Audit Committee Institute

Creating an effective audit committee 1

Sponsored by KPMG

Creating an effective
audit committee

A corporate board of directors establishes an audit committee to assist in discharging its

fiduciary responsibility. How the committee fulfils that mandate varies according to the
clarity of the committee’s mission, the abilities of the committee’s members, and the tone
set at the top of the governance structure. An audit committee that operates effectively is
a key feature in a strong corporate governance culture, and can bring significant benefits to
the company. Some of the characteristics and practices are here presented that, based
on experience, mark a strong and effective audit committee, from the mandate through the
many facets of the committee’s composition, structure and operation. We encourage
each audit committee to review these characteristics, not as elements cast in stone, but
as components in a process that can be -and should be - continually improved to
enhance the committee’s effectiveness.

Establishing an audit committee

In establishing an audit committee, the board should be conscious of the
limitations inherent in having too much of its financial assurance responsibility
handled in committees. Such limitations may include:

z creation of power blocks within the board;

z an inability among directors that are not audit committee members to grasp
fully major accounting or risk issues;

z poor communication of key issues to the full board; and, at worst,

z abdication of responsibility by the full board.

The audit committee mandate should only empower the committee to make
recommendations to the board and not to make decisions in its own right. As
the board must sign off the financial report, it needs to be comprehensively
informed by the audit committee of any issues relating to the financial report on
an ongoing basis.
2 Creating an effective audit committee

Audit committee mandate

In essence, the focus of the audit committee mandate should define the scope
of the committee’s oversight responsibilities and how these responsibilities are
to be discharged. The audit committee should tailor its mandate to the
company’s specific needs, and clearly outline the committee’s duties and
responsibilities, including structure, process and membership requirements.
The mandate should ideally describe the background and experience
requirements for committee members and set guidelines for the committee’s
relationship with management, the internal and external auditors, and others.

Audit committee mandates and responsibilities should be co-ordinated with

their committee responsibilities - some companies have a governance
committee, others have committees focused on particular business risk (e.g.
investment committee, environmental committee, etc.). Care should be taken to
define clearly the roles and responsibilities of each. Mandates should be
detailed enough to clarify roles and responsibilities, but not so detailed that they
include items that cannot reasonably be accomplished.

In order to articulate clearly the terms of reference of an audit committee to the

committee’s members, the full board and to shareholders, a written mandate is
strongly recommended.

An audit committee mandate should be established by resolution of the board

and include the essential elements:
z a general outline of the committee’s purpose;
z a description of duties and responsibilities of the audit committee, including
the review of significant financial responsibilities and disclosures, auditor
independence issues, and oversight of the risk and control environment;
z an overview of the committee’s monitoring role;
z membership, including a requirement that the majority of members be non-
executive directors and independent;
z a description of the role of the chairman;
z the process for appointment of the secretary;
z audit committee reporting requirements to the board;
z protocols for the committee’s central role in ensuring open communication
between all participants in the audit process;
z powers to obtain information from and access to management;
z powers to consult directly with the internal and external auditors;
z operational matters, such as, the minimum number of meetings per year,
agendas, minutes, and reports;
z a general statement about induction of new members;
z the right to obtain independent advice;
z the right to ongoing education for members;
z the committee’s self evaluation process; and
z the board’s process for the review of the committee’s performance.
Once established, the mandate should be reviewed and updated annually, first
by the committee itself and then by the full board. The mandate should be seen
as a living document, changing as the organisation’s internal and external
environmental changes.

The mandate should be made available to shareholders upon request. Audit

committees should be mindful of the implications of increased disclosures
and ensure that they are not undertaking so many responsibilities that they
cannot all be reasonably accomplished, or that such responsibilities might
subject the audit committee to future liability (please refer to Appendix XII for
an example audit committee mandate).
 Creating an effective audit committee 3

Composition

The size of the audit committee will vary depending upon the needs and culture
of the company and the extent of delegated responsibilities to the committee.
The objective is to allow the committee to function efficiently, all members to
participate, and an appropriate level of diversity of experience and knowledge.

