Transcript Document
Corporate Governance Program for Bank Directors of Indian Banks
Audit Committee Effectiveness – What Works Best
Presentation by:
Rahoul Chowdry
Global Banking & Capital Markets Leader
16 December 2005, Mumbai pwc
• • • • • •
Recent research shows that in Australia
32% die of natural causes 30% die from cancer 25% die from heart disease 10% die from road and other accidents 2.5% die from insect and snake bites 0.5% are taken by crocs and sharks
2
pwc
• • • • • •
Recent research shows that in Australia
32% die of old age 30% die from cancer 25% die from heart disease 10% die from road and other accidents 2.5% die from insect and snake bites 0.5% are taken by crocs and sharks
…….
but no one has yet died from boredom listening to presentations 3
pwc
Agenda
I.
Oversight responsibilities of Audit Committees II. Relationships with: - Management - Internal Auditors - External Auditors III. Key to effectiveness - Committee composition - Training - Meetings - Charter & evaluations
4
pwc
I. Oversight responsibilities of Audit Committees
• Integrity of financial reporting • People and culture • Compliance and ethics • Risk management • Internal control and systems
5
pwc
6 Financial Reporting
• Committees need to - Understand financial statements through discussion with management and external auditors - Understand accounting policies - Assess quality, not just reliability, of earnings - Apply appropriate level of skepticism and ask probing questions - Be comfortable with treatment of unusual/complex issues pwc
Financial Reporting
• Other keys - Review significant period-to-period changes and challenge sudden changes - Recognize financial reporting areas most susceptible to fraud Revenue recognition Expense classification Accounting for business combinations Provisions Areas of judgement Suspense / Clearing accounts
7
Maintain healthy skepticism when considering the risk of fraud―it is never zero Understand any concerns raised by auditors pwc
8 Narrative Reporting
• Review disclosures and consider consistency with financial statements • Many specific disclosures required by regulators • Leading audit committees focus on transparency―whether all significant developments are fully disclosed pwc
People and Culture
People and Culture
• Capabilities, training of people • Strong culture based on - Integrity - Transparency - Meritocracy - Consultative - No fear • Strong culture results in better internal control, a natural desire to “do the right thing” and fewer surprises
10
pwc
Compliance and Ethics
Codes of Conduct
• Many committees oversee compliance with code of conduct - Review and approve code - Ensure it is communicated to all employees and they attend training - Understand program for monitoring code compliance and review reported violations and follow-up actions • A similar approach should be taken to overseeing compliance with laws and regulations
12
pwc
Whistleblower and Complaint Hotlines
• For US listed companies audit committee must establish processes to receive complaints about accounting and auditing • Complaints should be reported to the committee who should review remediation actions taken, ensuring they are timely, consistent, and appropriate
13
pwc
Risk Management and Internal Control
Risk Management
• Audit committees increasingly oversee risk management processes • Committees can fully embrace this role by - Understanding how risk management processes are tailored to company’s specific needs - Probing whether the processes are ongoing —not just at a point in time - Ensuring responsible individual has appropriate stature, expertise, and time - Meeting periodically with chief risk officer
15
pwc
Internal Control – the 5 key components 16 5.
4.
3.
2.
1.
pwc
Internal Control – the 5 key components 17 Control Environment
• Sets tone of organization – influencing control consciousness of its people.
• Factors include integrity, ethical values, competence, authority, responsibility.
• Foundation for all other components of control.
pwc
Internal Control – the 5 key components 18 Control Environment
• Sets tone of organization – influencing control consciousness of its people.
• Factors include integrity, ethical values, competence, authority, responsibility.
• Foundation for all other components of control.
Risk Assessment
• Risk assessment is the identification and analysis of relevant risks to achieving the entity’s objectives – forming the basis for determining control activities.
pwc
Internal Control – the 5 key components 19 Control Activities
• Policies/procedures that ensure management directives are carried out.
• Range of activities including approvals, authorizations, verifications, recommendations, performance reviews, asset security and segregation of duties.
Control Environment
• Sets tone of organization – influencing control consciousness of its people.
• Factors include integrity, ethical values, competence, authority, responsibility.
• Foundation for all other components of control.
