Recognizing the sizeable challenges that audit committees and boards face in 2010, KPMG’s Audit Committee Institute (ACI) has issued its annual “memo” to directors – “Ten To-Do’s for Audit Committees in 2010”—highlighting key issues that should be top of mind as audit committees think through their agendas for the year ahead. We offer an abbreviated version here.
1. Regain control of the audit committee agenda. As signs of recovery emerge, take the opportunity to develop more focused (yet flexible) agendas, with an eye on the company’s key financial reporting risks. Insist on quality pre-meeting materials, spend less time on low-value or checklist activities, and engage in more discussions rather than listening to presentations. Don’t let compliance activities crowd out substantive discussion.
2. Understand the risks posed by cost reductions made in response to the economic crisis. Every board and audit committee should be asking whether the company’s delivery model has been changed permanently, and whether a “cost-reduced” business model can be sustained. Now is not the time to cut back on internal audit’s budget. (See #6.)
3. Focus closely on all financial communications. Earnings releases and scripts for analyst calls often pose more issues than the 10-Qs because they contain important business information—which often does not come from the financial reporting system, is not audited, and is not subject to internal controls. Reconsider the types of earnings guidance the company issues. Engage early on in reviewing 2010 proxy disclosures, particularly new disclosures regarding risk, compensation, and corporate governance. Understand the company’s policy on the use of Twitter and other social media to reach investors and customers.
4. Continue to monitor fair value issues, impairments, and management’s assumptions underlying critical accounting estimates. These issues, together with pension funding shortfalls and going-concern challenges, will continue to be a major area of focus for audit committees. Take time, too, for deep dives into specific financial reporting developments.
5. Rethink the audit committee’s role in risk oversight—with an eye to narrowing the scope. The tremendous focus on risk today—and the SEC’s new rules requiring disclosures about the board’s role in risk oversight—is an opportunity for the board to reassess the role of the audit committee (and the full board and the other standing committees) in overseeing risk. Does the audit committee have the expertise and time to deal with strategic, operational, and other risks? Is the expertise of other board members being leveraged?
6. Make sure internal audit is properly focused and fully utilized. Help refine internal audit’s role—and focus internal audit’s activities on key areas of risk, as well as providing added assurance regarding the adequacy of risk-management processes. Internal audit is most effective when it is focused on critical risks to the business—not just compliance and financial risks.
7. Prepare for the potential impact of key public policy initiatives on compliance, risk, and governance processes. Major public policy changes—e.g., healthcare, the environment, energy, and financial services regulation—are likely to impose additional reporting, transparency, and compliance obligations, requiring new or modified compliance, risk, and governance oversight processes. The adoption of the American Recovery and Reinvestment Act of 2009, coupled with new federal programs and the availability of stimulus funds, has created complex mandates, and companies have had to adjust their compliance programs.
8. The economic crisis continues to put pressure on compliance and anti-fraud programs. Be vigilant. The economic downturn has placed tremendous pressure on management to achieve operating results; at the same time, cost cuts and workforce reductions may have exacerbated these pressures. How has the company treated its employees? How do they think they’ve been treated? A full review of the company’s anti-fraud and compliance programs, including its Foreign Corrupt Practices Act compliance program, may be in order.
9. Help link change and risk—and monitor critical alignments. Change creates risk. During times of dramatic change, the risk of misalignment—of the company’s strategy, goals, risk, controls, compliance, incentives, and people—goes up exponentially. The audit committee is in a unique position to help reduce the risk of misalignment.
10. Take a fresh look at the audit committee’s composition and leadership. The audit committee’s effectiveness and accountability hinges on meaningful self- assessments—of the audit committee as a group as well as individual members. Take a hard look at the committee’s composition, independence, and leadership. Is there a need for a “fresh set of eyes?”
Mary Pat McCarthy is executive director, KPMG’s Audit Committee Institute (ACI), and U.S. vice chair, KPMG LLP.