Most companies have no set policies for rotating committee members but
depend on weighing a member’s experience against the risk of complacency.
Without a rotation policy, it is important for the board of directors to evaluate an
audit committee member’s performance to see that it meets both the board’s
and the committee’s expectations. Rotation of audit committee members can
provide a practical way to refresh and introduce new perspectives to audit
committee processes. It also enhances the opportunity for a greater number of
board members to gain an in-depth and first hand understanding of the function
of the audit committee.

Audit committee independence is the cornerstone of the committee’s

effectiveness, particularly overseeing a company’s financial reporting integrity
and evaluation of areas where judgments and decisions are significant. Audit
committee members are directors of the organisation, appointed by the
chairman after discussion with the full board. As it is the board that appoints
members to the audit committee, any changes in membership need the formal
approval of the board.

The chief executive officer or managing director and the chief financial officer
should not be members of the audit committee but should be invited to meetings
to help resolve issues more efficiently.

In determining the composition of the audit committee, it is important that formal

qualifications are balanced by consideration of personal qualities and
commercial experience. In some circumstances, it may be more appropriate for
the audit committee to seek expert external advice as the need arises, rather
than trying to maintain particular expertise within the audit committee at all times.

Independence of members
Audit committees should comprise independent non-executive directors. To be
effective in their role, non-executive directors should display the following
characteristics:

Be independent, in fact and appearance as relationships, whether personal,

business, political or philanthropic, may compromise their independence and
therefore their ability actively to challenge management.

Be given timely access to all relevant information, so that they can consider
and discuss it before important decisions are taken.

Be dedicated - the role requires a considerable time commitment and

non-executive directors should devote sufficient time and energy to their
responsibilities. They should be prepared to spend the time necessary to learn
and stay up-to-date about the company and its industry, talking to employees,
management and the auditors. They should also have regular contact with major
shareholders.

Be remunerated for this commitment and take on an appropriate number of

non-executive directorships to enable them to perform their role effectively.

Actively communicate, both formally and informally, with other non-executive

directors.
4 Creating an effective audit committee

Be fully aware of the significant risks faced by the company and take an active
role in the board’s review of the effectiveness of the system of internal control,
including both regular reviews and an annual assessment exercise.

To the extent that they are members of the audit committee, be able to
understand the principles that underpin the preparation of financial statements.

To the extent that they are members of the remuneration committee, have
access to professional advice on remuneration matters from both inside and
outside the company, and be sensitive to the wider scene, including pay and
employment conditions elsewhere in the group and similar companies.

Recognise that ultimately they share responsibility for the leadership and
control of the company with the executive directors and, where things go wrong,
they may be held liable.

The chairman should also be independent and should not also be the board
chairman.

The Investment and Financial Services Association’s (IFSA) definition of an

independent director is well accepted. Under the IFSA definition, an independent
director is a director, who is not a member of management (a non-executive
director) and:
z is not a substantial shareholder of the company, or an officer of, or
otherwise associated directly or indirectly with a substantial shareholder of
the company;
z has not within the past three years been employed in an executive capacity
by the company or another group member or been a director after ceasing to
hold any such employment;
z is not a principal of a professional adviser to the organisation or another
group member;
z is not a significant supplier to or customer of the organisation or another
group member or an officer of, or otherwise associated directly or indirectly
with, a significant supplier or customer;
z has no significant contractual relationship with the company or another
group member other than as a director of the organisation; and
z is free from any interest and any business or other relationship that could, or
could reasonably, be perceived to interfere materially with the director’s
ability to act in the best interests of the organisation.

Examples of other definitions of independence include:

z SOx, which defines independence as not receiving, other than for service on
the board or any board committees, any consulting, advisory, or other
compensatory fee from the organisation, and as not being an affiliated
person of the organisation or any related organisation; and
z requirements of the New York Stock Exchange, which are that an
independent director has no direct or indirect material relationship with the
organisation; that his/her only remuneration from the organisation be as a
director; and that has not been an employee of the organisation, or partner
or employee of the independent external auditor, for a period of five years.

