Audit Committees have highly influential roles to support entity achieve its defined goals and objectives.
Through its powers, the audit committee has ability to meet both the internal and external auditor in course of its work and become only " intelligent" team to have insights of control issues affecting an entity.
Unfortunately, the audit committees in number of organization's are not competent enough to execute their roles effectively. EMAC has capacity building programs for audit committee members geared towards capacitating the committees for effective performance
1. E
M
A
C
ELSAM MANAGEMENT CONSULTANTS
AUDIT COMMITTEE TRAINING
By: Sako Mayrick
Dar Es Salaam
www.elsamconsult.com 1
2. E
M
A
C
Welcoming Remarks
Who are we?
Elsam Management Consultants (EMAC) is
a pool of professional consultants in
management disciplines established as a
limited liability company since 2006
Core Functions are: Recruitment, Training
and Consultancies
More details: www.elsamconsult.com
www.elsamconsult.com 2
3. E
M
A
C
Welcoming Remarks
Introduction of facilitators
Self introduction to others on your team
Recap- Share something on personal
experience in Risk Management and high
level expectations of this training
Pick 1-Identify a risk-discuss it as both a
threat and an opportunity
Report to the a large group pick a
spokesperson
www.elsamconsult.com 3
4. E
M
A
C
AUDIT COMMITTEES
ROLE AND RESPONSIBILITIES
5. E
M
A
C
Contents
1. Introduction
2. Audit Committee Issues
3. Financial Management
4. Operations Management
5. External and Internal Audit
6. Other Considerations and Reporting
7. E
M
A
C
Introduction
Audit Committee is a part of governance of entity
Governance is the system by which organizations
are directed and controlled.
It includes rules and procedures for making
decision on corporate affairs to ensure success
while maintaining the right balance with
stakeholder’s interest.
Audit Committee is one of the major pillars of
governance system in public companies
8. E
M
A
C
Entity Governance Structure
What is the entity Governance?
Discussions
9. E
M
A
C
Role of Audit Committee
General
Oversight of financial reporting
Risk management
Internal control
Compliance
Ethics
Management
Internal audit
Management, the board and the audit
committee all play critical roles in entity’s tone
at the top
10. Role of Audit Committee
CORPORATE GOVERNANCE COMPACT
• TO OVERSEE & REPORT TO BOT NOT TO MANAGE
• TO SUPPORT/ADVISE MANAGEMENT NOT TO STIFLE OPERATIONAL PERFORMANCE
• TO HAVE MEANINGFUL, RELEVANT AND
TRANSPARENT INFORMATION
NOT TO HAVE INFORMATION OVERLOAD
• TO THINK, JUDGE AND ACT ON
SIGNIFICANT GOVERNANCE/RISK
ISSUES
NOT TO BE TOO PROCESS - DRIVEN
• TO ENSURE CONFORMANCE FOR
GOVERNANCE AND BETTER
PERFORMANCE
NOT TO BE INDIFFERENT TO RESULTS
INTERNAL AUDIT
EXTERNAL AUDIT
AUDIT COMMITTEE
BOARD OF TRUSTEES
12. E
M
A
C
What is an audit committee?
It is established with aim of enhancing
confidence in the integrity of entity process
and procedure relating to internal controls
and corporate reporting including financial
reporting
It provides an independent re-assurance to
the board through its monitoring and
oversight roles
13. E
M
A
C
Case Study I
Video Presentation on audit committees
14. E
M
A
C
Responsibilities of Audit
Committees
Monitor integrity of financial statements of entity
Review the Entity’s internal control system and Risk
Management Systems
Unless a separate Committee exists
Monitor and review of entity’s internal audit function
Recommend to the board in relations to the appointment
of external auditor
Approves remuneration
Approves terms of engagement
Monitoring the effectiveness of the external auditor’s
performance and their independence and objectivity
Develop and implement policy on the engagement of the
external auditor to supply non-audit services
15. E
M
A
C
Responsibilities of AC …
It is not a replacement for the Board
It is a committee of the board and
therefore subordinate to the Board
It must be given written terms of reference
for audit committee.
