Audit CommitteesText L - Board of...

Audit CommitteesGood practices for meeting market expectations

2nd edition

Audit CommitteesGood practices for meeting market expectations

www.pwc.com/corporatereporting

PricewaterhouseCoopers (www.pwc.com) is the world’s largest professional servicesorganisation. Drawing on the knowledge and skills of more than 124,000 people in 142countries, we build relationships by providing services based on quality and integrity.

© 2003 PricewaterhouseCoopers. All rights reserved. PricewaterhouseCoopers refers tothe network of member firms of PricewaterhouseCoopers International Limited, each ofwhich is a separate and independent legal entity.

2nd edition

Preface

Audit committees do not prepare financial reports. And audit committees donot conduct external audits. But they have an essential part to play inensuring the integrity and transparency of corporate reporting. The marketnow expects that published information has been subject to objective,board-level review.

Thousands of pages of rules on corporate governance have now been issued.However, the regulations seldom provide helpful guidance on how thecommittee should go about its work. What knowledge or experience isrequired? Which areas should it focus on? How should its activities becommunicated?

This booklet is designed to assist committee members in answering thesequestions. It includes our view of good practices, together with the latestrequirements, from over 40 major countries.

We encourage you to consult with PricewaterhouseCoopers on any of theissues raised in this publication.

Audit Committees – Good practices for meeting market expectations – 2nd edition

PricewaterhouseCoopers 1

J. Frank BrownGlobal Leader,Assurance and Business Advisory ServicesJuly 2003

This booklet was researched and prepared by Graham Gilmour and Sukhumaporn Wong-Ariyaporn ofPricewaterhouseCoopers’ Global Corporate Reporting Group, with the assistance of partners and staffin our offices in more than 40 countries around the world.

Contents

Page

Executive summary 4

Why Audit Committees matter 6

A common-sense set of skills 7

World markets 8

The future 9

Organisation of the Audit Committee 10

Single and two-tier board structures 10

Charter 12

Table: Example audit committee charter 13

Membership 17

Independent directors 18

Financial expertise 19

Meetings 21

New members – getting started 23

Table: Orientation information for new committee members 24

Oversight responsibility for financial reporting 25

Risk and controls 25

Financial reporting 28

Table: Reviewing financial statements 31

Regulatory, compliance and ethical matters 33

Working with Auditors 35

External auditors 35

Table: What you should expect from your auditors 41

Internal auditors 42

Communicating and reporting 44

Working with management 44

Reporting to boards and shareholders 45

Table: Illustrative contents of committee report 46

Maintaining and measuring effectiveness 47

Training needs 47

Evaluating performance 48

Table: Work programme and self-assessment guide 49

Appendices

Detailed requirements in 41 major countries 55

Stock exchange requirements – overview 63

UK Combined Code requirements – audit committees 64

US Sarbanes-Oxley Act and NYSE rules: selected provisions 66



Executive summary

Audit Committees – GoodPractices for Meeting MarketExpectations was firstpublished in May 1999. Thisedition reflects the evolvingrole of the audit committeeand latest good practices –for example the need forappropriate financial expertise,greater emphasis on training,and review of performance.An expanded sectionsummarising the auditcommittee requirements in 41major countries is provided.The appendices also includethe latest influentialpronouncements on auditcommittees from the UK and USA.

Why AuditCommitteesmatter(pages 6 to 9)

The audit committee is an essentialpart of the corporate reportingprocess. Its primary responsibilityis to oversee on behalf of the boardthe integrity of the financialreporting controls and proceduresimplemented by management, toprotect the interests of shareholdersand other stakeholders. Newregulatory pronouncements andrequirements in many countrieshave served to re-emphasise theimportance of objective oversightof financial reporting.

Organisation ofthe AuditCommittee(pages 10 to 24)

The audit committee should bewell prepared to undertake itsduties. A clear, well-written charterhelps the committee and others tounderstand its role andresponsibilities. All members of thecommittee should have appropriatequalities and skills, if they are to‘add value’. Ideally, all should beseen to be independent ofmanagement. They should alsohave appropriate financialexpertise. Meetings should be heldat relevant times throughout theyear, supported by good agendapapers. New members shouldreceive induction training andbackground information on thebusiness.

Oversightresponsibility forfinancialreporting (pages 25 to 34)

The committee’s key task is toensure the integrity of publishedfinancial information. Thus, it needsto understand the whole financialreporting process. This starts withthe procedures for managingfinancial risks and the internalfinancial controls (for example overrecording of data) implemented bymanagement. The committeeshould review each set of draftfinancial statements prior to

publication – and discuss thosestatements with management andthe auditors. (Some illustrativequestions for reviewing financialstatements are provided on page31). In addition, the committeeshould consider legal, regulatoryand ethical matters that have apotential financial impact.

Working withAuditors(pages 35 to 43)

The audit committee should be theprimary focus for the company’srelationship with the externalauditors. It should makerecommendations to the board forthe appointment of the auditors,agree the audit fees, review thescope of work, and hold privatemeetings with the auditors todiscuss their findings. Thecommittee should also review withthe external auditors theirindependence. Where a companyhas an internal audit function, thecommittee should similarly reviewits capabilities, qualifications,resources, scope of work, andfindings.

Executive summary

4 PricewaterhouseCoopers

Communicatingand reporting(pages 44 to 46)

The committee needs to have aconstructive working relationshipwith management, and shouldrequest presentations andinformation from management onspecific issues. In most countries,the committee works underdelegated authority from – andshould report to – the main boardof directors or supervisory board.Increasingly, good practice is forthe committee to report on behalfof the board to the shareholders,either at the general meeting or inthe annual report. A suggested listof contents for a written report isprovided on page 46.

Maintaining andmeasuringeffectiveness(pages 47 to 54)

In a fast-changing environment,all audit committee members needto update their knowledge andawareness (particularly of financialaccounting standards and widerreporting issues) on a regular basis.The committee should alsoevaluate regularly its performanceagainst its responsibilities, as set outin its charter. This assessment cantake place on an individual basis,and/or collectively for thecommittee as a whole. A suggestedwork programme and self-assessment guide is included onpage 49 to help committees.

Overview ofareas of focusAn overview of the auditcommittee’s main areas ofresponsibility, and issues relevantto each area, is shown below. It may be used as a template fordiscussion, to highlight particularkey areas for each committee toaddress.

Executive summary


Financial reporting• Appropriateness of accounting policies• Disclosure requirements• Fairness and balance of MD&A/

operating review• GAAP conversion

External audit

• Appointment and remuneration

• Scope of work• Independence requirements• Significant audit findings/

recommendations• Reviewing the performance of

external auditors

Internal audit

• Charter,authority and

resources• Scope of work• Internal audit effectiveness• Responses to internal audit

recommendations

Maintaining & measuring effectiveness

• Training needs• Maintaining financial

literacy• Annual performance

evaluation of audit committee

Communicating & reporting

• Relations with management

• Updates & recommendations to the full board

• Reports to board and shareholders

Regulatory, compliance & ethical matters

• Effectiveness of system for ensuring compliance with laws and regulations

• Code of conduct/ethics• Whistleblowing

Risk management & internal control

• Understanding key risk areas• Effectiveness of controls

• Fraud risk

Audit committees:areas of focus

Why Audit Committees matter

Audit committees play avaluable role – througheffective and informedoversight – in helping to ensuremarket confidence in high-quality financial reporting. Webelieve that every companylisted on world equity marketsshould aim to have an auditcommittee or equivalent bodywith the type of good practicefeatures described in thisbooklet.

Shareholders also have aresponsibility to take an activeinterest in the governancearrangements of the companies theyinvest in. Where there is no auditcommittee or equivalent strongindependent element on the board,investors should be asking questionsof management.

The corporatereporting supplychainThe audit committee has becomean essential part of what issometimes referred to as the‘corporate reporting supply chain’.Each group in the chain hasdistinctive roles and responsibilitiesin relation to providing financialinformation to the market, asshown by the diagram above.

Management is responsible for theday-to-day operations and businessprocesses that deliver value forshareholders. The board’s role is tochallenge the strategy and businessdecisions taken by executivemanagement; and to ensure thatappropriate policies and systemsare in place to control the business.To be effective, there should be anindependent element on the board– individuals able to exerciseobjective judgement and askdifficult questions of management.

The role of the independent externalauditor is to give assurance to theshareholders on the fair presentationof the financial statements preparedby management and approved bythe board.

The Audit Committee – acommittee of the main board actingunder delegated authority –provides key linkages betweeneach of these groups. It can easethe pressure on a busy boardbecause it is able to take more timeto address financial reporting andinternal control issues. And, byproviding a primary focus fordiscussions with the internal andexternal auditors, it enables bothsets of auditors to enhance theirindependence.

For the supply chain to workeffectively, each group needs tolive up to its responsibilities.



• Creating value

• Business processes

• Financial information and controls

• Setting policy

• Approve thefinancial statements

• Appointment ofaudit committee

• Review integrityof the financial statements and annual report

• Assurance to board of directors and shareholders

• Institutional and other shareholder involvement

• Balanced reporting by media and analysts

• Regulatory monitoring

Corporate reporting supply chain

Management Board ofdirectors

Independentexternal auditor

and auditcommittee

Regulators,investors and other

stakeholders

A common-sense set of skillsSome of the most important recentrecommendations on auditcommittees are set out in theappendices to this booklet (theyinclude those arising from the UKSmith Report, one of the mostwide-ranging reviews exclusivelyfocussed on the role of the auditcommittee). They re-emphasise thekey attributes that audit committeesshould have if they are to performtheir role effectively. Takentogether, they provide a common-sense set of fundamentals thatcould apply to most companies’situations:

• Committee members who areindependent and ‘add value’ to company decision-making

• Candid discussions withmanagement and externalauditors regarding the quality of financial reporting andcompliance with standards

• Effective communication andinformation flow withmanagement and the auditors

• A key role in monitoring thecomponent parts of the auditprocess, and helping to ensurethe auditors’ independence.