As the audit committee is responsible for the appointment of the external

auditors, all members should be independent and not influenced by any
conflict of interest in the matters that come before the committee.
 Creating an effective audit committee 5

Qualifications of members
Due to the nature of the responsibilities of the audit committee, the board should
have regard to candidates that possess some or all of the following skills and
experience:
z Broad business experience.
z Familiarity with risk management identification and evaluation.
z An understanding of internal control systems.
z Experience of compliance systems.
z An understanding of major accounting and reporting issues.
z Familiarity with the Companies Act financial reporting provisions and
accounting standards.
z An understanding of the roles of the internal and external auditors.
z Familiarity with the fundamental concepts of professional auditing
standards.
z An understanding of the implications of technological change on the
processes of the organisation.

Personal qualities of members

In addition to skills and practical experience, the board should also look for the
following personal qualities when selecting committee members:
z The ability to act independently and be pro-active in advising the full board of
any concerns.
z The ability to ask relevant questions, evaluate the answers and continue to
probe for information until completely satisfied with the answers provided.
z Independence of thought.
z An ability and desire to learn.
z Openness to new ideas and a tolerance for unconventional views.
z An appreciation of the organisation’s culture and values, and a
determination to uphold these organisational values coupled with a
thoughtful approach to the ethical issues that might arise.
z A professional approach to duties, including an appropriate commitment of
time and effort.
z The courage to take and stand by tough decisions.
z Loyalty to the interests of shareholders and other stakeholders.
z Encouragement of openness and transparency, which is demonstrated by
the ability to accept mistakes and not ascribe blame.
z To maintain personally the highest ethical standards.
z To demand the highest ethical standards of behaviour from the internal and
external auditors.
6 Creating an effective audit committee

The role of the audit committee chairman

The audit committee chairman should be knowledgeable of the organisation’s
business, financial and auditing processes and has the following
responsibilities:
z Planning and conducting meetings.
z Overseeing reporting to the full board.
z Leading verbal presentations to the full board.
z Involvement in the selection of audit committee members in conjunction
with the full board.

Audit committee secretary

The audit committee secretary is usually the company secretary. Company
secretaries are uniquely placed: they provide an essential link between the
major elements of the company - directors, management, shareholders and
regulators. As such, the company secretary should be able to assist the board
and audit committee in developing good corporate governance procedures.

The secretary has an important role in ensuring that there are structured
communication channels between the board and the audit committee and that
board members receive reports that keep them adequately informed on the
audit committee’s activities.

The secretary must also ensure that papers support audit committee
recommendations, which are provided to the board, including the minutes that
explain the rationale for the committee’s recommendations.
 Creating an effective audit committee 7

Audit committee relationships and

communication
The key participants, who need to work together to carry out the governance
processes entrusted to the audit committee, are:
z the full board of directors;
z audit committee members;
z management;
z internal audit; and
z the external auditor.

Relationship with the full board

As the audit committee’s responsibilities are ultimately the responsibility of the
board, it is important that board members fully understand significant audit
committee issues. It is critical that proper reporting mechanisms are in place
between the board and its audit committee including established and recurring
reporting on key risk areas.

It is common practice for audit committee minutes to be circulated with the

papers of the next board meeting, and for the audit committee chairman to
provide an update to the board on their contents.

The audit committee must convey any significant concerns that internal audit or
the external auditor has to the full board immediately.

In providing recommendations to the board, the audit committee should ensure

that enough information is provided to allow directors to make fully informed and
well-reasoned decisions. In respect of the review of the financial report, this may
involve the whole board meeting as an audit committee or a full presentation by
the audit committee chairman and CFO to the board with the external auditor
being present.

Recommendations from the audit committee to the board should be supported

by an analysis of the decision-making process and the reasons for the
recommendations including any contingent risks or strong counter arguments. It
would normally not be sufficient merely to circulate the audit committee minutes.