The Terms of Reference must be reviewed
annually
The Board must review annually the
effectiveness of audit committee
16. E
M
A
C
Audit Committees in Public Sector
Sections 28-35 of the Public Finance Regulation, 2001 as revised in
2010 give explanation regarding the Audit Committee and Internal
Audit Service Unit
There shall be in each Ministry Department, Agency or Region a
Committee to be known as the Audit Committee.
Composition
Senior members of MDA nominated by AO
One from outside an organisation
Total number no more than 5 not less than 3
One member must have experience of accounting and auditing
CAG to be informed of all meetings and have right to be represented to
the meetings
What are the legal and regulatory framework of Audit Committees?
Discussions
Sako Mayrick Apt Financial Consultants
17. E
M
A
C
Charting the course
An audit committee charter is a blueprint
for its operation and should address:
Processes
Procedures
Responsibilities
18. E
M
A
C
Charting the course
Sample audit Committee Charter
Introduction
Authority and independence
Role
Duties and Responsibilities
Risk Management
Internal Control
Internal audit
External Audit
Compliance
Reporting
Membership and meetings (Chair, Secretary, ethical practices,meeting and
attendance), quorum, agenda)
Relationships (Internal Audit, External audit, other executive management)
Evaluation of Committee activities
Review of the charter
Approval of the charter
19. E
M
A
C
Case study 2
Roles and Responsibilities Audit
Committees
a. What do you think to be the critical
role of Audit Committee at Entity
b. Do you think there is a gap?
c. What should be done?
21. E
M
A
C
Audit Committee Issues
Financial accuracy
Risk Management
Control Assessment
External Audit Oversight
Effective use of internal audit
Objectivity
Reporting structure
Risk management
Staffing
Priotization
Adding value
22. E
M
A
C
Best Practices in AC
Should comprise of Independent non-executive
directors
Chairman of the company should not be an audit
committee member
But may attend the committee meeting as invited guest
At least one member of the AC should have
significant, recent and relevant financial experience
at senior level
Members should have experience in corporate
financial matters
23. E
M
A
C
Best Practices in AC
Should at least annually meet the external and internal auditors,
without management, to discuss issues arising from the audit
Sufficient internal should be allowed between audit committee
meetings and main board meetings to allow any work arising from
AC meeting to be carried out and reported to the board
Should have sufficient resources to undertake its duties
New committee members should be given an induction program
Role of audit committee, ToR,
Overview of company’s business
Identifying the main business and financial dynamics and risks
Meeting some company staff
Regular training should be given to all members of audit committee
Understanding the financial reporting and financial statements
Company law or entity memorandum
Formal courses
Internal Agency talks and seminars
Briefing by external advisers
24. E
M
A
C
Best Practices in AC
AC should review financial reporting issues on financial
statements, interim reports and related statements
Judgments
Clarity
Completeness of disclosure
AC should monitor the integrity of internal financial
controls
AC should assess the scope and effectiveness of the
systems established by management to identify, assess,
manager and monitor Risks ( unless there is a separate
committee on risks
25. E
M
A
C
Best Practices for Audit Committee
Annually the AC should consider whether
there is a need for internal audit function
and make recommendation to the board
AC should review the complementing effect
of internal and external audit
AC should approve the appointment or
termination of appointment of CAE
AC should review and monitor internal audit
activities
26. E
M
A
C
Best Practices for AC
AC should ensure that
CAE has direct access to the board chairman and audit
committee and is accountable to audit committee
AC should review and assess annual internal audit work plan
AC should receive a report on the result of the internal auditors’
work on a periodic basis
Review and monitor management responsiveness to the
Internal auditor findings and recommendations
Meet with the head of Internal audit at least once a year
without the presence of management
Monitor and assess the role and effectiveness of internal audit
function in overall company context of risk management.
