The Overloaded plate of the Audit Committee
Once upon a time the audit committee' primary responsibility was for financial reporting and the role as owner of the external audit firm relationship. Now Audit committees are facing an expansion of their duties and feeling the pressure from regulators, investors and stakeholders. Menu items on the new regulatory responsibilities include; risk oversight, performance on IT, cyber-security, bribery and corruption issues, 3rd party compliance, financial risks, problems with financial statements, as well as addressing business complexity demands are placing a heavy burden on audit committees.
The duties and responsibilities of the audit committees are stretched thin. Some are now pushing the buck back, shifting the duties elsewhere, and some boards are even creating new committees to spread the workload around. However when the role, tasks and responsibilities begin to pile up, reallocating or rebalancing oversight or performance duties away from the audit committee is not always the right answer.
Risk-based objective assurance
The audit committee is a cornerstone of the board of director's duties. The committee' blackboard now extends well beyond the oversight of financial reporting and includes key areas that determine the organisation's performance, risk management, compliance, accountability, and the integrity of quality data, cyber risk, and the effectiveness of internal control over financial reporting and operations. The long list of oversight responsibilities gets more complicated because the amount of time the audit committee members can commit can be limited.
A healthy working relationship with the internal audit is the key to addressing the time issue of the audit committee. The internal and sometimes the external auditors can support the committee's ability to attain its updated goals, improve performance, enhance and protect organisational values, provide risk-based and objective assurance, advice, and insight.
Too much on the plate
The synergetic relationship between the audit committee and internal audit is the key to addressing the new responsibilities because the structured work of the internal audit can deliver value, while the audit committee can focus on protecting and support the unbiased assurance. Therefore the audit committee and internal audit must update the charters to be prepared to:
- Recognise the resources and competencies needed to provide value and data analytics
- Protect the independence and objectivity of the internal audit team
- Communicate often and at a deep level, both formally and informally
- Agreement and alignment on expectations, design, review, and approvals
- How to hold management accountable for assessing and implementing, internal audit recommendations
The responsibility, role and scope of the audit committee to meet regulatory needs can be fulfilled by a strong working relationship with the internal auditor. The charter will enhance and protect the values based on objective assurance, advice, and insight. Thereby the audit committee can improve its efficiency and effectiveness of all controls of data security and operations and an ongoing and robust dialogue with the board of directors.
Attend one of the two Audit Committee parallel session in London (9th November 2016) and Copenhagen (5th October 2016) to participate in the dialogue to discuss the above and other related issues in detail.
www.copenhagencompliance.com/2016/auditcommitteeanno/dk/index.htm
www.copenhagencompliance.com/2016/auditcommitteeanno/index.htm
To read all articles on audit committee issues see: www.copenhagencompliance.com/2016/auditcommitteeanno/thoughtleadership.htm