Even more important, perhaps, arethe recommendations aimed atenhancing the ‘professionalism’ ofaudit committees – equipping themto do their job:

• Committee members to havespecific skills, particularly infinancial matters

• Training of members, both oninduction and throughout theirterms of office

• Regular reviews of auditcommittee effectiveness.

The key to building increasedconfidence in financial reportinglies in high-quality people beinginvolved in the review process.That means independently-mindeddirectors on audit committees, andhigh-quality auditors able to drawon top-quality multidisciplinaryexpertise.

The principles highlighted aboveare developed in later sections ofthis booklet.



‘The audit committee has a keyrole to play in the relationshipbetween the executive managersand the external auditor… We recommend the EuropeanCommission include provisionson the role and responsibilitiesof audit committees...’High Level (Winter) Group of EU Company Law Experts,

final report, November 2002

Requirements for audit committees

Mandatory requirement for listed companies (existing or proposed)

’Comply or explain’requirement

Option under the law or voluntary coderecommendation

Alternative structures(eg supervisory board)

No requirement as yet

20%(8)

7%(3)

39%(16)

7%(3)

27%(11)

(From 41 surveyed countries)

World marketsUntil as recently as a decade ago,audit committees were found inonly a handful of the largest capitalmarkets. Now, as the chart on thispage shows, they are a regularfeature in a majority of the world’smajor economies. Auditcommittees are, or are soon tobecome, a mandatory requirementin 16 countries. A further 14countries have either a ‘comply orexplain’ requirement or the option,under either the law or a voluntarycode, to establish an auditcommittee. (Details of the specificrequirements in each country arecontained in the Appendix onpages 55 to 62.)

The trend is expected to continue.As leading companies adopt therecommendations contained in thelatest influential pronouncements,those practices may be expected tospread to other territories andcompanies not yet covered bysimilar rules or codes of practice.

Government authorities, regulatorsand international bodies (forexample, IOSCO and the OECD)have indicated that they view auditcommittees as a potentiallypowerful tool that can enhance thereliability and transparency offinancial information. The mostsignificant push towards auditcommittees may be yet to come.

The European Commission hasindicated that it will adoptrecommendations on the role ofindependent directors and auditcommittees. That will send apowerful signal to the markets thatgovernance responsibilities arebeing taken seriously in the 25member states of an enlargedEuropean Union.

The purpose of the guidance in thisbooklet is not to suggest that theapproach taken in any particularcountry should be followedelsewhere. Its more modest aim issimply to share good practice.There is no ‘one size fits all’solution, since the role and detailedresponsibilities of the auditcommittee will vary depending onthe circumstances of each company.



MandatoryOption under

requirement for ‘Comply orthe law or

AlternativeNo requirement

listed companies explain’voluntary code

structuresas yet

(existing or requirementrecommendation

(eg supervisory

proposed)board)

Argentina Germany Belgium Austria LuxembourgAustralia (1) South Africa Brazil Chile NorwayCanada United Kingdom Czech Republic China TaiwanHong Kong France DenmarkIndia Greece FinlandIndonesia Italy HungaryIreland Japan PolandKorea Netherlands (2) PortugalMalaysia RussiaMexico SwedenNew Zealand SwitzerlandSingaporeSpainThailandTurkeyUSA

1) Only for those top 500 listed companies in the Australian Stock Exchange. 2) New draft proposals envisage a ‘comply or explain’ requirement.

The futurePricewaterhouseCoopers’ views onhow corporate reporting maydevelop in the next decade are setout in our recent book BuildingPublic Trust – The Future ofCorporate Reporting.* The bookproposes a model for corporatetransparency based on three tiersof information:

• Financial information, based onglobally-accepted accountingprinciples and standards

• Industry-specific information,based on agreed industrystandards

• Company-specific informationsuch as strategy, riskmanagement practices,compensation policies, corporategovernance, and performancemeasures.

The information published bycompanies in each of these areaswill increasingly be analytical andqualitative, rather than simplyquantitative.

When shareholders andstakeholders have this enhancedinformation set, they will be betterable to properly value and assessthe companies they invest in anddo business with.

As companies’ public reportingbegins to reflect more of theseelements, the audit committee islikely to assume an even moreimportant role. Some auditcommittees already review theother information published bycompanies alongside theirfinancial reports.

The range of skills and experienceof audit committee members mayneed to evolve to enable them tounderstand how the businessgenerates this wider set of data.Other committees, for example risk,environmental, compensation andgovernance committees, may becreated to deal with specific areas.But the audit committee will still beresponsible for ensuring that all thefinancial aspects are reported in abalanced and understandable way.



* Building Public Trust – The Future of Corporate Reporting by Samuel A. DiPiazza and Robert G. Eccles is published by John Wiley & Sons and is availablethrough your nearest PricewaterhouseCoopers office.

Organisation of the Audit Committee

The legal or regulatoryrequirements for an auditcommittee vary betweencountries – in some they aremandatory for listedcompanies, in othersvoluntary. In addition, theresponsibilities of each auditcommittee differ, dependingon local business culture andthe particular needs of thecompany.

Single and two-tier boardstructuresIn many countries where auditcommittees are found, there is asingle-tier board structure. In someof these countries (for example theUSA), the board comprises mainlynon-executive directors. In others,the board is composed of an almostequal number of executive andnon-executive members. The auditcommittee is a committee of themain board, and its members aredrawn from the non-executivedirectors on the board.

Two-tier board structures areadopted in some markets, eitherbecause the law requires it or on avoluntary basis. Our survey ofcountries on page 55 shows thatthese structures are most commonlyfound in Continental Europe, forexample in Germany and theNetherlands.

These structures consist of aManagement Board responsible forday-to-day operations, and aSupervisory Board mainlyresponsible for overseeingmanagement and the strategy of thecompany. Members of thesupervisory board are nominated

by the shareholders in the general meeting. Under the co-determination laws of somecountries, a proportion of themembers must be representativesof the employees. Other membersmay represent key shareholders orproviders of finance.

The law usually prescribes certainresponsibilities for the supervisoryboard, including, in some cases,responsibility for financial reportingmatters. In these countries,membership of the audit committeeis logically drawn from thesupervisory board. Depending onlocal laws and circumstances, thesupervisory board could form aseparate audit committee drawnfrom its members. Alternatively,the whole supervisory board couldbe designated as the auditcommittee.

Some other countries, such asJapan, have alternative structuressuch as a ‘board of statutoryauditors’, that performs oversightresponsibilities in relation to thedirectors.

The key requirement – regardlessof structure – is that there should beappropriate independent directorinvolvement in the review of thecompany’s financial reports and theprocesses and controlsunderpinning those reports.



Irrespective of how the functions ofthe audit committee are organised,there are several steps that can betaken that will contribute to itseffectiveness, including:

• Establishing a writtencharter/terms of reference

• Selecting appropriately qualifiedcommittee members

• Defining the roles andresponsibilities of the chairman

• Considering the perceivedindependence of committeemembers

• Determining the term of office ofcommittee members

• Appropriately schedulingmeetings

• Providing high-quality meetingpapers on a timely basis

• Ensuring that sufficient resourcesand professional advice areavailable to the committee

• Providing an orientation for newcommittee members.

Each of these aspects is discussedin the following pages.



‘Sony has chosen, according to the amendedJapanese Commercial Code,to abolish its current Boardof Statutory Auditors andestablished Nomination,Audit and CompensationCommittees as of June 2003at its shareholders’ meeting. These committees arecomposed of a majority ofoutside directors’Sony Corporation, June 2003

CharterAudit committees should have awritten charter (or terms ofreference) that provides a clearunderstanding of the committee’srole, structure, processes, andmembership requirements. A well-written, detailed charter willprovide a framework for thecommittee’s organisation andresponsibilities that can be referredto by the board, committeemembers, management andexternal and internal auditors. The audit committee should, atleast annually, review the charterand recommend or proposechanges to the board for approval.

Consideration should be given tomaking the charter available toshareholders, perhaps by inclusionin the annual report. In somecountries, companies must disclosewhether the audit committee has awritten charter.

The committee’s charter shoulddefine:

• Overall purpose and objectives

• Authority

• Organisation – membership,qualification, size, term of office

• Meetings of the committee –frequency, participants anddocumentation

• Roles and responsibilities

• Relationship with management,and external and internal auditors

• Reporting responsibilities

• Evaluation of the auditcommittee.

In developing a charter, it isimportant that the committee’sactivities are not unduly restricted.The committee’s duties andresponsibilities need to be flexibleenough to allow it to operateeffectively.

Establishing a detailed, well-writtencharter will be beneficial only if theaudit committee uses it as aneffective tool. For example, thecharter should be:

• Used as a guide in establishingthe committee’s meeting agendas

• Reviewed annually in order toreflect any changes required bylaw and regulations and to ensureit responds to the changing needsof the company and the market

• Used to evaluate whether thecommittee satisfied itsresponsibilities during the year

• Adopted as a framework forreporting the committee’sactivities to the board.

Included on the following pages isan outline of an audit committeecharter. It is presented forillustrative purposes and should betailored according to the needs ofthe company.



