By Pat Hardiman
A crucial but often overlooked component of an effective internal control framework is the audit committee. Although management is primarily responsible for making sure that the necessary controls are in place to achieve organizational objectives, the governing body ultimately must ensure that management is fulfilling this responsibility. The most effective means of oversight is the audit committee, which helps the governing body oversee the audit of financial statements, ensure that the auditor is independent of management, and address control and compliance weaknesses.
Although audit committees are more established in the private sector than in government, public sector audit committees have become increasingly common over the last several decades. The increased use of audit committees in government has paralleled the increased sophistication of the municipal credit market. Indeed, their advent can be traced to the New York City fiscal crisis of the mid-1970s. At that time, the state and local credit markets were severely challenged for better and more reliable financial information from public issuers. As part of New York City’s debt guarantee from the federal government, the city was required to establish an independent audit committee to help restore credibility to the city’s financial reporting process. The audit committee has since been embraced by the city and incorporated into the charter as part of the city’s governance process.
Over time, respected organizations have advocated for more widespread use of audit committees in government. For example, the U.S. Government Accountability Office recommends that government entities “consider the benefit of using audit committees both to help plan and oversee the entities’ audit procurement process." Likewise, the Government Finance Officers Association, in a recommended practice adopted by the Executive Board, recommends that “every government should establish an audit committee or its equivalent."
Public sector interest in audit committees rises and falls in reaction to events in the financial markets or in response to local developments such as financial difficulties. Recent financial scandals, such as Enron, have increased the need for better oversight of financial reporting and, necessarily, audits. The Sarbanes-Oxley Act of 2002, related SEC rulemaking, and modifications of securities market exchange rules have significantly changed audit committees of publicly traded companies. In the public sector, audit committees generally take one of two forms: (1) they can be part of the governing authority; for example, a city council might convene as the audit committee through a “committee-as-a-whole" or (2) they might exist in a advisory capacity to the governing authority. With the former, the council members serve on the audit committee while with the latter non-council members would serve as the audit committee advisors.
Roles and Responsibilities
The roles and responsibilities of an audit committee can be as broad as the governing body chooses. Some city councils, for example, may convene the audit committee as part of the finance committee’s activities. In other circumstances, the responsibilities of the audit committee could be more specific and might include interviewing and selecting the auditor, approving the audit scope, overseeing management’s implementation of internal controls, and reviewing and approving the financial statements and accounting and financial reporting policies.
Regardless of its form or scope, there are three essential roles that any audit committee should perform:
Independence. The audit committee should be independent of both management and the auditor, thus enhancing the integrity of the financial reporting. In the private sector, such independence is required by Sarbanes-Oxley. In the public sector, the issue of independence is more problematic because some elected positions include the fulfillment of management responsibilities. This is true of the strong-mayor form of government in which the mayor is the chief executive officer.
Communication. Audit committees are effective communication intermediaries between management, the auditor, and the governing authority. Auditing and financial reporting involve increasingly complex and specialized processes that are generally not fully understood by the members of a government’s governing authority. The members of the audit committee help magnify the governing authority’s effectiveness through independent communication of complex and specialized issues.
Accountability. Accountability is enhanced by the synergy between the elected officials who have ultimate responsibility for financial reporting and internal controls and the audit committee members who have the education and experience necessary to advise the governing body on complex financial reporting and internal control matters. The Treadway Commission takes accountability a step further: “The mere existence of an audit committee is not enough. The audit committee must be vigilant, informed, diligent, and probing in fulfilling its oversight responsibilities. The audit committee must, of course, avoid unnecessary or inappropriate interaction with the prerogatives of management; but the oversight must be effective."
Establishing an Audit Committee
Charters and Bylaws. As an empowered advisory body, a public sector audit committee should have a written charter setting forth its purpose, authority, and responsibilities. The charter and bylaws should also define the committee’s organizational structure, identify desired qualifications of committee members, and prescribe member terms, voting and governance requirements, and timetables. Finally, the charter and bylaws should be goal oriented and not so specific as to be restrictive.
Member Experience and Skills. Members of a public sector audit committee should collectively possess the experience and skills necessary to carry out the committee’s responsibilities with respect to the financial audit and internal controls. While it is recommended that most of the members of the committee come from outside the government, familiarity with the public sector environment and governmental accounting is helpful. Individual members should possess the following knowledge, skills, and abilities:
Audit committee members should also be “tough minded." They need to be able and willing to ask the hard, penetrating questions sometimes necessary to discharge their oversight responsibility. They also need to have the ability to deal with controversial matters and make difficult comments and recommendations but do so in a constructive manner to avoid distraction from the issues.
Size and Term. These skills differ among individuals. Therefore, the audit committee skills sets should be a composite of the members. Necessarily one member alone is insufficient and seven probably too many. It is recommended that membership be limited to no more than five nor fewer than three. This size should enable the committee as a whole to properly represent the characteristics described.
Rotation and terms of members should also be addressed in the charter/bylaws. The balance that needs to be struck involves the level of familiarity with the organization, issues, and personalities. Audit committee members should be familiar with the organization, its accounting and financial reporting practices and procedures, audit scope issues and nuances, and the key personalities involved such as the CEO, CFO, comptroller, and audit leadership. However, the level of familiarity should not become too great so as to distract or compromise the mission of the audit committee.
Moreover, performance of the audit committee members should, as for everyone else, be evaluated from time to time. Therefore, it is recommended that members serve for a fixed term and those terms be staggered. This facilitates a natural process of growth, learning, and renewal.
All institutional knowledge and skill sets would not be lost at one time. Similarly, fresh perspective and insight could be incorporated into the audit committee as a matter of course.
Therefore, staggered terms of two to five years are recommended. Also a balance will need to be struck between losing knowledge and experience of well-performing members and the need to periodically reinvigorate the process with new members. It is recommended that members be eligible for reappointment to new terms and that the governing authority evaluate this balance between experience and fresh perspective.
Meetings. Like the financial reporting process, audit committee activities follow a cycle. There are certain matters that will need to be addressed including:
The number of meetings largely depends on the scope of the audit committee’s responsibilities. A minimum of four will be needed to address the foregoing matters. The agenda for each of these meetings might include the following:
Audit Scope Meeting. Topics covered should include:
Financial Statements Meetings.
Management should present the draft financial statements focusing on the major items disclosed in the statements or footnotes:
Internal Control and Compliance Meeting. In addition to the professional standards with respect to communication to audit committees at the conclusion of a financial statement audit, Government Auditing Standards, 2003 Revision imposes additional requirements relating to the scope of internal control and compliance work performed. The auditor is required to communicate the following to the individuals responsible for overseeing financial reporting:
Acceptance of the Audit Results. This meeting should include a confidential executive session between the auditor and the audit committee to provide a formal opportunity for the auditor to discuss matters without the presence of management. This further enhances the independence of the audit process.
Other Meetings. Other meetings might be held to select an auditor or to address issues best discussed separately, such as large accounting or reporting changes.
In summary, audit committees are a very effective institution that public sector entities could use to enhance the integrity of their financial reporting processes. They have been recommended by the GFOA, the GAO, and other national organizations. Moreover,as has been seen from the foregoing, they are not difficult to implement nor are the efforts so large as to be cumbersome.
Patrick Hardiman is a partner in Deloitte & Touche, LLP in Wilton, Connecticut.< Back to Town And City Home