27. E
M
A
C
Best Practices of AC
AC should ensure independence and objectivity of
the external auditor annually
At start of audit cycle, the AC should ensure that
appropriate plans are in place for the audit
AC should review with the external auditors, the
finding of their work
At end of audit work the AC should assess the
effectiveness of external audit process
28. E
M
A
C
Audit Committee Issue
The duties of care and loyalty, and the
expectation that directors will act in good
faith.
These are the primary source of Trustee
liability.
29. E
M
A
C
Audit Committee Issues(cont.)
Board members who wish to become
empowered guardians and builders of
corporate value must:
Learn and follow best practices,
avoid conflicts of interest,
pay strict attention to board matters,
drawing on appropriate expertise, including
their own.
AC members should be “eyes on” “hands
off”
The lines of authority for AC and management should be
clear and understood
AC members must communicate openly with management
as appropriate
30. E
M
A
C
Audit Committee Issues
Financial accuracy
Risk Management
Control Assessment
External Audit Oversight
Effective use of internal audit
Objectivity
Reporting structure
Risk management
Staffing
Priotization
Adding value
31. E
M
A
C
Challenges of Audit Committees
Understanding the organization
The few hours they meet is a challenge. So?
Never be afraid to ask questions even if stupid
Insisting heads of functions to attend the meeting so as to understand
their roles, perspectives and control
Responding to change
Corporates a changing so fast. So what to do?
Ensure annual confirmation by directors and staff of compliance of key
regulations and policies
Overseeing Risk and Control
Apply root course analysis
Improving continuously
Communicating with stakeholders
Organization failures
Financial literacy and changing accounting rules
32. E
M
A
C
Current issues in AC
Development of laws and regulations
Significant government and regulatory interferences
We need to be more balanced and refocus our
attention back on the business
International Professional Practice Framework
(IPPF)
Risk Management
Effectiveness of Audit Committees
Financial statements errors and fraud
investigations
34. E
M
A
C
Financial Reporting and Controls
The central role of Audit Committee is to oversee
the integrity of entity’s financial statements and
related controls
AC receives a great deal of financial information
and it is the key to explain the company
performance
The Audit committee must properly understand
the operations of the company
35. E
M
A
C
Financial Reporting
Understand the basic financial Reports
Statement of financial performance
Statement of financial position
Statement of cash flows
Statement of changes in equity
Understanding the organization
Review the business discussions of last year
Visit company operations, zones and facilities
Meet the business unit leaders to grasp the operational details
Meet the finance management, internal audit, and the external auditors
Review the analyst reports about the company
Review the competitors financial statements and non financial information
Understand the major business transactions and changes during the period
Understanding the company’s regulators
Meet the finance, taxation, and treasury personnel to understand capital
structure, tax structure and investment strategies
36. E
M
A
C
Financial Reporting
The other areas of financial reporting
Complex, difficult and risker areas
Materiality
Accounting policies
Accounting estimates
Significant changes during the reporting period
Related party transactions
Interim financial statements
Timing issues
37. E
M
A
C
Case study 4
Issues in
Financial Reporting and Controls
38. E
M
A
C
Internal Controls and Risk
Assessment
Internal Controls
It Is an essential tool to help mitigate risks to
an acceptable level
The best framework is the COSO internal
Control Framework, defines Internal Control as
Process that provides reasonable assurance a
company will be able to achieve its objectives
for
Effectives and efficiency operations
Reliability of financial reporting
Compliance with applicable laws and regulations
39. E
M
A
C
Case study 5
COSO Internal Control Framework
40. E
M
A
C
Role of AC on Internal Controls
Meet with individuals who are primarily responsible for
internal control over financial reporting
Understanding and help set a tone at the top
Discuss with management on controls in place to mitigate
key financial reporting risks including fraud risks
Focus discussions on areas of greatest potential risk
Understand management plans to assess the internal
control and what role internal audit and other related
resources will play
Understand the external auditor’s scope and plan to test
the controls
Meeting regularly with management, internal audit and
external auditors to discuss significant deficiencies and
