Who is responsible for overseeing the internal audit function?

Composed of individuals who serve on an organization’s board, an audit committee is responsible for ensuring an organization operates in an ethical environment and complies with laws and regulations. Charged with oversight of financial reporting, risk management and internal controls, audit committees also are responsible for selecting the public accounting firms that serve as their organizations’ external auditors as well as for maintaining relationships with their organization’s own internal audit team.

The essential nature of audit committee responsibilities was reinforced in 2002 with the passage of the Sarbanes-Oxley Act, which significantly strengthened the role of audit committees in organizational governance. Individuals who pursue an online Master of Accountancy degree can acquire knowledge and skills that could be beneficial when they interact with and report to audit committees.

Audit Committee Role and Duties

The breadth of an audit committee’s role and duties is demonstrated by its responsibilities. Some of the most significant responsibilities under the purview of an audit committee include the following:

• Ensuring the organization’s financial statements are understandable and reliable.
• Ensuring the organization establishes a thorough risk management process and effective internal controls.
• Reviewing the organization’s policies, particularly in areas such as ethics, conflict of interest and fraud.
• Reviewing the organization’s litigation and regulatory proceedings.
• Selecting and implementing a direct reporting relationship with the public accounting firm that serves as the organization’s external auditor.
• Establishing communication with the organization’s internal auditor and reviewing all audit findings.

Audit committees also play a significant role in setting the tone of an organization. They do so by ensuring their organizations develop and implement a code of conduct and establish effective communication channels. Audit committee members also need to be aware of what management is doing to achieve compliance with laws and regulations, and they must be knowledgeable about issues such as ongoing investigations and disciplinary actions.

With such a broad scope of responsibilities, these committees can face significant challenges. In its 2019 survey of 1,300 audit committee members worldwide, KPMG identified two of the greatest challenges to audit committees performing their core oversight responsibilities:

• Maintaining internal control over financial reporting, disclosure controls and procedures.
• Helping ensure their organization has the talent and resources to maintain quality financial reporting.

KPMG also reported that audit committee members viewed technological innovation, digital disruption and the complexity of business as the factors that place the most pressure on risk management and internal controls.

How an Audit Committee Operates

The charter an audit committee establishes sets the foundation for its operations. The elements of the charter lay the groundwork for carrying out all audit committee responsibilities. For example, an audit committee’s charter may be drafted to accomplish the following key tasks.

• Set forth the audit committee’s purpose and list its specific responsibilities in detail.
• Establish the audit committee’s authority to carry out specific responsibilities, such as appointing and compensating an external auditor, obtaining information and meeting with officers of the organization.
• Define the composition of the audit committee, how members will be appointed and any requirements for expertise among the members.
• Describe how the audit committee will conduct meetings, how often it will meet, who must attend meetings and the circumstances under which the audit committee will meet in executive session.

The precise composition of an audit committee depends on the type of organization the committee serves. For example, publicly traded companies in the United States must comply with the rules of the U.S. Securities and Exchange Commission (SEC) in areas such as audit committee composition, independence and member qualifications. The audit committees of governmental entities must comply with requirements established in state statutes, city or county charters, municipal codes or local laws.

The expertise of members and the ongoing training they receive have a significant effect on an audit committee’s ability to carry out its responsibilities. Audit committees must continuously update their knowledge in areas such as new accounting methods, technology and financial disclosures.

What Makes Audit Committees Effective

How effective the committee is in executing its audit committee responsibilities can be influenced by several factors:

• Having a strong audit committee chairperson who can facilitate productive meetings and communicate effectively is essential to the success of an audit committee.
• Providing training to audit committee members through adjunct meetings, retreats or courses offered by governance organizations helps committee members carry out their responsibilities.
• Performing a self-assessment helps an audit committee identify and address opportunities for improving its oversight activities.
• Ensuring transparency in its activities allows an audit committee to share important information with stakeholders.
• Establishing effective communication — both internally among audit committee members and externally with management, auditors and non-audit board members — helps an audit committee demonstrate how it is carrying out its responsibilities.
• Ensuring diversity among committee members in terms of experience and knowledge enhances its capabilities and proficiency.

Among the most important characteristics of an effective audit committee is strong communication with and oversight of auditors. Audit committees need to have a good working relationship and direct line of communication with the public accounting firm that serves as the organization’s external auditor. They also must establish a strong rapport with internal auditors to promote effective internal controls.

Explore How a Master of Accountancy Could Enhance Interaction with an Audit Committee

Understanding audit committee responsibilities is essential for individuals who wish to pursue careers in auditing or public accounting. Through the University of North Dakota’s online Master of Accountancy program, students can acquire valuable knowledge to draw upon when interacting with and reporting to audit committees. Learn how to enhance your expertise today.