‘The audit committee should be giventhe necessary power and resourcesto meet its charter. This will includerights of access to management andto auditors (external and internal)without management present andrights to seek explanations andadditional information’Australian ASX Corporate Governance Council, March 2003

Example audit committee charter

1. Overall purpose/objectives

The audit committee is appointedby the board of directors (orsupervisory board) to assist theboard in discharging its oversightresponsibilities. The auditcommittee will oversee thefinancial reporting process toensure the balance, transparencyand integrity of published financialinformation. The audit committeewill also review: the effectivenessof the company’s internal financialcontrol and risk managementsystem; the effectiveness of theinternal audit function; theindependent audit processincluding recommending theappointment and assessing theperformance of the external auditor;the company’s process formonitoring compliance with lawsand regulations affecting financialreporting and, if applicable, itscode of business conduct.

In performing its duties, thecommittee will maintain effectiveworking relationships with theboard of directors, management,and the external and internalauditors. To perform his or her roleeffectively, each committeemember will need to develop andmaintain his or her skills andknowledge, including anunderstanding of the committee’sresponsibilities and of thecompany’s business, operationsand risks.

2. Authority

The board authorises the auditcommittee, within the scope of itsresponsibilities, to:

2.1 Perform activities within thescope of its charter.

2.2 Engage independent counseland other advisers as it deemsnecessary to carry out its duties.

2.3 Ensure the attendance ofcompany officers at meetingsas appropriate.

2.4 Have unrestricted access tomembers of management,employees and relevantinformation.

2.5 Establish procedures fordealing with concerns ofemployees regardingaccounting, internal control orauditing matters.

2.6 Establish procedures for thereceipt, retention andtreatment of complaintsreceived by the companyregarding accounting, internalaccounting controls orauditing matters.

2.7 Be directly responsible for theappointment, compensation,retention and oversight of thework of the external auditor.

2.8 Approve all audit engagementfees and terms as well asreviewing policies for theprovision of non-audit servicesby the external auditors [and,when required, the frameworkfor pre-approval of suchservices].

3. Organisation

Membership

3.1 The board of directors [orshareholders’ meeting] willnominate the audit committeemembers and the chairman ofthe audit committee [who isan independent director].

3.2 The audit committee willcomprise at least [number]members and [the majority of]/ [all] members shall beindependent non-executivedirectors of the company.

3.3 A quorum of any meeting willbe [number] members /[proportion] of members.

3.4 Each member should haveskills and experienceappropriate to the company’sbusiness.

3.5 Each member shall befinancially literate; at leastone member must haveaccounting or relatedfinancial expertise.

3.6 Members will be appointedfor a [number] year term ofoffice.

3.7 The secretary of the auditcommittee will be thecompany secretary, or suchother person as nominated bythe board.

Meetings

3.8 Only committee members areentitled to attend meetings.The audit committee mayinvite such other persons (eg the CEO, CFO, head ofinternal audit and externalaudit engagement partner) toits meetings, as it deemsnecessary.

3.9 The external and internalauditors should be invited tomake presentations to theaudit committee asappropriate.



4. Roles and responsibilities

The audit committee will:

Internal control

4.1 Evaluate whethermanagement is setting theappropriate ‘control culture’by communicating theimportance of internal controland management of risk.

4.2 Understand the internalcontrols systems implementedby management for theapproval of transactions andthe recording and processingof financial data.

4.3 Understand the controls andprocesses implemented bymanagement to ensure thatthe financial statementsderive from the underlyingfinancial systems, complywith relevant standards andrequirements, and are subjectto appropriate managementreview.

4.4 Evaluate the overalleffectiveness of the internalcontrol and risk managementframeworks and considerwhether recommendationsmade by the internal andexternal auditors have beenimplemented by management.

4.5 Consider how management isheld to account for thesecurity of computer systemsand applications, and thecontingency plans forprocessing financialinformation in the event of asystems breakdown or toprotect against computerfraud or misuse.

Financial reporting

4.6 Gain an understanding of thecurrent areas of greatestfinancial risk and how theseare being managed.

4.7 Review significant accountingand reporting issues,including recent professionaland regulatorypronouncements, andunderstand their impact onfinancial reports.

4.8 Oversee the periodic financialreporting processimplemented by managementand review the interimfinancial statements, annualfinancial statements andpreliminary announcementsprior to their release.

4.9 Review management’sprocess for ensuring thatinformation contained inanalyst briefings and pressannouncements is consistentwith published financialinformation, balanced andtransparent (particularyregarding GAAP vs non-GAAP data).

4.10 Meet with management andthe external auditors toreview the financialstatements, the keyaccounting policies andjudgements, and the results ofthe audit.

4.11 Ensure that significantadjustments, unadjusteddifferences, disagreementswith management and criticalaccounting policies andpractice are discussed withthe external auditor.



3.10 Meetings shall be held not lessthan [number] times a yearand should correspond withthe company’s financialreporting cycle.

3.11 Special meetings may beconvened as required. Thesecretary will convene ameeting on receipt of a requestby the external or internalauditors.

3.12 The secretary shall circulatethe agenda and supportingdocumentation to the auditcommittee members areasonable period in advanceof each meeting.

3.13 The secretary of the committeeshall circulate the minutes ofmeetings to members of theboard, members of thecommittee, (and the head ofinternal audit and the externalauditor where appropriate).

3.14 As a minimum, the chairmanof the committee [or anothermember of the committee]shall attend the board meetingat which the financialstatements are approved.

3.15 Members of the auditcommittee should attend everymeeting of the committee.

3.16 The committee should meetwith in-house legal counsel ona regular basis. A meetingwith outside legal counselshould be held if it is deemednecessary.

3.17 The audit committee will meetwith the external auditors [atleast once a year] withoutmanagement present.

4.12 Review the other sections ofthe annual report before itsrelease and consider whetherthe information isunderstandable and consistentwith members’ knowledgeabout the company and itsoperations and lacks bias.

Compliance with laws andregulations

4.13 Review the effectiveness of thesystem for monitoringcompliance with laws andregulations and the results ofmanagement’s investigationand follow-up (includingdisciplinary action) of anyfraudulent acts or non-compliance.

4.14 Obtain regular updates frommanagement and company’slegal counsel regardingcompliance matters that mayhave a material impact on thecompany’s financial statementsor compliance policies.

4.15 Be satisfied that all regulatorycompliance matters, related tothe business of the company,have been considered in thepreparation of the financialstatements.

4.16 Review the findings of anyexaminations by regulatoryagencies.

Working with auditors

External audit

4.17 Review the professionalqualification of the auditors(including background andexperience of partner andauditing personnel).

4.18 Consider the independence ofthe external auditor and anypotential conflicts of interest.

4.19 Review on an annual basisthe performance of theexternal auditors and makerecommendations to theboard for the appointment,reappointment or terminationof the appointment of theexternal auditors.

4.20 Review the external auditors’proposed audit scope andapproach for the current yearin the light of the company’spresent circumstances andchanges in regulatory andother requirements.

4.21 Discuss with the externalauditor any audit problemsencountered in the normalcourse of audit work,including any restriction onaudit scope or access toinformation.

4.22 Ensure that significant findingsand recommendations madeby the external auditors andmanagement’s proposedresponse are received,discussed and appropriatelyacted on.

4.23 Discuss with the externalauditor the appropriateness ofthe accounting policiesapplied in the company’sfinancial reports and whetherthey are considered asaggressive, balanced orconservative.

4.24 Meet separately with theexternal auditors to discussany matters that thecommittee or auditors believe

should be discussed privately.Ensure the auditors haveaccess to the chairman of theaudit committee whenrequired.

4.25 Review policies for theprovision of non-audit servicesby the external auditor [andwhere applicable theframework for pre-approval ofaudit and non-audit services].

4.26 Ensure the company hasappropriate policies regardingthe hiring of audit firmpersonnel for senior positionsafter they have left the auditfirm.

Internal audit

4.27 Review the activities,resources and organisationalstructure of the internal auditfunction and ensure nounjustified restrictions orlimitations are made.

4.28 Participate in the appointment,promotion or dismissal of theinternal audit head anddiscuss with the externalauditor the standard of workof internal audit staff.

4.29 Review the effectiveness of theinternal audit function andensure that it has appropriatestanding within the company.

4.30 Meet separately with thedirector of internal audit todiscuss any matters that thecommittee or internal auditorsbelieve should be discussedprivately.

4.31 Ensure that significant findingsand recommendations made



by the internal auditors andmanagement’s proposedresponse are received,discussed and appropriatelyacted on.

4.32 Review the proposed internalaudit plan for the coming yearand ensure that it addresseskey areas of risk and thatthere is appropriate co-ordination with the externalauditor.

Reporting responsibilities

4.33 Regularly update the boardabout committee activitiesand make appropriaterecommendations.

4.34 Ensure the board is aware ofmatters that may significantlyimpact on the financialcondition or affairs of thebusiness.

4.35 Prepare any reports requiredby law or listing rules orrequested by the board, forexample a report on the auditcommittee’s activities andduties to be included in thesection on corporategovernance in the annualreport.

Evaluating performance

4.36 Evaluate the committee’s ownperformance, both ofindividual members andcollectively, on a regularbasis.

4.37 Assess the achievement of theduties specified in the charterand report the findings to theboard.

Review of the committee charter

4.38 Review the audit committeecharter annually and discussany required changes with theboard.

4.39 Ensure that the charter isapproved or reapproved bythe board.



MembershipThe appointment of suitablyqualified members to the auditcommittee is a critical factor for a committee’s performance.

The board or a nominationscommittee is usually responsiblefor appointing the audit committeemembers. The board (ornominations committee) shouldselect only those members whopossess the necessary qualificationsand experience.