material weakness and management’s action plan to
respond
41. E
M
A
C
Role of AC on Internal Controls
Areas of potential risk for internal
controls
Management override controls
Outside services provider
Information technology
Restructuring of organsiation
42. E
M
A
C
Risk Assessment
AC should oversee how management
addresses risk for financial reporting
The risk assessment should be linked to
company strategy and risk appetite
The AC should report to the Board on the
results of committee’s review of risk
management and internal control system
43. E
M
A
C
Case Study 6
Risk Assessment
Framework
44. E
M
A
C
Role of AC in Risk Assessment
The AC have responsibility of overseeing the risk
management process
How management identifies events that could put the
company at risk and how it assess the likelhood and impact of
identified risks
How management has tailored the process to meet the
company specific needs
Whether the process of risk management is continuous
If individuals are assigned primary responsibility for risk
management and has appropriate expertise, statute within
the company and available time
Ensure that all key risks are subject to the Board-level
oversight
Understand the internal auditor role in risk management and
the extent of its audit plan covers the key risks
46. E
M
A
C
Process Owners
A process owner is a person who has
ultimate responsibility for the
performance of the process in realizing its
objectives measured by key process
indicators and has the authority and
ability to make necessary changes
The focus of audit committee operations
management should be on period end
process owners
47. E
M
A
C
Anti-Fraud programs
Fraud prevention and detection makes
good business sense and can provide cost
savings to entity
The following are main anti-fraud
programs
Performing Fraud Risk Assessments
Creating a control environment
Designing antifraud control activities
Sharing information and communication
Monitoring activities
48. E
M
A
C
Fraud Risk
The CFE Report in 2010 identified
Assets misappropriation (where employees steal or
misuse an organization's resource) are the most
common forms of fraud
Corruption ranked the second ( where an employee
gains a personal benefit by violating his or her duty to
the company including, bribery, extortion, and conflicts
of interests)
Financial Statement fraud ranked the last but has
greater impact
Weakness in internal control can make a company more
susceptible to fraud
49. E
M
A
C
Fraud Risk
There are many company’s fraud, but the Audit
Committee is more concerned with financial reporting
fraud
Financial reporting fraud is a deliberate
misrepresentation of a company financial position,
stemming from intentional misstatements or
omissions in the financial statements
Many company’s have admitted to fraudulent
financial reporting
50. E
M
A
C
Motivators for financial reporting
fraud
To meet political expectations
Personal gain, including maximizing bonuses and
compensation
Conceal bad news, such as company’s deteriorating
financial conditions
Increase company value
Others
Audit querries
Procurement failures
51. E
M
A
C
Role of AC in Fraud Risk
When the motivators for fraud are present audit
committee should
Review the internal control
Maintaining skepticism
Overseeing the company strategy on financial reporting
Assess management integrity regularly
Review and understand the results of complaints to the
whistle blower hotline
Fully understanding the third party transactions and significant
non routine transactions
Have management periodically report on the control
environment and fraud prevention program.
52. E
M
A
C
Role of AC in Fraud Risk
Assessing the tone at the top
Overseeing company compliance
programs
Review the whistleblower
programs
53. E
M
A
C
Whistleblower process owner
Whistleblower have become another source of information for
Audit Committees
They are used to identify inappropriate behavior on part of
company personnel involving issues such as sexual harassment or
violation of anti-bribery programs
Many experts believe that providing mechanism to allow employees
to report concerns anonymously is core to compliance programs
Best practices requires audit committees to establish procedures
for the receipt, retention, and resolution of any complain regarding
Accounting
Internal accounting controls
Auditing matters
But other organizations have put in place regulations to prohibit
whistle blowing procedures that encourage anonymous reporting.
The organizations using whistleblowing believe that it will decrease
the likelhood that managers who engage on wrong doing will be
able to suppress staff concerns over the long term
54. E
M
A
C
Role of AC in Whistleblowing
The whistleblowing must be
reported periodically to the audit
committee.
It is important to get a summary of
all complaints received at least
annually.