Risk Assessment
• Risk assessment is the identification and analysis of relevant risks to achieving the entity’s objectives – forming the basis for determining control activities.
pwc
Internal Control – the 5 key components Monitoring
• Assessment of a control system’s performance over time.
• Combination of ongoing and separate evaluation.
• Management and supervisory activities.
• Internal audit activities.
20 Control Activities
• Policies/procedures that ensure management directives are carried out.
• Range of activities including approvals, authorizations, verifications, recommendations, performance reviews, asset security and segregation of duties.
Control Environment
• Sets tone of organization – influencing control consciousness of its people.
• Factors include integrity, ethical values, competence, authority, responsibility.
• Foundation for all other components of control.
Risk Assessment
• Risk assessment is the identification and analysis of relevant risks to achieving the entity’s objectives – forming the basis for determining control activities.
pwc
Internal Control – the 5 key components Monitoring
• Assessment of a control system’s performance over time.
• Combination of ongoing and separate evaluation.
• Management and supervisory activities.
• Internal audit activities.
Control Activities
• Policies/procedures that ensure management directives are carried out.
• Range of activities including approvals, authorizations, verifications, recommendations, performance reviews, asset security and segregation of duties.
Information and Communication
• Pertinent information identified, captured and communicated in a timely manner.
• Access to internal and externally generated information.
• Flow of information that allows for successful control actions from instructions on responsibilities to summary of findings for management action.
21 Control Environment
• Sets tone of organization – influencing control consciousness of its people.
• Factors include integrity, ethical values, competence, authority, responsibility.
• Foundation for all other components of control.
All five components must be in place for a control to be effective.
Risk Assessment
• Risk assessment is the identification and analysis of relevant risks to achieving the entity’s objectives – forming the basis for determining control activities.
pwc
Internal Control
• Focus on areas of greatest potential risk, such as • Management override of controls • Outside service providers • Information technology • Mergers and acquisitions Poor culture Recurring control weaknesses Payment systems Proper segregation of duties • Understand extent to which internal audit plans address other high-risk areas in compliance and operations • Committees should understand the nature and severity of control deficiencies, management’s remediation plans, and impact on financial reporting
22
pwc
II. Oversight of Management and Internal Audit
Relationship with Management
• Challenge is balancing advising and counseling management with fiduciary duty to monitor and oversee management • To build trust, need strong, open two way communication channels • Clear understanding on where management’s responsibilities end and committee’s begin • Management should seek committee’s input in advance of key decisions • Evaluate management’s performance and assess bench strength
24
pwc
Relationship with Internal Audit
• To be effective, internal audit must have appropriate stature within the company • Accomplished by - Having internal audit director report directly to committee Ensuring internal audit’s continual access to committee - Playing key role in selection, evaluation, compensation, succession of internal audit director
25
pwc
Relationship with Internal Audit
• Also key is for committee to Review and approve internal audit’s charter and plans - Monitor execution of plans and approve major changes - Understand results of audit work, with focus on most significant findings - Ensure internal audit has budget and resources needed
26
pwc
Relationship with external auditors
• Auditors should report directly to the committee • Audit Committees have a role in - Selecting, or reappointing, external auditors Evaluating auditors’ performance Ensuring auditors’ independence - Candid and ongoing communications are vital, and timely and robust dialogue on complex issues is essential
27
pwc
III.Key to Audit Committee Effectiveness
pwc
Members’ Attributes
• Key is good understanding of the business — including company’s products, services, and industry • Willingness to dedicate substantial time and energy • Other relevant attributes - Extremely high level of integrity - Healthy skepticism and courage to challenge - Inquisitiveness and independent judgment • Good financial knowledge • Regular training
29
pwc
Participants
• Both internal audit director and external auditors typically attend every meeting • Management’s participation is important • Meet privately with internal audit director, external auditors, finance management, and others, as warranted • Guard against too many observers • Audit Committees should meet at least 4 times a year
30
pwc
Evaluation
• Evaluate committee performance regularly by comparing activities against - Charter - Leading practice • Assess committee dynamics, not only on
what
the committee does, but also on
how effectively
it functions • Should be robust—not simply a “check the box” exercise • Obtain feedback from board, management, internal audit, general counsel, and external auditors
31
pwc
Thank You
pwc