If the board resolves to accept the audit committee’s recommendations, the

minutes should clearly state the resolution and not, for example, merely note
that the minutes of the audit committee meeting were tabled.

The board should also accept the internal and external audit plans, have an
understanding of the processes of the audit committee and receive assurance
on an annual basis that those processes are adequate.
8 Creating an effective audit committee

Relationship with management

It is the role of the directors and management to maintain the system of internal
controls and the role of the internal and external auditor to assess the strength
and quality of those controls and the overall control environment.

As a result, the managing director or CEO needs to foster a culture of

co-operation and understanding within management towards the role of the
internal and external auditors. The managing director or CEO will be aware of
management’s response to requests for information from the auditors, and it is
his or her role to present counter arguments to the audit committee on behalf of
management where there is a difference of opinion between management and
either the internal or external auditors.

Given the importance of the managing director or CEO’s role, and the roles of
other senior management, in respect of the risk and control framework, it is
critical that these senior executives have the respect and confidence of those
they lead and those to whom they report. This includes, but is not limited to,
demonstrating the organisation’s values in their day-to-day behaviour and in
their interactions with the audit committee and the board. These actions,
underpinned by appropriate policies, processes and reward systems, support a
“no surprises” environment.

The managing director or CEO and CFO usually have a standing invitation to
attend audit committee meetings.

Relationship with the internal auditor

The head of internal audit is in the unique position of being employed by
management but expected to review its conduct. As such, it is important for the
internal auditor to retain a degree of independence from management.

Where the internal audit function resides in-house, it is preferable that the head
of internal audit report to the managing director or CEO on a functional basis
and to the CFO for administrative purposes only.

The internal auditor should also have unfettered access to the audit committee.

Where the internal audit function is outsourced, the head of internal audit usually
reports directly to the audit committee and a senior executive.

The committee should receive regular reports from internal audit on the results
of its activities including management’s responses to recommendations made
on controls and compliance. Internal audit should be pro-active in bringing
matters to the attention of the audit committee.

Relationship with the external auditor

The external auditor should also have unrestricted access to the audit
committee. If the audit committee comprises executive directors, then the non-
executive members of the audit committee should request separate meetings
with the external auditor to allow them to discuss issues involving management
freely.

In reviewing the scope of external audit and the remuneration of the external
auditor, the members of the audit committee should undertake the necessary
steps to satisfy themselves that a comprehensive, complete and independent
audit can be and is undertaken.

There should be open and frank dialogue with the external auditor throughout
the year and not simply at the time of finalising the financial report.
 Creating an effective audit committee 9

Induction of new members

The audit committee should have a formal process to induct new committee
members to ensure they understand their responsibilities, current issues,
the objectives of the audit processes and the expectations of the board
concerning the performance of audit committee members. At a minimum, the
induction process should include:
z providing a copy of the committee’s mandate and recent committee papers
and minutes;
z providing copies of relevant company policies;
z an explanation by management and internal audit of the control, risk and
compliance frameworks and current audit and financial reporting issues.
Written materials should support oral presentations;
z meetings with management and internal audit to discuss any unusual
transactions or other matters as required; and
z introduction to the external auditor.
Meetings
The meetings of the audit committee for a public organisation are generally
timed to match the regulatory reporting and audit cycle. Typically, audit
committees have met three or four times a year. However, there is a view
emerging that the number of meetings and their duration should vary
depending on the range and complexity of the committee’s responsibilities.

For audit committees to undertake their activities properly, it is suggested that

the committee may need to meet at least eight times a year to ensure adequate
oversight of the organisation’s assurance processes.

Access to information and independent

advice
Each director has the right to access all organisational information. In
addition, each director should be entitled to seek independent professional
advice at the organisation’s expense, subject to prior consultation with the
board chairman. A copy of the advice received by the director should be
made available to all members of the board.

The right to receive independent professional advice is a policy that should apply
to all members of the board whether serving on board committees or only on the
board itself.

In addition, to ensure the independent role of audit committee members, it is

preferable for the audit committee mandate to authorise the committee to seek
independent professional advice, as it considers necessary.