Qualifications

Each member should be capable ofmaking a valuable contribution tothe committee. A diverse outlookamong members is desirable, sincea uniform point of view could leadto over-emphasis in one direction.Qualifications that each committeemember should possess include:

• An attitude of mind independentfrom the company’s management

• Integrity

• Capacity to dedicate sufficienttime and energy

• Understanding of the business,its products, and its services

• Knowledge of the company’srisks and controls

• Ability to read or understandbasic financial statements, askpertinent questions about themand interpret and evaluate theanswers

• Ability to give direct and honestopinions

• Inquisitiveness and independentjudgement

• Ability to offer differentperspectives and constructivesuggestions.

Newly appointed committeemembers may not initially possessall of these characteristics. Theyshould be allowed a sufficientperiod – say 6 to 12 months – toacquire the necessary level offamiliarity with the company’soperations.



‘I have in mind a person with the intelligence,experience and understanding to know the rightquestions to ask of management or the auditorsand the forcefulness and tenacity to ask a directquestion and insist on a straight answer.Ideally, all audit committee members shouldhave these qualities’ US SEC Commissioner, February 2003

IndependentdirectorsThe audit committee is responsiblefor overseeing the financialreporting process and, in doing so,it may need to challenge thejudgement of management or takepositions that may be contrary tothose of management. Because ofthis oversight role, independencefrom management is an essentialquality for audit committeemembers.

A committee composed wholly ofindependent directors is optimal.In some countries, all members arerequired to be independent non-executive directors. Independentdirectors are better equipped toexpress their opinions in a free andunrestricted manner, unconstrainedby any financial ties or position inthe company.

The concept of independence is noteasy to define, though many majorinvestors and representative bodieshave developed frameworks orguidance for their own purposes. It is necessary that the board has astrong understanding of how‘independence’ is defined and howit is perceived by the market. It isalso important that the board’sapproach to independence iscommunicated to shareholders.

To be considered ‘independent’,each member must satisfy allapplicable laws and regulationsrelating to audit committeeindependence. For example, anindependent director must be aperson other than an officer oremployee of the company or itsaffiliates, or any other individualhaving a relationship that wouldinterfere with the exercise ofindependent judgement.

Relationships that may beperceived to impair an auditcommittee member’s independenceinclude the following:

• Current or prior employment atthe company or any of its affiliates(the period in which the prioremployment occurred can varyconsiderably – it is quite common,however, for investors toconcentrate on the last threeyears)

• Cross-relationships or significantlinks with other directors in othercompanies

• Receipt of consulting, advisory orother compensation from thecompany (or its affiliates), exceptfor director’s fees consistent withthe committee duties undertaken

• Participating in the companyshare option or performance-related pay scheme

• Obtaining financial assistancefrom the company in terms ofloans or advance payments otherthan on ordinary terms



‘Potential conflicts exist if auditcommittee members formerlywere part of the companymanagement team. Formerworking relationships may placeundue pressure on the auditcommittee to avoid asking hardquestions’ OECD – Second South Eastern Europe

Corporate Governance Roundtable, May 2002

• Being a member of the immediatefamily of the management team

• Being a director or majorshareholder of a significantcustomer or supplier

• Being a representative of asubstantial shareholder orprovider of finance.

The company may decide toappoint a director who has one ormore of the above relationships insome jurisdictions if the boardconsiders that membership is in thebest interests of the company and itsshareholders as a whole. In theinterests of transparency, the natureof such a relationship and thereasons for appointment should bedisclosed to the shareholders.

FinancialexpertiseIt is good practice that each memberof the audit committee should befinancially literate – having theability to read and understandprimary financial statements,including a company’s balancesheet, income statement and cashflow statement.

In order to conduct itsresponsibilities, committee memberswill need to give attention to matterssuch as:

• GAAP and non-GAAP amounts,key performance indicators andratios

• Complex and sensitive orjudgemental areas, such asfinancial instruments, accountingfor pensions and share options,business combinations andvaluation of intangible assets

• In the case of companies withmultiple listings, the implicationsof preparing financial statementsunder several reportingframeworks

• Moving from one reportingframework to another (forexample from national GAAP toInternational Financial ReportingStandards).

Emerging practice (and arequirement in recent US and UKpronouncements) is that at least onemember should be a financial expertwho has accounting or relatedfinancial expertise. This could havearisen through past employment infinance or accounting, aprofessional qualification inaccounting, or any othercomparable experience, for exampleas a senior officer with financialoversight responsibilities or as anauditor of a listed company.

The chairman’s role

The position of committee chairmanis pivotal – he or she must be thefocal point for the committee’srelations with the board, the chieffinancial officer and the internal andexternal auditors. The chairman isresponsible for the smooth runningof meetings, ensuring that the viewsof each member are heard and thatsufficient time is devoted to eachissue for discussion. The chairmanshould plan the agenda for eachmeeting in conjunction with thecommittee secretary.

In selecting a committee chairman,the board should choose someonewith strong and effective leadershipqualities and the ability to promoteeffective working relationships(among committee members andwith others such as managementand external and internal auditors).



The roles of chairman and financialexpert might in some cases becombined in one individual.However, for most committees, abetter balance of skills will beachieved by having these rolesperformed by different individuals.In these circumstances, thechairman must be properly briefedon the technical aspects to enablehim to report to the board andshareholders.

The board should periodicallyreview the mix of characteristics,experience, and skills of allcommittee members to ensure thatit continues to provide anappropriate balance.

Commitment

To fulfil their responsibilities,committee members need todedicate a significant amount oftime and energy to committeeactivities. This will includefamiliarisation with the company’sbusiness and industry andpreparation for, and attendance at,meetings.

Members should strive to attendevery meeting of the committee.

The number of other directorshipsheld by committee members mayaffect the amount of time they areable to devote to audit committeeactivities. When evaluatingpotential candidates for thecommittee, boards will thereforewant to consider the number ofother directorships and committeeresponsibilities held by candidates.

Size of committee

An audit committee should be largeenough to represent a balance ofviews and experience, yet smallenough to operate efficiently.

It is now a requirement in marketssuch as the USA and UK that thecommittee should consist of nofewer than three members whoshould all be independent non-executive directors.

Earlier research byPricewaterhouseCoopers found thatin major European companies, 70%of committees had between threeand four members.

It is generally thought thatcommittees composed of three tosix members represent the optimumsize. However, the size of eachcommittee should be appropriatefor the company’s circumstancesand will depend on the extent ofthe committee’s responsibilities.

Term of office

The number of years that membersserve on a committee varies. A common term is three years, withpossible reappointment for a secondterm, but longer terms are alsopossible. It is rare for committeemembers to rotate on an annualbasis, which is why a programmethat regularly evaluates thecommittee members’ performanceis useful. (See page 48.)

When determining the length oftime committee members mayserve, the board should weigh twoopposing considerations; continuityand freshness. Rapid turnover canbe detrimental to the committee’seffectiveness, since members needtime to familiarise themselves withthe company’s business andfinancial reporting structure andunderstand technical issues. Onthe other hand, new members bringa fresh perspective to thecommittee. To balance theseconsiderations, the board may wishto establish staggered terms forcommittee members.



MeetingsFrequency

An audit committee should holdregular meetings and should plancarefully the timetable, agendas andparticipants.

The number of meetings thecommittee holds is influenced by itsobjectives and scope of activities,and the size and nature of thebusiness. Regular meetings providethe opportunity to review anddiscuss financial information on atimely basis. It is helpful toschedule meetings (particularlythose at which the financialstatements are reviewed) well inadvance of the corresponding boardmeeting, to allow time for dealingwith issues raised by the committee.Generally, meetings correspondwith major phases of the financialreporting, external audit, andinternal audit cycles. The chairmanof the committee should decide thefrequency and timing of itsmeetings.

Research into practice at Europeancompanies shows that auditcommittees meet, on average, threeto four times a year. However, thekey is that the number and lengthof meetings are appropriate toensure that the committee meets itsobjectives.

Participants

Members of the audit committeeshould attend all meetings of thecommittee. In addition to membersof the committee, other participantsare often present, by invitation, atmeetings. Such participants mayinclude:

• The director or head of thecompany’s internal audit function

• The lead partner from theexternal auditors

• Senior management, includingthe chief financial officer (CFO)or financial director.

Additional attendees should belimited to those who are familiarwith, or responsible for, the topicson the agenda. If necessary, theaudit committee should invite thein-house lawyer or outside legalcounsel to attend a meeting.

Where appropriate, the auditcommittee should arrange separatemeetings with management, andthe external and internal auditors.Topics for discussion withmanagement might include theevaluation of the external auditor,accounting and internal auditpersonnel. Discussions with theauditors might include thecooperation that the external andinternal auditors receive from thecompany’s staff and management.



Entitled to attend

All independentnon-executive

directors (NEDs)

Attend byinvitation

CommitteeChair

Head ofInternal Audit

FinancialDirector

ExternalAuditors

Minimum 2 other Committee Members

Agenda and meeting papers

In our experience, the reaction ofmembers to the arrival of auditcommittee papers is typically ‘Toomuch!’ or ‘Too late!’ To maximiseeffectiveness, a detailed writtenagenda with clear supportingpapers highlighting matters fordecision should be prepared formeetings. They should bedistributed to committee membersa reasonable period in advance toallow proper consideration.

Appropriate notice should be atleast three or four working days toallow for adequate study of thepapers.

In the case of the annual financialreport, it may be appropriate toschedule two meetings – one twoweeks or so before the report is dueto be released to ensure adequatetime to address fully the significantissues, and another just prior to therelease to review the final numbers.

