At a recent Quoted Companies Alliance (QCA) event, sponsored by Mazars, for audit committee chairs one commented that the audit committee is set to replace the remuneration committee as the most difficult one to chair. There is undoubtedly much change in the air for audit committees whether as a result of the interlinked issues of the pandemic, technology, societal change or additional work and responsibilities likely to flow from the Kingman, CMA and Brydon reviews which are expected to be taken forward in a long-awaited White Paper on audit and broader governance reform.
Audit committees of AIM and main market companies focusing on their effectiveness should ask themselves the following key questions:
1) Does the audit committee have the right membership?
In addition to recent and relevant financial experience, many audit committees increasingly need skills related to sustainability and technology issues, In the latter case, depending on the circumstances, the expertise may be in cyber security or technology issues applicable to the company’s market . Smaller boards may not be able to have all the necessary skill sets among its non-executive directors and so it may be helpful to periodically have access to external advice
2) Does it thoroughly review the effectiveness of controls?
A blog by my fellow partner Matt Dalton will look at these issues separately, especially with regards to reporting controls, but we are waiting on the White Paper to see which companies the much heralded proposed UK SOX requirements will apply to and whether they will be based around a practical strengthening the UK Corporate Governance Code or be much more complex and rules based which we feel would impose needless burdens on business.
3) Is there a sound system of risk management, adjusted in the light of Covid-19?
Unless there is a separate risk committee, the audit committee should review the risks of the business on a regular basis and the probability and impact scores adjusted in the light of experience- and a changing environment. A range of views in the business should be taken into account in arriving at the scores and strategic, operational, regulatory, compliance and financial risks should all be considered recognising that often audit committees and/or management tend to be strong in some areas with relative blind spots in others. It will also be important to address how Covid-19 has changed the risk profile and to have a thorough well tested approach to managing a crisis recognising a future one may be of a different nature to the pandemic.
4) Is there a high quality internal audit function?
The audit committee should ensure there is a high quality internal audit function- whether made up of team members, outsourced or co-sourced- that provide it with valuable insights into how the business is running and which is also respected by management. A clear annual plan of work to be performed should be agreed by the committee, talking account both of special issues arising and routine matters. Internal audit reports should be regularly agreed with the committee and action plans for improvements properly followed up. Where there is no internal audit function this should be kept under annual review.
5) Is the annual report as a whole fair, balanced and understandable?
This extends beyond thoroughly reviewing the financial statements, and especially judgements made in them, with extra care being taken on pandemic-related disclosures including going concern and viability matters. There is a sharply increasing focus on disclosures related to sustainability-related issues and figures provided need to be reliable and not seen as ‘ greenwash’ with challenges as well as successes discussed along with appropriate targets set. Also, the governance report needs to properly discuss issues related to purpose, culture and workforce engagement.
6) Is there an independent and effective relationship with the external auditors?
The focus on external audit issues will obviously be greatest when the audit is being put out to tender and the committee should lead the process determining which firms to invite to tender, how the tender is to be conducted and the key strengths sought in the firm to be appointed
On an ongoing basis, the audit committee should approve the auditor’s terms of engagement and remuneration, review and monitor their independence and objectivity along with the effectiveness of the audit process and pre-approve any non-audit services provided by the auditor.
7) Is there a thorough review of how the business applies its governance code?
The audit committee should ensure that it carefully checks how it is applying the UK Corporate Governance Code- unless it is applying the QCA Corporate Governance Code- and should agree that any departures from the provisions are justified and properly explained. As part of its review of the code, it should ensure that a thorough board effectiveness review, including of the audit committee, is periodically undertaken and agreed improvements implemented.
Good governance is about striking the right balance between enterprise and accountability, with both at a high level, and the audit committee has a critical role to play in enabling this to be achieved. Reviewing audit committee effectiveness should be seen as an integral part of running the business well and not just a ‘tick box’ exercise for regulatory purposes.