Sources:

Association of Local Government Auditors, Audit Committee Guidance

CFA Institute, Audit Committee Role & Responsibilities

Deloitte Center for Board Effectiveness, Audit Committee Requirements and Governance Topics

Harvard Law School Forum on Corporate Governance, “The Strategic Audit Committee: a 2020 Preview”

The Institute of Internal Auditors, The Audit Committee: Purpose, Process, Professionalism

International Federation of Accountants, “5 Key Factors to Enhance Audit Committee Effectiveness”

KPMG, Keeping pace with disruptive risk and digital transformation, 2019 Audit Committee Pulse Survey

NACD BoardTalk, “How to Get First-Time Audit Committee Members Up to Speed”

U.S. Securities and Exchange Commission, Statement on Role of Audit Committees in Financial Reporting and Key Reminders Regarding Oversight Responsibilities

The audit committee must make effective use of the internal audit function in giving assurance on risk management, governance and internal control systems.

Effective corporate governance
Internal audit: a vital tool of the audit committee
Reviewing the work of internal audit 

Effective corporate governance 

The IIA International Standards define governance as “the combination of processes and structures implemented by the board in order to inform, direct, manage and monitor the activities of the organisation toward the achievement of its objectives”.

According to the Financial Reporting Council’s (FRC’s) UK Corporate Governance Code, the purpose of corporate governance is to facilitate effective, entrepreneurial and prudent management that can deliver the long-term success of the company. Strong corporate governance relies on robust processes for reporting, risk management and internal control. According to the Code, directors should monitor the company’s risk management and internal control systems and, at least annually, carry out a review of their effectiveness, and report on that review in the annual report.

Culture, values and ethics are increasingly important considerations in the governance of organisations. For the first time the 2014 edition of the Corporate Governance Code highlights a key role for the board in establishing culture, values and ethics, considering among other things the culture it wishes to embed, and whether this has been achieved. It is not sufficient for the board simply to set the desired values. The board also needs to ensure they are communicated by management, incentivising the desired behaviours and sanctioning inappropriate behaviour, and must assess whether the desired values and behaviours have become embedded at all levels.

In many organisations audit committees are charged with overseeing, on behalf of the board, the quality of all the above processes. Indeed the establishment of an audit committee is a requirement of the Corporate Governance Code for publicly listed companies on a comply-or-explain basis. In other organisations the board and its individual directors will retain some or all of the functions of committees of the board, such as the audit or risk committee.

Internal audit: a vital tool of the audit committee 

The audit committee’s tasks include reviewing the company’s internal controls and, unless expressly addressed by a separate board risk committee composed of independent directors or by the board itself, reviewing the company’s governance and risk management systems. To do this, it utilises the skills and expertise of the internal audit function, agreeing the scope of its work, its priorities and resources.

It must also monitor and review the effectiveness of the organisation’s internal audit function. Where there is no internal audit function, the audit committee should consider annually whether there is a need for it and make a recommendation to the board, and the reasons for the absence of such a function should be explained in the relevant section of the annual report.

The audit committee reviews and approves internal audit’s remit, having regarded the complementary roles of the internal and external audit functions.

It ensures that internal audit is free to work independently and objectively, i.e. free from the influence of those being audited. It ensures that internal audit has the necessary resources and access to information to enable it to fulfil its mandate, and is equipped to perform in accordance with appropriate professional standards for internal auditors (IIA's Code of Ethics and the International Standards for the Professional Practice of Internal Auditing). The committee also approves the appointment or termination of appointment of the Head of Internal Audit, and its chair should play a direct role in decisions concerning the Head of Internal Audit’s appraisal and remuneration.

Reviewing the work of internal audit 

In its review of the work of internal audit, the audit committee:

• Ensures that the Head of Internal Audit has direct access to the board chairman and to the audit committee, and is accountable to the audit committee;

• Ensures that internal audit is appropriately tasked and resourced, and has sufficient authority and standing to carry out its tasks effectively;

• Reviews and assesses the annual internal audit work plan;

• Receives a periodic report on the results of the internal auditors’ work;

• Reviews and monitors management’s responsiveness to the internal auditor’s findings and recommendations;

• Meets with the Head of Internal Audit at least once a year without the presence of management; and

• Monitors and assesses the quality and effectiveness of internal audit, and its role in the overall context of the company’s risk management system.

Next: Governance of risk - three lines of defence

Content reviewed: 21 September 2020