Resources

Audit committees must have accessto the resources and informationnecessary for them to fulfil theirduties. This will mean continuingadministrative and secretarialsupport. Occasionally otherresources may be required (forexample, when conducting specialinvestigations), such as access tolegal advisers and other outsidespecialists. It should be made clearto all directors and staff that theymust fully cooperate with the auditcommittee and supply allinformation as required.

Minutes

Minutes of meetings should beprepared and sent to members ofthe committee, the board ofdirectors (and the external andinternal auditors where appropriate)on a timely basis. These, inaddition to direct reports to theboard from the chairman of theaudit committee, help keep theboard fully informed about thecommittee’s activities.

Best practice is that the number ofmeetings held and the number ofmembers who attended themeetings should be disclosed inthe annual report.



‘The committee should meet asufficient time before the resultsannouncement to enable issues tobe discussed with managementand the auditors and resolved’CEO of African company,

February 2003

New members –getting startedCompanies make use of executiveselection agencies to screendirectors for new positions. In thesame way, prospective auditcommittee members will want toconduct their own ‘due diligence’before they accept the role,particularly if they are new to theboard.

Questions prospective new boardand audit committee membersmight ask themselves about thecompany before taking on the roleinclude:

• Can investors understand thecompany’s governance structure?

• Who are the company’s principaladvisers?

• How does the business make itsmoney?

• Is the company clearly open,honest and transparent in itsdealings with stakeholders?

Further questions that might beasked in relation to the auditcommittee role include:

• Is the committee seen asimportant internally as well asexternally?

• How wide is the auditcommittee’s remit (too narrow ortoo broad)?

• Who is the committee chairman,and how does he or she controlthe meetings?

• Do the other members add valueby virtue of skills or experience,and how will I complement theseskills and experience?

Once their appointment isconfirmed, committee membersshould be provided with sufficientbackground information. Althoughthey will normally also be directorsof the board, the amount andnature of information andknowledge that will be required tofulfil their audit committee role willbe different from that necessary fortheir board functions.

The induction process should coverthe role of the audit committee,expected time commitment bymembers, overview of the businessand an introduction to thecompany’s finance staff.

New members should ensure theyhave an appropriate understandingof the company, its products andservices, areas of risk, and itsinternal control and financialreporting systems. They also needto understand the requirements andobjectives of the audit committeeand so should review the charter,minutes of prior meetings and anyrecent reports made by thecommittee to the board.

On the following page is a list ofitems that new members mayconsider when familiarisingthemselves with the company.Page 47 considers the committee’scontinuing need to keep up to date– ‘Maintaining and measuringeffectiveness’.



Orientation information for new committee members

Management

• Background and qualifications ofsenior executives and financialmanagement

• An organisation chart setting outreporting lines andresponsibilities

• The basis on which seniormanagement is remunerated.

The committee

• The audit committee’s charter –its role in overseeing companypolicies, financial reporting, andother special areas

• Nature and timing of reportsprepared by management for thecommittee

• Company staff available tosupport the audit committee

• External advisers available tosupport the audit committee.

Internal auditors

• The responsibilities of the internalaudit function

• The number of internal auditorsand their qualifications andexperience

• The committee’s relationship withthe internal audit department

• The types of reports the auditcommittee receives from theinternal audit department

• The current year’s internal auditplan.

External auditors

• A copy of the current year’sexternal audit engagement letter

• The scope of the external audit,including the current year auditplan

• The committee’s relationshipwith the external auditors

• The types and timing of reportsissued by the external auditors

• Company policy with respect toengaging the auditors to provideaudit and non-audit services.



New members will needbackground information on manyareas, including:

The company

• Products and services

• Foreign and domestic operations

• Key areas of risk and how theyare being managed

• Financial and operationalcontrols, and plannedmodifications

• Types of budget and managementreports produced

• Key accounting policies and thereasons for their use

• Key areas of concern about thefinancial position and thereported value of individualassets and liabilities

• Statutory reporting and exchangelisting requirements to which thecompany is subject

• Litigation and contingenciesfacing the company

• Annual and interim earningstrends

• The company’s code of conductor business behaviour.

Oversight responsibility for financial reporting

The audit committee normallyundertakes, on behalf of theboard, responsibility forensuring the integrity of thecompany’s financial reports byhaving oversight of internalcontrol, the financial reportingprocess and compliance withregulatory matters.

The specific responsibilities of eachcommittee will vary depending onthe particular circumstances of thecompany. However, in general, theaudit committee will review the:

• Adequacy and effectiveness ofrisk management systems andthe company’s internal controlsas they affect financial reporting

• Adequacy and effectiveness ofthe system for the preparation offinancial data reported to themarket, including the annualfinancial statements and reviewof operations, and interim reports

• Process for monitoringcompliance with relevant lawsand regulations, and any legalmatters that could have asignificant impact on thecompany’s financial reports

• Process for monitoringcompliance with any internalcode of conduct, includingprocedures for dealing withconcerns of employees andcomplaints received by thecompany regarding accountingand auditing matters.

These functions are described inmore detail below.

Risk andcontrolsRisk management

Risks are uncertain future events –both positive and negative – thatcould affect future cash flows,profitability, shareholders’ returnand the company’s reputation. It isthe responsibility of the board todetermine the risk appetite of thecompany and set policy in relationto this. Management’sresponsibility is to assess what risksthe company may be exposed toand to develop procedures formanaging risk in line with boardpolicy. The audit committee’s roleis to review the risk profile andensure that risk managementstrategies, particularly as they affectfinancial reporting, are in place.

Risks may arise from both externaland internal factors, such as:competition and complexity of themarket; economic conditions;regulatory changes; weaknesses inthe company’s business model; anddeficiencies in internal control.The audit committee should:

• Discuss with the board its attitudeto risk and the policiesestablished to ensuremanagement operates withinthese parameters

• Understand the company’sframework for risk assessmentand management and theassignment of responsibilities

• Review the company’s majorfinancial risk exposures and stepstaken to monitor and controlthose risks.

In some business sectors,particularly regulated industries(for example banking, financialservices, pharmaceuticals andtransport) it is increasingly commonfor companies to establish separaterisk committees. The auditcommittee should understand therole and activities of the riskcommittee and, through the board,should ensure that it has regularcontact with the risk committee.

For risks that are accepted,management will establish acontrol system. A well-designedand implemented internal controlsystem provides the rightenvironment for the efficientrunning of an entity’s operations,and will reduce the risk of financialinformation being materiallymisstated.



Internal control

The board of directors sets policyand oversees management whohave primary responsibility todesign and implement systems ofinternal control. Management’sresponsibilities include:

• Establishing and maintaining anadequate internal controlstructure and procedure forfinancial reporting

• Evaluating the effectiveness ofinternal control, at least on anannual basis

• Identifying promptly materialweaknesses in internal controland taking corrective steps

• Notifying the external auditor andaudit committee of significantinternal control deficiencies, andany instances of fraud.

The audit committee should gainan understanding of the system ofcontrols over financial reportingimplemented by management. Thisincludes controls over the integrityof the financial accounting systemsand records, and controls to ensurefair presentation and disclosure offinancial information in accordancewith standards. Where thecompany has a treasury function,the committee should alsounderstand the treasury controlsoperated by management.

The committee should obtain thisunderstanding through reports fromand discussions with management,internal audit, and the externalauditors. The audit committeeshould also understand the extentto which the external and internalauditors review controls.

The audit committee’s involvementis important and can help toreinforce a strong ‘control culture’in the business. Where internalcontrols are weak, the auditcommittee should require the boardto make improvements.

Where management outsources akey part of the information andcontrols system, for example to ashared service centre, thecommittee will want to ensure that

an appropriate service agreement isin place and that performance isbeing monitored. The agreementshould specify the services to beperformed (for example processingof sales and purchasing, andmaintaining financial accountingrecords,) and rights of access to andprocedures for reviewing theperformance of the provider.

In some cases, the audit committeeor management may request anindependent accountant or auditorto prepare a special report onaspects of the internal control andrisk management systems. If so,the audit committee will need tospecify the nature of theengagement and should reviewwith the independent accountantthe basis for the report.



‘Audit committees should, forexample, satisfy themselves thatthere is a proper system andallocation of responsibilities forthe day-to-day monitoring offinancial controls but theyshould not seek to do themonitoring themselves’UK Smith Report –

Audit Committees Combined Code Guidance, January 2003

Fraud risk

Fraud risk should be a majorbusiness concern. The auditcommittee should gatherinformation from management ofthe company, external and internalauditors to enable it to:

• Understand and be aware offraud risk

• Ensure that the risk of fraud hasbeen communicated bymanagement

• Review management’s steps toimplement adequate controls tomitigate the risk of fraud.

Fraud can take the form ofmanagement fraud, employee fraudor external fraud. Managementfraud involves intentionalmisrepresentation of financialinformation or improper use of thecompany’s resources by seniormanagement. Where there isdeliberate collusion bymanagement, it is unlikely thatnormal audit procedures willuncover fraud and error.

Fraudulent financial reporting is aparticular type of managementfraud that can significantly affectthe integrity of financial statementsand damage the company’sreputation. In its review of periodicfinancial information, the auditcommittee should be alert toindications that fraud may bepresent.



Audit committee responsibilities...

" Evaluate whether senior management has set an appropriate ‘control culture’ by establishing procedures for theassessment and management of risk

" Understand the systems of controls implemented bymanagement for the approval of transactions, recording of dataand compliance of financial statements with relevantrequirements

" Enquire whether internal control recommendations made by the external and internal auditors have been implemented by management

" In reviewing the financial statements and other financialinformation, be alert to possible indications of fraud.