Audit committees should determine
how often they wish to receive
information
55. E
M
A
C
Case study 7
Fraud Risk Management
Fraud Risk Management
56. E
M
A
C
Operations Management
Management has deep insight into company
and its challenges, and therefore is best
positioned to recommend what information
the audit committee needs
The audit committee can add value for
management
AC should work with management to add
value by bringing an objective perspective on
financial reporting decisions and counseling
on how to handle difficult issues
57. E
M
A
C
Operations Management
Audit committee should have positive, trusting
relationship with management , they need to
maintain their skepticism an be ready to question
management on uncomfortable topic including
Fraud risk
Appropriateness of judgments
Management should expect rigorous questioning
from audit committee
Failure of management to provide clear responses or
overly defensive that should raise red flag for the
committee
58. E
M
A
C
Operations Management
The degree of interactions and involvement between
the committee and management shifts with changes
in
The business environment
Changes in company circumstances
Capabilities of individuals in the finance function
When the company is running in a steady state, the
committee continues to review information carefully
and challenge management when necessary, but
properly relies on management to resolve everyday
issues
59. E
M
A
C
Operations Management
The knowledge and technical competence of the
finance team is vital to an audit committee faith in the
financial reports it reviews
There should be discussions with the CFO on how
he/she ensures the finance team is qualified
Assessment of performance of the finance personnel
based on witnesses at committee meetings and
responses to queries
Reviewing confidential feedback from internal and
external auditors
The AC should also monitor succession plan for the
CFO position
60. E
M
A
C
Operations Management
The AC should ensure that there are formal and
informal meetings with management for a strong
relationship
Management’s participation should focus on
engaging in meaningful dialogue with the committee,
answering questions and providing additional insights
The following members could attend the meeting;
the CFO, CA and controller, treasurer, head of PMU
and chief information officer
AC should hold private sessions with internal audit
head and external auditors
63. E
M
A
C
Pre-audit
Physical audit
Post audit
Audit follow-up
63
Basic Audit Activities
64. Scope & Depth
Team Selection
E
M
A
C
Budget
Team Meeting
Preps
Entry Meeting
Documents
Pre-Audit
Physical Insp..
Functional Areas
Findings
Company De-brief
Daily Meetings
Audit
Audit Report
Corrective Action
Follow Up
Wrap-up Activities
Post-Audit
Follow-Up
Start Finish
64
Basic Audit Activities
65. E
M
A
C
AC and Internal Auditor
Internal auditing is an independent, objective
assurance and consulting activity designed to
add value and improve organization's
operations. It helps an organization o
accomplish it objectives by bringing
systematic, disciplined approach to evaluate
and improve effectiveness of risk
management, control and governance process
They are day to day tools for audit committees
66. E
M
A
C
AC and Internal Auditor
The internal auditors deals with issues that are
fundamentally important to the survival of an
organisation.
Unlike external auditors, they look beyond
financial risks and statements to consider
wider issues such as organisation’s reputation,
growth, its impact on environment and the
way it treats its employees.