This may be particularly necessary where errors or deficiencies have occurred

or may potentially occur.

Right of access to employees

The audit committee’s charter should provide the committee with the authority to
conduct any investigation appropriate to Fulfiling its responsibilities and provide
the right to direct access to anyone in the organisation. In exercising that right,
audit committee members need to do so cautiously to ensure that they are not
interfering in the executive prerogatives of management
10 Creating an effective audit committee

Continuing education
There is increasing and dynamic change not only in the area of financial
reporting but in regulatory compliance, technology and business risk. It is
essential that directors have sufficient training to enable them to keep
abreast of such developments. The committee chairman, in consultation with
the board, should monitor the needs and opportunities for further education.

All members should seek periodic continuing professional education both

inside and outside the boardroom. Management, internal and external auditors,
and general counsel are sources of background information and training for
audit committee members. Periodic briefings, reports and presentations by
management, internal auditors and external auditors for audit committee
members should cover operational and financial issues specific to the company
and the industry, and updates on new accounting and auditing standards.
Companies should offer, and committees should insist on, the kind of training
that will enhance their financial literacy and make it possible for them to fulfil
their fiduciary responsibilities. This is especially true of new members, who
should receive a complete orientation that allows them to function effectively
from the very beginning.

Audit committee member remuneration

Audit committee members must be adequately compensated for their
services. In most public companies, deciding on the amount of compensation
is usually the responsibility of the board’s compensation committee or the
finance committee. When calculating the overall remuneration of directors,
an allowance should be made for the considerable skill committee members
are expected to bring to their role on the audit committee and the time
allocated for meeting preparation and attendance.

It is reasonably well established in practice that the committee chairperson

usually receives more remuneration than the members, reflecting his or her
increased responsibilities. Moreover, the board may acknowledge that the audit
committee service warrants higher compensation than other board committees
in recognition of the responsibilities and increased time commitment. In
addition to a yearly fee, some companies may offer payment for each meeting
attended.

Audit committee members should be remunerated at a level that reflects the

time it takes to undertake their duties properly and the expectations should be
clearly documented in writing before the director is appointed to the committee.

Performance evaluation
A structured and formal performance evaluation of an audit committee’s
performance, both collectively and at an individual level can help to ensure
the committee delivers on its mandate and enable the committee to enhance
its contribution to the board continuously. The evaluation may be a self-
evaluation or involve facilitation or review by an external party.
 Creating an effective audit committee 11

Audit committee performance evaluation

An audit committee should undertake a periodic and candid self-evaluation to
assess its activities against its charter and key activities recommended by
industry bodies and professional firms.

The evaluation should seek input from the board, management and the internal
and external auditors.

Key questions suggested in the Report of the NACD Blue Ribbon Commission
on Director Professionalism 2001 edition include:
z are committee meetings productive?
z does the agenda-setting process allow for appropriate issues to be raised
as necessary?
z is the agenda ordered with sufficient time to discuss the most complex and
critical issues?
z can and do the members influence the content of the agenda?
z do members receive sufficient information about agenda items in advance?
z how could the committee be improved in terms of meeting frequency,
duration, content, location and interests? and
z how well informed are non-committee members about the deliberations of
the committee - particularly other members of the board?
The full board should discuss the findings and recommendations and ensure
that appropriate action is taken to enhance the committee’s ability to perform
effectively. Evaluations that are well performed demonstrate the committee’s
intention to meet all its responsibilities.

An approach to audit committee self evaluation

SOx defines the audit committee as "a committee (or equivalent body)
established by and amongst the board of directors of an issuer for the purpose
of overseeing the accounting and financial reporting processes of the issuer
and audits of the financial statements of the issuer."

Audit committee members are faced with increased expectations from many
groups, including shareholders, shareholder and governance activists,
regulators, the media, and fellow board members. The New York Stock
Exchange, in its listing standards proposals, has suggested that a formal
evaluation process be established for the board as a whole and for each major
committee of the board.