FinancialreportingThe preparation of the financialstatements is a primary responsibilityof the company’s management.The audit committee plays a keyrole in reviewing the financialinformation before it is published.As explained on page 19, it isimportant in order to fulfil this rolethat the committee’s members havea good understanding of financialaccounting. The committee willneed to consider:

• Critical accounting policies,judgements and estimates appliedin the financial statements

• Alternative accounting policiesapplied by peer-group companies

• Quality of earnings and theimplications of exceptionaland/or non-recurring income andexpenses

• The impact of business risks andsensitivities on the company’sfinancial statements

• Implications of expected changesin accounting policies

• The impact of the company’sfinancing structure on currentand future profitability

• The way in which such mattersare dealt with in the company’sfinancial reports.

The accounting framework

The audit committee should befamiliar with the accountingframework used by the company forits financial reporting. In most casesthis will be national GAAP –generally accepted accountingprinciples – the body of accountingstandards and interpretationsapproved for use in a particularcountry. Where companies raisecapital on foreign markets, they mayhave to report in accordance withmore than one GAAP, or provide areconciliation from one GAAP toanother.

In the interests of improvedcomparability, many countries areadopting International FinancialReporting Standards (IFRS). A recentstudy by the large accounting firmsrevealed that over 90% of theworld’s major economies areplanning to adopt or converge withIFRS. Listed companies in theEuropean Union member states, forexample, are required to adopt IFRSin 2005.

Where appropriate, the auditcommittee needs to be familiar withthe company’s transition processfrom national GAAP to IFRS. Theaudit committee members should:

• Understand the wider effects onthe company’s reported results ofmoving from national GAAP toIFRS

• Understand the transition orconversion plan implemented bymanagement

• Receive reports from, and perhapsattend meetings of, the company’stransition steering group

• Consider how management ispreparing in advance for themore complex areas, such asfinancial instruments, goodwilland deferred taxation.

As indicated in the section onmembership, knowledge andexperience of the relevantaccounting standards is a greatadvantage. Committee members,particularly those designated as‘financial expert’, should be up-to-date with changes in regulationsand standards.

Reviewing the annualfinancial statements

The audit committee will reviewthe annual financial report andassess whether it is complete andconsistent with the informationknown to committee members. It should have enough time toconduct its review of the financialstatements and the supportingcommentary by management. The final draft of the financialstatements should be received bythe committee at least two or threedays in advance.



The audit committee should meetwith management and the externalauditors to review the annual reportand financial statements and theresults of the audit.

The type of review will vary,depending on the complexity of thecompany and its industry. It will,however, cover the selection andapplication of accountingprinciples and estimates, thepresentation of disclosures, goingconcern disclosures (if applicable),and any other matter significant tothe company’s financial reportingprocess.

Significant fluctuations in resultsfrom year to year as well asvariations between actual resultsand the budget or forecast need tobe explained and understood. Thecommittee should pay particularattention to complex or unusualtransactions and to judgementalareas, particularly those areaswhere different assumptions couldhave a significant effect on thefinancial statements. Examples ofsuch areas include restructuringcharges, acquisitions, special-purpose entities, off-balance sheettransactions, derivatives, valuationand impairment of assets, warrantyobligations, environmentalliabilities or litigation provisions.

Pages 31 and 32 provide a list ofquestions that may be asked ofmanagement and the externalauditors prior to the release of theannual financial statements.




" Review significant accounting and reporting issues, including recent professional and regulatory pronouncements, and understand their impact on the financial statements

" Review schedules of adjusted and non-adjusted items and obtainexplanation from the external auditor and management as to whyerrors remain unadjusted

" Read the directors’ or management letter of representation to theauditors on the financial statements and consider issues addressedin the letter

" Review the financial statements and determine whether they arecomplete, reflect appropriate accounting policies, containadequate disclosure and are consistent with the informationknown to committee members

" Review other sections of the annual report, particularlymanagement commentary, and consider whether the informationis adequate and consistent with members’ knowledge about thecompany and its operations

" Review the results of the external audit.

Regulators in some territories (suchas the European Union) areproposing to introduce requirementsfor quarterly reporting and for reportsto be filed more quickly. Althoughthis may increase the burden of workfor the audit committee, there aresignificant benefits in the committeereviewing interim information andpreliminary announcements,including:

• Enhancement of the committee’sability to identify and directattention toward significant issueson a timely basis

• The establishment of a regular,almost continuous, flow ofinformation from management tothe committee. Committeemembers’ understanding of thecompany’s business will beimproved

• The opportunity for the externalauditors to engage in discussionswith the committee, particularlyon matters of accounting policytreatment, at an early stage.

These benefits, of audit committeeinvolvement in reviewing otherfinancial information, might be builton further by obtaining thecommittee’s input on the materialused for analyst and institutionalinvestor presentations.

Where financial information of aroutine nature is produced on aregular basis, for example returns toregulators and debt circulars, thecommittee should establish protocolswith management for its review andrelease. The committee needs to besatisfied there is an appropriateprocess for its preparation, but neednot itself review every document thatis filed or published.

Ultimately, as a result of theincreased oversight by the auditcommittee, the whole financialreporting process will bestrengthened and investors’ interestswill be further protected.

Interim financial statementsand other published financialinformation

All financial information publishedby companies is closely scrutinisedby the investment community, andthe price of a company’s stock issignificantly affected by investors’reaction to results announcements.

It is important, therefore, that theaudit committee includes bothpreliminary announcements andinterim (including quarterly)statements within its remit.




" Ascertain how management develops and summarises interim and preliminary results information, and the extent ofexternal and internal audit involvement in the review of suchinformation

" Agree with management appropriate procedures for thepreparation and review of other types of financial information,for example summary financial statements, regulatory returnsand debt circulars.

Illustrative questions for reviewing financial statements

A. Financial reporting process

• What are the current areas ofgreatest financial risk, and howare these being managed?

• Are the accounting systems(including controls overdisclosure, and controls overfinancial reporting processes)adequate and appropriate?

• What significantrecommendations have beenmade to management (byexternal and / or internalauditors) for improvements tothe reporting process? How hasmanagement responded? Arethere any significant areas thatstill require attention?

• What are the procedures formaking profit and cash flowprojections?

• What evidence hasmanagement considered tosatisfy itself that the company isa going concern (that it willcontinue to operate for theforeseeable future)?

B. Accounting policies

• Do significant accounting policiescontinue to be appropriate? Arethe assumptions underlying themstill valid?

• Did any accounting policieschange this year? If so, for whatreasons, and what were theeffects of the changes?

• What effects would any new orproposed change in generallyaccepted accounting principlesor in other regulations have onthe financial statements?

• Do the financial statementscontain a clear andunambiguous reference to theaccounting framework (nationalGAAP or IFRS) adopted?

• Where a new framework isadopted for the first time, haveappropriate policies anddisclosure been followed?

• Were there any disagreementsbetween management and theauditors on accounting policiesor principles? Were theysatisfactorily resolved?

• How do the company’s policiescompare with industry norms?

• Is the revenue recognitionpolicy appropriate?

• Are any policies regardingcapitalisation of expenditure inaccordance with generallyaccepted accounting principles?

• What are the overallimpressions of theconservativeness oraggressiveness of theaccounting policies adoptedand the underlying estimates?

C. Financial statements

Overall

• Are there significantfluctuations between accountbalances in the financialstatements between current andprior periods? What causedthem?

• What significant accruals oradjusting entries were made aspart of the year-end accountingprocess?

• Were there any prior-periodadjustments? What were thecircumstances?

• Were any significant transactionscompleted during the year that arenot evident from the financialstatements? How were theyaccounted for? Did any of thesetransactions involve related parties?

• Were any significant issues raisedby management, company’s legalcounsel, or outside legal counselconcerning litigation,contingencies, claims orassessments? How are suchmatters reflected in the financialstatements?

• Is the company in danger of notcomplying with the provisions ofloan agreements and covenants?

Measurement and recognition

• How did management satisfy itselfabout the value of long-terminvestments?

• Has the company invested in anyunusual types of financialinstruments?

• Has the value of marketablesecurities or other financialinstruments changed significantlysince year-end?

• What other implications mightfalling equity values have (eg pension fund deficits)?

• How does the average age ofaccounts receivable at year-endcompare with the preceding year?

• Is the collectibility of any largereceivable amount (for example ina loan portfolio) in question?



• Is there any indication thattangible or intangible assets maybe impaired?

• Are revenues properly accountedfor? What about volume salesincentives and discounts?

• What steps were taken todetermine obsolete or excessinventory? Were there anysignificant write-downs?

• Are there government orregulatory programmes, forexample concerning theenvironment, that could adverselyaffect the value at which items arerecorded or that could requireprovision?

• What are the open tax years? Arethere any significant items that areor may be in dispute?

• Were there any commitments orcontingent liabilities indicatingpossible impairment of the valueof an asset or the incurrence of aliability that were not provided forin the financial statements?

Disclosures

• Are there appropriate disclosuresregarding going concern issues?

• Is there adequate disclosure offinancial risks?

• Are all material off-balance sheettransactions, arrangements andobligations (including contingentobligations) appropriatelyaccounted for and disclosed?

• Are other relationships of thecompany with unconsolidatedentities or other personsappropriately disclosed?

• Are there any significant orunusual amounts due fromofficers or employees?

• Are there any other significantrelated party transactions thatrequire disclosure?

• Do the disclosures meet therequirements of each jurisdictionin which the financial statementsmay be filed?