They help organizations to succeed by
combination of assurance and consulting
67. E
M
A
C
Evaluating External Auditors
Audit Committee should evaluate external
auditors based on its own experience and
ask management and internal audit to
provide their own assessment
68. E
M
A
C
Evaluating External Auditors
Areas of evaluation
Caliber of external audit firm (cases, reputation and resources)
Quality process ( approach, control, personnel and risk)
Audit Team (competence, knowledge, resources, scope, team
member)
Audit Scope (agreement, regulations, understanding, areas
covered)
Audit Fees (comparison with other, variation between actual and
estimated fee, service)
Audit Communication (inform AC on risk, governance, controls,
access with AC, feedback of service)
Audit governance and independence ( does the AC or
management control relationship with external auditors?,
communication of internal control weaknesses
69. E
M
A
C
Evaluating of internal auditors
The following are main areas for evaluation
Understanding
Charter and Structure
Skills and experience
Communication
Performance
Planning
Skills and experience
Work program
Overall performance
70. E
M
A
C
Assessment of audit committee
In addition to reviewing its ToR, the AC members should
review the effectiveness of audit committee annually
This is done using AC self Assessment
Areas includes
Creating an effective audit committee
Running an effective Audit Committee
Professional development
Overseeing financial reporting
Overseeing risk management and internal control
Overseeing external audit
Overseeing internal audit
71. E
M
A
C
WHAT MAKES AUDIT COMMITTEE
EFFECTIVE
Member experience/educational qualifications
Inquiry
Diligence
Decision making
Integrity
Independence
Leadership
Communication
Ability to work with others
No two audit committees are equal
The only way to know and factor this is at annual evaluation
72. E
M
A
C
Qualities of an effective audit
committee
Strong interpersonal and communication skills
Disciplined and focused
Conversant with the current issues of the industry
In-Depth knowledge of Strategic Plans
Technical Financial Expertise
Industry regulation knowledge
Understand Audit Review findings
Monitor quality of internal audit
Help build right team
Meet regularly with internal auditors
Resource allocation
73. E
M
A
C
Qualities of an effectives committee
member
Has appropriate and requisite experience
Has appropriate and requisite technical knowledge about
accounting, auditing, tax, internal control and other
necessary subject areas
Satisfies requisite independence requirements
Is interested and committed to the company
Is knowledgeable about the company, and its industry
Has a willingness to learn about matters relating to the
audit committee function
Has a thorough understanding of his or her legal
responsibilities
Demonstrates leadership and tone at the top
Has sufficient time availability
74. E
M
A
C
Qualities of an effectives committee
member
Has sufficient time availability
Has integrity; doing the right thin attitude
After due consideration is comfortable (i.e., satisfied) that
the committee has complied with the laws, regulations,
rules , and charter provisions that govern and related to
audit committee activities
Reviews and is comfortable of financial statements related
documents, securities filings and corporate communications
to the extent required by laws, regulations, rules, and audit
committee Charter provisions
Reviews and is comfortable with the accuracy of all
documents and statements signed by or attributed to the
committee members, or the committee
75. E
M
A
C
Qualities of an effectives committee
member
Is comfortable with other audit committee members, CEO,
CFO, inside auditor, outside auditor, board, counsel and
others
What is more: individual self-confidence, humility and
conviction
Meetings are conducted in a collaborative, participatory,
interactive and organised manner
The services of the outside auditor, and the outside auditor
selection process are evaluated annually, and more often as
necessary
There is an appropriate and effective anonymous whistle
blower and complaint, inquiry and investigation processes.
76. E
M
A
C
Other attributes of Audit Committee
The ease and demeanor of communications between
committee members are appropriate
The ease and demeanor of communication with other people
outside of the committee are appropriate, including the CEO,
CFO, Controller, outside auditor, inside auditor, board, legal
counsel and others
The committee has appropriate accessibility to information
and resources paid for by the company
The committee has appropriate accessibility to continuing
education about core areas, new developments, and hot
topics, paid for by the company
The committee has a accessibility to independent legal
counsel and consultants, paid for by the company
77. E
M
A
C
Other attributes of Audit Committee
There is an audit committee charter.
There are prudent process for the documentation of
committee activities
The activities and performance of audit committee are
evaluated annually; or more often as necessary
There is prudent procedures for the timing, calendaring,
and organization of committee activities
There is effective meeting agenda and dissemination
process
78. E
M
A
C
Annual Assessment
Audit Committee Chairperson should continuously monitor the
effectiveness of the Audit Committee
Areas of assessment includes
Audit Committee Charter
Audit Committee composition
Audit Committee independence
Meetings and Attendance
Risk Management Assignments
Code of Conduct – Supplier relationship management
Reporting of fraud and illegal Acts – Whistleblower function
Financial Expert Oversight
Oversight of External Auditor
Oversight of internal auditor
Oversight of self assessment
79. E
M
A
C
Sample evaluation forms
Evaluation of external auditors
Evaluation of internal audit
Audit committee self Assessment
Checklist for oversight of internal auditors
Checklist for oversight of external auditors
80. E
M
A
C
Case Study 10
Assessment of Audit Committee and
useful template
(see a separate guide)