26 September 2016 by Lorraine Young
Advice for boards and company secretaries in assisting audit committees
The FRC Guidance on Audit Committees was reissued in April this year. This followed a consultation in September 2015 on changes to the FRC’s Ethical and Auditing Standards and the UK Corporate Governance Code, as well as the guidance. The update was driven by the consequential changes required from the implementation of the EU’s Audit Regulation and Directive.
The changes to the code and guidance take effect for accounting periods beginning on or after 17 June 2016, although as usual, companies are encouraged to consider adopting earlier if possible.
The guidance is aimed at helping boards to set up appropriate audit committee arrangements as well as being of assistance to audit committees. There is other guidance for audit committees issued by the FRC which includes ‘Audit Tenders, Notes on Best Practice’ from July 2013 and the ‘Guidance on Risk Management, Internal Control and Related Financial and Business Reporting’ from September 2014.
The guidance is useful for all company secretaries who support audit committees as it will provide valuable input for the committee terms of reference and its annual agenda planning schedule.
The role of the audit committee is set out in section C3 of the code. Its duties cover: financial reporting, internal controls and risk management, internal audit, the relationship with the external auditors and reviewing whistleblowing arrangements.
The audit committee has particular responsibility, acting independently from the executive, to ensure that interests of shareholders are properly protected in relation to the areas it oversees. Although the audit committee is tasked with reviewing the internal control and risk management systems, the guidance makes it clear that the board has overall responsibility for these. It is therefore important for them to be a regular item on the board agenda, although the detail is likely to be covered at committee level.
In terms of its work and relationships, there may be times when the audit committee faces challenges. It has a reporting relationship to the board and also key relationships with the executive (on whom it relies for information but whom it must also hold to account) plus the internal and external auditors.
The effectiveness of the audit committee will not solely rely on the financial expertise of its members, or their understanding of the business – although these are both fundamental to the successful discharge of its duties. The committee needs a ‘frank, open working relationship and a high level of mutual respect’ with those it works with.
Good information flow is essential and the executive should be proactive in providing this to the committee, rather than waiting to be asked. As with board processes, this is an area in which the company secretary can (and should) act as facilitator.
Where there is a group of companies, the audit committee of the parent should keep under review issues which relate to the subsidiaries too. This will be especially important if the subsidiary entities are in regulated sectors or for international groups. The committee will need to be mindful of local audit requirements and how these will fit into the overall group review.
The guidance is divided into three sections (after the introduction), Section 2: Establishment and effectiveness of the audit committee; Section 3: Role and responsibilities; and Section 4: Communication with shareholders.
The basics of this are set out in the code; i.e. the committee should be made up of at least three (two for smaller companies) independent non-executive directors, written terms of reference should be made available and the committee’s effectiveness should be reviewed annually.
Independent thinking is crucial in assessing the work of the executive and the assurance provided by the internal and external auditors. There is an important balance to be struck − trust is important on boards, particularly between the executive and non-executive directors, and auditors have to bring a professional scepticism.
The audit committee sits somewhere in between, needing to ensure nothing is going wrong but also maintaining a good working relationship with the executive. A good executive team can assist by being open and transparent and providing information in a timely way. The ability of the committee members to ‘challenge constructively’ will be invaluable. Induction for audit committee members is recommended and ongoing training/updates could include:
This is another area where the company secretary can be involved. Updates will need to be scheduled and having these on the same day as a committee meeting can be easier if diaries are busy − although this may be better planned around a meeting which is less full-on than the one dealing with the final results. Such updates will also need to be coordinated with any updates or training for the whole board.
In terms of scheduling meetings, a minimum of three per year is recommended, to coincide with key dates in the reporting and audit cycle. Another important point is that sufficient time is allowed between the audit committee and board meetings.
Although only members of the audit committee are entitled to attend meetings, others who would normally be invited to attend on a regular basis would be the finance director, head of internal audit and external audit lead partner. Some board chairs and CEOs also like to attend and may be invited. Others prefer not to.
In any event, it would be normal practice for the committee to meet alone at least once a year with the external auditors to ascertain if they have any areas of concern. This should also be done with the head of internal audit.
If the external auditor is present at all meetings of the committee, then the committee should make some time without them being present to assess their performance, independence and objectivity.
The company secretariat is specifically tasked with:
The audit committee is responsible to the board and should report back on its work. In particular this would cover:
The guidance also expands on the list of duties of the audit committee which is set out in section C3 of the code. This is helpful in producing the committee’s terms of reference, considering which areas it is responsible for and which might be dealt with elsewhere and also for meeting and agenda planning. There is some detail on the role of the committee in relation to the internal audit function and the external auditors, which is informative.
The committee should pay attention to areas in which the work of the risk, compliance, finance, internal audit and external audit functions overlap and oversee these areas to ensure they are coordinated effectively to avoid duplication.
This section notes that the audit committee has a role in ensuring that shareholder interests are properly protected in relation to financial reporting and internal control. It sets out what the audit committee report in the annual report should contain. The report should describe significant issues which have been considered in relation to the financial statements but do so in a concise and understandable form in relation to the specific circumstances of the company. Certain matters need not be included if their disclosure would be prejudicial to the company’s interests. The report need not repeat content from elsewhere in the annual report but can signpost it.
Finally, the chair of the audit committee should attend the AGM to answer questions on the audit committee’s report and areas within its remit.