D. Transparency

• Is the management commentaryconsistent with the financialstatements? Is it balanced,comprehensive andunderstandable?

• What significant changes havetaken place during the year in themarkets that the companyoperates in? Is this reflected inthe management commentary?

• Is the funding and liquidityposition of the companyadequately explained?

• Overall, does the annual report(the financial statements,operating review and other partsof the annual report takentogether) give a transparent viewof the company’s performance?

• Are references to non-GAAPamounts or measures appropriateand fully explained?

• From a review of the financialstatements, is there anyindication of possibledeficiencies in internal control orfraud and error?

• Are there any situationsdeveloping that do not require

accounting recognition ordisclosure this year, but may nextyear if conditions do not improve?

E. Questions to ask theauditors about the financialstatements

• Did the actual scope of theaudit differ from pre-audit plans?Did management restrict or limitthe scope of the audit in anyway?

• Did management cooperateduring the course of the auditand were you provided with allthe information and explanationsyou required without hesitation?

• Was there any difficulty inobtaining written representationsfrom the board of directors orexecutive management?

• Were any significant adjustmentsto the financial statements madeas a result of the audit?

• Are there any unrecordedadjustments resulting from theaudit? What is the quantumeffect of these adjustments?

• What are the most significantjudgemental areas in theaccounts?

• Would you consider theaccounting policies prudent oraggressive?

• Has management resisted anysignificant areas of disclosure?

• If you had prepared thesefinancial statements yourself,what would you have donedifferently and why?



Regulatory,compliance andethical matters

Regulatory, tax and legalissues

The audit committee should alsohave oversight of the company’sprocess for monitoring compliancewith laws and regulations that havea financial impact. The committeewill normally receive briefings frommanagement, such as thecompliance officer, company’slegal counsel or tax manager, togain an understanding of theprocedures designed for ensuringcompliance and for assessing thepotential impact on the companyand the financial statements. The committee should also reviewreports on the company’scompliance with financial laws and regulations.

The audit committee shouldperiodically meet with thecompany’s in-house legal counsel(and if appropriate, external legaladvisers) to consider any mattersthat may have a material impact onthe company and the financialstatements.

Business ethics

There is increasing recognition thatthe reputation of a business is acritical factor in the determinationof its value. Given the increasedattention that the media, the publicand the investment community payto ethical issues, many morecompany boards are now devotingconsiderable resources to ethicalprogrammes.

One sign of the increasedimportance attached to businessethics is the adoption by manycompanies of formal codes ofconduct, which set out the board’sguidelines for acceptable businesspractices. Codes of ethics shouldbe designed to promote:

• Honest and ethical conduct,including the handling of actualor apparent conflicts of interest

• Full, fair, and understandabledisclosure in reports and publiccommunications

• Compliance with applicablegovernmental rules andregulations

• Prompt internal reporting ofviolations to an appropriateperson

• Accountability for adherence tothe code.

Some companies are publishingtheir codes, so that stakeholderssuch as customers, suppliers andlocal communities can see thestandards by which the companyjudges itself.

Well-defined ethical standards andwritten guidelines for acceptablebusiness behaviour help establisha climate that encourages reliablefinancial reporting and a sense offiduciary responsibility amongemployees. The audit committeeis not normally responsible fordetermining ethical standards.That responsibility should belong tothe board as a whole. However,the board and management mayconsult the audit committee indesigning a code or setting theguidelines for business behaviour.

The audit committee will beinterested in the extent to whichethical standards are embedded inthe company’s internal controland internal reporting procedures.It should also consider whethermanagement has a programme formonitoring compliance with thecode and for enforcing instancesof non-compliance.



Whistleblowing

The audit committee may beexpected to establish, or reviewsteps taken by management toestablish, whistleblowingprocedures on financial matters.Managers and employees whobecome aware of instances ofpossible financial malpracticewithin the company should have asafe channel through which toreport their concerns. The auditcommittee should ensure that anyconcerns are properly investigatedand necessary follow-up actiontaken.

The establishment of complaintshandling procedures should also beextended to financial reportingissues raised by regulatoryagencies, investors and members ofthe public. The audit committeeneeds to be satisfied that these areproperly dealt with.




" Review the systems implemented by management for monitoring compliance with financial laws and regulations

" Obtain regular updates from management regarding complianceand the results of management’s investigation and follow-up ofany instances of non-compliance. Review the findings of anyexaminations by regulatory agencies

" Assess whether all legal and regulatory compliance matters havebeen considered in the preparation of the financial statements

" Review the programme for monitoring compliance with anycode of ethics, and periodically obtain updates frommanagement regarding compliance

" Ensure the company has appropriate mechanisms for dealingwith financial accounting and reporting issues raised byemployees, investors, members of the public and others.

Working with Auditors

External and internal auditorshave knowledge andexperience that can help thecommittee to perform itsactivities. To fulfil itsresponsibilities, the auditcommittee needs tocommunicate with bothgroups of auditors.

External auditorsThe objective of an external auditof financial statements is todetermine whether, in the auditors’opinion, the statements presentfairly in all material respects, orshow a true and fair view of, thecompany’s financial position,results of operations, and cashflows in conformity with national orinternational generally acceptedaccounting principles.

The audit committee’s primaryinterest is reliable financialreporting, so communication withthe external auditors on a regularbasis is important. Discussionswith the external auditors shouldcover the following four key areas:

• Service approach (the auditors’qualifications, includingindependence, to perform thework and the approach to theaudit)

• Risk and controls (the key risksidentified by the auditors inrelation to the financialstatements and the company’scontrols, and the resulting auditplan and response to the risks)

• Financial reporting (accountingpolicies, disclosures, andobservations on the overallquality of financial reporting)

• Governance matters (mattersnoted by the auditors in thecourse of their work that theyconsider should be brought to theaudit committee’s attention).

The audit committee should havediscussions with the externalauditors at appropriate times duringthe year, not simply at the time ofthe completion of the annual audit.Ideally, the committee will meet atleast three or four times during theyear, to coincide with the externalreporting and audit cycles.

The committee and the externalauditors should communicate at thefollowing stages of the audit:

• Pre-engagement – to approve thescope of the audit service, discussthe auditors’ independence, andagree the audit engagement letter

• Planning – so that the committeecan understand the planned auditapproach

• During the audit – for example atthe half-year, so the committee iskept informed of significantmatters relevant to the audit

• Resolution and completion – to discuss the auditors’ findings.

In some countries, generallyaccepted auditing standardsinclude specific requirements forcommunication between theexternal auditor and the auditcommittee. The InternationalAuditing and Assurance StandardsBoard (IAASB) has also developedguidance on this – InternationalStandard on Auditing (ISA) 260,Communications of Audit Matterswith Those Charged withGovernance. The standardindicates matters that, ordinarily,the external auditor should reportor discuss with the auditcommittee. These are included onpage 41, ‘What you should expectfrom your auditors.’ Relevantmatters should be communicated tothe committee on a timely basis.



The diagram above shows how thecommittee’s experience of how theexternal audit was conducted helpsto inform its decisions about theaudit relationship for the followingyear.

The committee should meetprivately with the external auditorsat least once each year to ensurefree and open communications.The audit committee may alsoutilise the knowledge andexperience of the external auditorsby meeting with them to receiveregular updates on developmentsaffecting financial reporting.

ServiceapproachReviewing the auditors’performance

Whether assessing the company’scurrent auditors prior toreappointment, or evaluating newones, the committee shouldconsider:

• The firm’s professionalcapabilities, resources, andpersonnel assigned to the audit

• Audit approach

• The audit team’s knowledge ofthe company’s industry

• Geographic coverage of the audit.

There are many advantages tocontinuing with a firm that isproviding good service. However, if a new firm is being considered,the audit committee shouldconsider the appointment afterconsultation with management andmake a recommendation to theboard. It is the board that normallyrecommends the appointment tothe shareholders.

The committee should also beinvolved in any decision to dismissthe external auditors. In suchcases, the committee should assureitself that the dismissal is onsubstantial grounds and not, forexample, merely because theexternal auditors took positions onaccounting issues that werecontrary to management’spreferences.



Getting started – pre-engagement

• Review last year’s external auditors’ performance – audit team, services and fees

• Discuss audit proposal – service approach/strategy, terms and fees

• Review auditors’ independence and experience of audit team

• Consider engagement letter

• Make proposal to board for appointment

Understanding the audit plan

• Discuss and agree audit plan for current year

• Understand from the auditors what to expect – services, timing and reporting requirements

• Consider how key risk areas will be addressed during the audit

Resolution and completion (post year-end)

• Review the audited financial statements

• Discuss key audit findings – significant accounting policies/audit judgements/ financial reporting quality

• Discuss any disagreements with management

• Meet separately with external auditors

• Appraise external auditors’ performance

Staying informed during the audit

• Be aware of difficulties encountered in performing audit – restrictions on access to information/management

• Be informed of deficiencies in internal control/fraud/illegal acts

• Be updated on matters impacting on the auditors’ independence

If the audit committee has concernsabout the quality of service, itshould discuss them with thepartner in charge of the externalaudit. Open and candiddiscussions among all parties canlead to a constructive resolution ofmatters giving rise to concern.

The audit committee shouldannually review the fees chargedfor the audit, alongside thereappointment of the externalauditors. The committee considerswhether the fee is faircompensation for a comprehensiveand competent audit. This reviewmight also include the fees inrespect of other services providedby the external auditor.

Some countries require disclosureof fees paid to the external auditorsin respect of different categories ofwork. The US SEC, for example,requires disclosure of fees paid foraudit, audit-related, tax and otherservices provided by the auditor.

