What is an Audit committee?

An audit committee is an operating committee of a company’s board of directors that is in

charge of overseeing financial reporting and disclosure. Audit committee members must be deeply
committed, highly experienced, and fully qualified in order to effectively carry out their varied
responsibilities

What are the audit committee’s responsibilities?

 The main role of an audit committee is to provide oversight of the financial reporting
process, the audit process, the system of internal controls and compliance with laws and
regulations.

 The audit committee reviews significant accounting and reporting issues and recent
professional and regulatory declarations to understand the potential impact on financial
statement. An understanding of how management develops internal interim financial
information is necessary to assess whether reports are complete and accurate.

 The committee also reviews the result of the audit with management and external
auditors, including matters required to be communicated to the committee under
generally accepted auditing standards.

 Audit committee will consider internal controls and review the effectiveness. Reports on
and management responses to, observation and significant findings should be obtained
and review by the committee. Controls over financial reporting, information technology
security and operational matters fall under the purview of the committee.

 The committee also establishes procedures for accepting confidential concerns relative
to financial reporting and internal control matters.

 Audit committee are also responsible for the selection, compensation and oversight of
the work of the auditor. The committee should also meet independently with external
auditors to discuss matters that the committee or auditors believe should be discussed
confidentially.

 When an internal audit functions exist, the committee will review and approve the audit
plan, review staffing and organization of the function and meet with internal auditors
and management on a periodic basis to discuss matters of concern that may arise.
What do audit committee members expect from internal auditors.

Audit committee members are not looking for the best solution from internal audit however it
should be at least to the best possible solution.

• A balanced assessor- One who acknowledges achievements and portray trends and
comparisons.
• Management are now making serious decisions including hiring and firing based on
internal audit recommendations.
• The auditor should acknowledge if our bad position is the best that can be given the
environment or compared to others.
• Auditors must play their part in motivating other staff through the way they
communicate their findings. Highlighting improvements is one critical way.
• Good business skills. Operations staff do NOT expect auditors to have detailed technical
expertise in all the areas, but they expect auditors to have good business logic and
rationale. The way issues are raised by internal audit should demonstrate the underlying
business logic. Management do not want to do things for the sake of doing them, they
want to do things for a business purpose.
• Proactive assessors- tell us before it happens- not after. Management dislikes auditors
who are geniuses in retrospect. Internal Auditors should foresee most of the risk
deficiencies and assist management to plan for them in advance
• Auditors should pioneer new developments. Management are looking for auditors who
can tell us what we don’t know that we don’t know.

• The auditor should be an educator at two levels. Firstly educate management on what
we should know and secondly how we should deal with those issues. For example
internal audit needs to first educate management on the need for computerized risk
measurement tools and then help them to use the results of such tools.

• Auditors should deal with the root cause and provide detailed solutions - Management
wants to know the strategic cause and the linkages not the glossed over symptoms.
Auditors should be good at cause and effect analysis as well as impact analysis. This
requires a good sense of materiality. Auditors should spend more time on investigating
solutions and not detailing the problem
• Helps to simplify control/ devoid of alarmism. Auditors who helps to simplify controls as
opposed to adding more and more controls. Auditors should tell us how we can run the
business more efficiently with fewer controls and hindrances.
• Auditors should present ideas that are cost effective
• Auditors should not alarm management to the point of over control. Instead their
search for efficient control through innovative suggestions should drive the business.
• Auditors who apply quantitative analysis and technology in addition to non
quantitative analysis. Auditors should strive to use modelling and computer based
simulation to demonstrate cause and effect and to project the future.
• Auditors should inspire people. Their passion should make people feel urged to
implement their recommendations. Inspiration and not fear should be the driving force
behind acceptance of internal audit work.
• Value addition – auditors should not just tell us our potential losses – instead they
should be leading in areas of creating new business opportunities, creating shareholder
value, creating more opportunities.
• Auditors should tell us who they are – Unless they do that management is tempted to
abuse the function.
• Draw up a clear mandate.
• Motivate management to focus in the right direction.
• Refuse to do what they should not be doing
• Holistic approach to Risk Management. Audit is only one part of the game plan.
Effective risk management is a holistic game and everyone must play his part.
• Information flow between internal audit and management should be constant. Unless
auditors are kept abreast on what is happening, they cannot apply a business
approach. Management needs to communicate their strategy and any changes in time.
• Develop clear measurables for internal audit effort. We cannot develop a world class
internal audit if we cant define one. We must develop clear internal audit development
plans and constantly measure ourselves against the set targets.
 How to improve interaction between audit committee and internal
auditors?

• Internal Auditors should educate stakeholders about who they are what they do and
what they do not do
• Internal Auditors should explain to stakeholders what they used to do which they no
longer do.
• Foster the combined risk framework- make stakeholders feel that we are in it together-
or else other stakeholders will leave it to auditors to do all the risk management work
leading to an overload.
Over expectations lead to unnecessary criticism