The members of audit committees are encouraged to consider the elements

included in this toolkit, as well as other approaches, and then develop their own
tailored approach to evaluating the effectiveness of their audit committees. Any
approach developed should also take into consideration the responsibilities of
the audit committee described in the audit committee mandate. We believe that
evaluation processes should focus on the effectiveness of the audit committee
and not consist of a checklist of compliance with rules and regulations.

A well-thought-out evaluation approach, conducted in an open and constructive

manner, will allow a company and its shareholders to benefit from the collective
insight and experience of each member of the audit committee.
12 Creating an effective audit committee

The following is an overview of possible steps in an evaluation process:

1. Discuss the self-evaluation process that will be adopted, decide who will
coordinate the process, and create the evaluation form and compile the
results.
2. Determine who will participate in providing initial input to the audit
committee - this will include the audit committee members and chairperson
and might also include the chairman of the board, CEO, chairs of other
board committees, CFO, head of internal audit, external auditor, company
secretary, in house counsel, and others that interact with the audit
committee.
3. Provide the evaluation form to all participants and have them return it to the
coordinator for compilation.
4. Use compiled reports that reflect each response and the average rating -
possibly reflecting (1) the overall average, (2) the averages of the audit
committee members, and (3) the average of other participants - as the
basis for a conversation concerning the committee's effectiveness and
areas for improvement.

Evaluation of committee members

A formal evaluation of the performance of all committee members should be

undertaken. The audit committee chairman should evaluate the performance of
committee members, with his or her own performance evaluated by the board
chairman.

The evaluation should consider several aspects, including:

z expertise;
z enquiring attitude and independence;
z judgment;
z ability to take tough, constructive stands at meetings when necessary;
z understanding of the organisation's business;
z understanding of and commitment to the committee's duties and
responsibilities;
z willingness to devote the time needed to prepare for and participate in
committee deliberations;
z responsiveness (timeliness and quality);
z approach to conflict and whether they help the committee manage conflict
constructively and productively; and
z attendance at meetings.
After completing the evaluation, the board chairman and committee chairman
should discuss the outcomes so that appropriate action can be taken. This
action could include training that would enhance issues such as financial
literacy and the member's ability to fulfil fiduciary responsibilities.
 Creating an effective audit committee 13

Our approach is based on ACI's Basic Principles for Audit Committees,

published in mid-2002 (see KPMG's Audit Committee Institute's Web site at
http://www.kpmg.com/aci) as summarised below:
1. Recognise that the dynamics of each company, board and audit committee
are unique - one size does not fit all.
2. The board must ensure the audit committee comprises the "right"
individuals to provide independent oversight.
3. The board and audit committee must continually assert that, and assess
whether, the "tone at the top" embodies insistence on integrity and accuracy
in financial reporting.
4. The audit committee must demand and continually reinforce the "direct
responsibility" of the external auditor to the board and audit committee as
representative of the shareholders (as is now required by SOx).
5. Audit committees must implement a process that supports their
understanding and monitoring of the:
z specific role of the audit committee in relation to the specific roles of the
other participants in the financial reporting process (oversight);
z critical financial reporting risks;
z effectiveness of financial reporting controls;
z independence, accountability, and effectiveness of the external auditor;
and
z transparency of financial reporting.
kpmg.ru

Contact us:

Audit Committee Institute in Russia

Boris Lvov
Corporate Governance, Performance
and Compliance

Tel: +7 937 4477

E-Mail: aci@kpmg.ru

This text is an unaccredited translation and adapted version of "Creating an effective audit committee" prepared by Audit © 2009 ZAO KPMG, a company incorporated under the Laws of
Committee Institute sponsored by KPMG. the Russian Federation and a member firm of the KPMG
network of independent member firms affiliated with KPMG
The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual
International, a Swiss cooperative. All rights reserved. Printed
or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is in Russia.
accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information KPMG and the KPMG logo are registered trademarks of KPMG
without appropriate professional advice after a thorough examination of the particular situation. International, a Swiss cooperative.