be financially literate, but do not necessarily need to be accountants. The challenge is to ensure diversity of expertise and experience, which is crucial given the widening mandate of the audit committee beyond financial reporting. 

As an audit committee chair, I think it’s important that the audit committee has:  

  • A clearly-defined mandate and open and clear communication with the CFO and executive management; and
  • Internal expertise. While an audit committee can rely on outside experts, an effort must also be made for continuous education to understand emerging issues, as well as to develop an awareness of best practices.

Datuk Zaiton Mohd Hassan, Malaysia:


A change in government in Malaysia, coupled with a transition to International Financial Reporting Standards (IFRS), have revealed weaknesses in many company balance sheets. 

First and foremost, the ultimate responsibility for the integrity and accuracy of the financial statements lies with a company's board. Oversight of financial reporting can be delegated to the audit committee, but that delegation does not absolve the board of their obligations. 

In Malaysia, there has been a recent case, following a change of board, where the new board of directors actually took legal action against the old board because of significant issues discovered.

For publicly listed companies, the rules in Malaysia are very clear that at least one member of the audit committee must be a qualified accountant. The problem is that audit committees often end up with just that - one qualified accountant, which puts a huge burden on one individual.

The auditors provide another check and balance or line of defense. It is therefore in the audit committee's interest to ensure that the external auditors are properly and appropriately remunerated. Squeezing the audit fee and seeing the audit as a commodity risks reducing audit quality.  

Like other jurisdictions, regulatory attention in Malaysia has also been on the audit profession. The Malaysian securities commission is becoming more active, having recently fined a big 4 firm over half a million USD for failing to highlight weaknesses in a company's financial statements.

The change in government also exposed some shocking truths in public sector financials, revealing a serious need to upskill professional accountants' level of competency in public sector accounting and auditing. Otherwise, whatever remedial work is being undertaken to get public sector institutions back on track will be wasted effort.

Wendy Yung, Hong Kong:


In Hong Kong, traditionally the audit committee has always been the board committee that listed companies place the most emphasis on, as it is charged with the critical task of ensuring the integrity of financial statements.

Over the last few years, Hong Kong has not experienced the level of high-profile corporate failures seen elsewhere around the globe and is therefore not facing the same regulatory challenges in terms of audit and governance reform.

However, many of the challenges for company boards, public sector boards, and audit committees are similar to those tackled internationally. These include workload, member skillsets, and debate as to where risk management oversight should sit.

Emerging governance trends in Hong Kong include:

  • Difficulty in recruiting well-qualified and suitably experienced professionals for independent director roles, particularly in light of the greater diversity of skills needed. The level of independent director fees, while rising, remain relatively “low” by international standards.
  • Regulatory focus on valuation issues around mergers and acquisitions, in response to instances of assets being purchased at overvalued amounts. Valuation of “new economy” companies is challenging in particular.
  • Reporting of key audit matters by the external auditors, and its relationship with audit committee reporting. In theory there should be alignment between the two, but this is not always the case.

In some Asian countries, there is also a growing expectation from investors to be able to meet directly with the audit committee chair.

Greg Bedard, United States:


As a subset of the overall board, the audit committee will most likely not be sourced with one particular skill set in mind; rather, it is crucial to ensure diversity of perspectives, and not limited to financial reporting and accounting acumen.

Ensuring effective governance requires collaboration across all three lines of defense, a partnership between senior management, internal audit and the audit committee. 

From a management perspective, effective engagement with the audit committee is vital to support them in their oversight role. This includes:

  • Providing insight into emerging risks on the horizon. In the financial services and insurance sector this may include certain market and capital risks, changes in business strategy, and actuarial valuation;
  • Presenting focused updates on what is happening in each business, moving beyond the basics of what they do to focus on what is most important: specific challenges, risks and opportunities;
  • Ensuring they consider what issues are most appropriate to engage with the audit committee versus take up with another board committee.
  • Responding to the audit committee's requests for information on topics of interest to them.

Prudential's vice chairman, Rob Falzon also shared his perspective on the role of the finance function in supporting the audit committee, emphasizing that concise and understandable communication is key. This means being able to identify and share important and relevant information for the attention of the audit committee.

IFAC will continue to explore ways to strengthen audit committee practices, whilst recognizing there is no one size fits all model, and practices vary widely across jurisdictions, sectors and between companies.

A Summary of enablers and disablers of audit committee effectiveness

 

Enabling effectiveness

Disabling effectiveness

Composition

  • Independent director as chair of the audit committee
  • Diversity with more than one qualified accountant
  • Bravery of non-executive directors to challenge management when necessary
  • Poor chair and poor group dynamics
  • Size – too small or too large

Skills, competence and expertise

  • Financial literacy, specialist skills, industry knowledge and awareness of local environment
  • Thorough understanding of how the business creates value, and the opportunities and risks
  • Access to external specialists
  • Effective orientation for new members
  • 360° evaluation of audit committee members
  • Training, guidance and tools
  • Lack of training
  • Significant lack of financial and accounting expertise
  • Committee members not always keeping up with company developments
  • Scope
  • Well-defined and clear scope of responsibilities, which are appropriate and understood
  • Clear terms of reference
  • Lack of clarity of role
  • Micromanagement - operational rather than governance
  • Communication
  • Meaningful and concise information from management
  • Direct access to teams and departments
  • Quality relationship between the board and the audit committee
  • Collaborative relationship with management
  • Information not provided in a timely manner
  • Too much irrelevant information
  • Restricted or overmanaged access to staff and board
  • Lack of quality interaction with the board on significant matters
  • Meetings and agenda
  • Control of the agenda (no undue influence from management)
  • Appropriate frequency and efficiency of meetings
  • Inappropriate allocation of audit committee focus - e.g. too much on external financial reporting
  • Lack of post audit quality review
  • Internal audit. external audit and the finance function
  • Strong internal audit function with sufficient capability for the size/complexity of the organization
  • Direct reporting line of internal audit to the audit committee chair
  • Strong finance function
  • External audit "independence" in appearance but not in reality
  • Audit fees – quality vs cost (sufficient not excessive)
  • Regulator
  • Direct communication with the regulator
  • Recognition that the regulator enforces the ‘baseline’/minimum framework which can be enhanced through good practices
  • Regulatory and compliance burden
  • Compliance mindset to only satisfy the requirements and do the 'minimum'

 

 

Laura Leka

Principal, IFAC

Laura Leka is a Principal in IFAC's thought leadership team, focusing on initiatives in support of finance and accounting professionals working in business and the public sector. She was previously an Audit Manager at Grant Thornton, specializing in public sector audit in the UK, and prior to that worked for the Audit Commission. She also spent a year on secondment to the International Integrated Reporting Council (IIRC), where she was responsible for managing their public sector and business network programs. Laura is a member of the Chartered Institute of Public Finance and Accountancy (CIPFA), and holds a Bachelor of Science (Hons) degree in Mathematical Physics from the University of Nottingham (UK).