Independence of the externalauditors

To perform their work effectively,external auditors must act withobjectivity. The audit professionrecognises this and requires itsmembers to observe ethical rulesthat are designed to safeguard theauditors’ independence. TheInternational Federation ofAccountants (IFAC) has issued aCode of Ethics that sets outpotential threats to independence,and safeguards to mitigate thosethreats.

While the audit committee focusesprimarily on the effectiveness of theaudit, it should also consider theeffect on the auditors’ objectivity ofany relationships or other servicesthe auditors have with, or provideto, the company or itsmanagement. The committee willneed to determine to its ownsatisfaction that the auditors’independence has not beencompromised.

The rules in some countries requirethe audit committee to review andmake recommendations oncompany policy with respect toengaging the auditor to performother services. For SEC registrants,there is also a requirement thataudit committees must pre-approveall services – both audit and non-audit – performed by the externalauditors.

In establishing such policies, thecommittee needs to balance severalfactors. It should contribute to theperceived robustness of the auditby discussing independence issueswith the external auditors, and help

the auditors to ensure that theirindependence is not compromised.(The committee should take note ofthe broad range of safeguards thatthe audit firm uses to protect itsindependence, such as the regularrotation of the engagement partner,use of review partners, and internalquality inspection programmes.)At the same time, it has aresponsibility to act in the bestinterests of the company andensure that value is delivered forshareholders in terms of theservices supplied.

The company may engage theauditing firm for a variety of specialservices if those services do notpose an unacceptable threat toindependence or breach specificindependence restrictions. Usingpeople that know the company andits culture, and who can apply andleverage this knowledge inproviding other services, has greatadvantages. And the increasedknowledge the auditors gain fromperforming these services can inturn contribute to the quality of the audit.

If the audit committee is happy, thecompany should be free to engagethe firm it considers best equippedto perform a particular task, basedon the skills and knowledgerequired, and the committee’sperception of the abilities of thepeople it sees across the table.



Risk andcontrolsAnalysis of key risks

Good practice is for the auditcommittee to meet the auditors anddiscuss the company’s businessrisks with them. The meetingshould focus on those key risksthat, in the auditors’ judgement,give rise to a greater risk of materialmisstatement of the financialstatements. This discussion ishelpful because it allows thecommittee to confirm itsunderstanding of:

• The risks requiring its attention

• Management’s response toaddress and mitigate those risks

• The external auditors’ approachto the risks.

Scope of audit work

Based on an understanding of thecompany and the risks related tothe financial statements, theexternal auditors prepare a detailedaudit plan. The audit committee’sreview of the proposed audit planand approach enables it to obtainan understanding of what it canexpect from the external audit.Questions the audit committeemight ask the external auditorsabout the plan include:

• What are the objectives of youraudit?

• What are the company’s financialreporting requirements and whatis your expected timetable formeeting them?

• Which risk areas do you plan toemphasise in your audit? Why?

• To what extent will you assessthe company’s system of internalcontrols?

• How will any recent actions bythe company, such as mergersand acquisitions, restructurings,changes of business strategy, and changes in financingarrangements, affect your audit?

• Do you plan to rely to any extenton the work of the internalauditors?

• Which company locations willyou visit this year? How do youdetermine which locations to visitand when?

• Which subsidiaries will youaudit? What steps do you takefor those not audited?

• If other auditing firms areinvolved, how will you satisfyyourself that their work isacceptable and that they areindependent? Do you intend torefer to them in your report?

The committee should ask theexternal auditors to inform it of anymajor unresolved problemsencountered during the audit, or ofany restrictions senior managementimpose on the scope of the audit.



FinancialreportingNormally, the audit committee,management, and the externalauditors meet to review thefinancial statements and the resultsof the audit. (A suggested list ofquestions the committee might askabout the financial statements isincluded on pages 31 and 32.)

In some countries, external auditorsdiscuss with the audit committeetheir judgements about the quality,not just the acceptability, of thecompany’s financial accountingprinciples. The discussion couldinclude such issues as thetransparency of the company’sfinancial disclosures, and thedegree of aggressiveness orconservatism of the company’saccounting policies and underlyingestimates.

The intention is to encourage openand frank dialogue between thecommittee and external auditors.This should be considered goodpractice and a basis for all suchdiscussions.



‘Alongside the financialstatements submitted forreview, the audit committeeshould be provided with areport from the statutoryauditors setting out keypoints, not only of results,but also of the accountingoptions that were selected’Bouton Report (France), September 2002

GovernancemattersThere should be a continuousdialogue between the auditcommittee and the externalauditors. The committee evaluatesand comments on the overalleffectiveness of the external auditprocess. At the same time, thecommittee should seek views fromthe auditors on the company’ssystems of governance andcontrols.

Arising from the financial statementaudit, the external auditors oftendevelop suggestions forimprovements to the business’operations and internal controls.The committee should askmanagement to report on anysignificant suggestions receivedand on plans to respond to them.The audit committee should alsoquestion whether recommendationsmade in the prior year wereimplemented.

The auditors may also have viewsabout the company’s governancestructure and processes. Goodpractice is for the committee toinvite the external auditors tocomment on:

• The manner in which thecommittee has operated andresponded to significant issues

• The composition and range ofcommittee and board memberexperience

• Company and boardresponsiveness torecommendations and requests

• The effectiveness of governanceprocesses from the auditors’perspective.




" Review the qualification, performance and compensation of the auditors and make recommendations to theboard for the appointment of the external auditors

" Consider the independence of the external auditors

" Review the proposed audit plan and scope of work

" Consider the findings from the financial statements audit andensure management responds to the findings

" Seek auditors’ views on the effectiveness of the company’sgovernance process.

What you should expect from your auditors

The auditors will normally preparereports for the audit committee inrelation to the annual audit offinancial statements. These may bedelivered at different times of theyear, as the work progresses. Thereports may take different forms – awritten report covering all relevantmatters; a series of papers to bediscussed in a meeting; apresentation; or an oral report.The content of the reports willvary, depending on circumstances.The following list of matters onwhich the auditors would ordinarilyreport is taken from InternationalStandard on Auditing (ISA) 260,Communications of Audit Matterswith Those Charged withGovernance.

• The general approach and overallscope of the audit, including anyexpected limitations thereon, orany additional requirements

• The selection of, or changes in,significant accounting policiesand practices that have, or couldhave, a material effect on theentity’s financial statements

• The potential effect on thefinancial statements of anysignificant risks and exposures,such as pending litigation, thatare required to be disclosed inthe financial statements

• Audit adjustments, whether ornot recorded by the entity, thathave, or could have, a significanteffect on the entity’s financialstatements

• Material uncertainties related toevents and conditions that maycast significant doubt on theentity’s ability to continue as agoing concern

• Disagreements with managementabout matters that, individually orin aggregate, could be significantto the entity’s financial statementsor the auditors’ report. Thesecommunications includeconsideration of whether thematter has, or has not, beenresolved, and the significance ofthe matter

• Expected modifications to theauditors’ report

• Other matters warrantingattention by those charged withgovernance, such as materialweaknesses in internal control,questions regarding managementintegrity, and fraud involvingmanagement

• Any other matters agreed on inthe terms of the auditengagement.

The auditors may also reportformally to the committee on anumber of other matters, forexample where required to do soby local law or regulation.



Internal auditorsA PricewaterhouseCoopers surveyof large European companies foundthat 88% had an internal auditfunction and, in most of thesecases, audit committees reviewedand approved the scope of workand activities of the internalauditors.

The internal audit function assiststhe audit committee in meeting itsresponsibilities, particularly in theareas of internal control, fraud andinternal investigations. To beeffective, an internal auditdepartment needs to have thesupport of both management andthe board. It should always havean open line of communicationwith, and unrestricted access to,the audit committee.

If a company does not have aninternal audit function ordepartment, the audit committeeshould consider, in conjunctionwith the board or seniormanagement, whether such adepartment would benefit thecompany.

The director of internal audit mayattend audit committee meetingsby invitation and should meetprivately with the committee atleast once each year.

Activities and organisationalstructure

The audit committee needs a clearunderstanding of the internal auditactivities, functions andorganisational structure. To gainthis understanding, informationshould be gathered from varioussources, including:

• The department’s charter,organisation chart, and internalaudit plan (which should includean assessment of theorganisation’s risk profile)

• Reports on internal auditactivities for the period, whichinclude lists of projectscompleted, projects in progressand internal audit findings

• A description of the process forensuring that management takesappropriate corrective action onsuggestions made in internalaudit reports

• Information on the department’scurrent resources

• Plans for recruiting and trainingpersonnel.

Abilities and resources of theinternal audit function

The audit committee should focusattention on the abilities of theinternal audit staff and theadequacy of the resourcing of thedepartment. The committee canenhance the quality of the internalaudit department by determiningwhether the internal auditors:

• Have maintained their objectivity

• Are adequately trained – thecompany should provide asupportive atmosphere whereinternal auditors can receivecontinuing professionaleducation

• Keep up with current issues andtechnology – for example, wherea company has significantcomputerised operations or isheavily dependent on electroniccommerce, internal auditorsshould have the skills required tounderstand the internal controlimplications



‘The chief auditing officer should be reporting directly to aprivate audit committee to ensuretransparency of the company’smanagement’Anand Panyarachun, former Thai Prime Minister,

November 2002


" Review the activities, resources and organisational structure of the internal audit function

" Consider the findings and recommendations of the internalauditors, and whether management responds to the findings

" Review the effectiveness of the internal audit function.

• Have appropriate qualifications,both in terms of professionaltraining and practical experience.The company should encourageinternal auditors to becomemembers of professionalassociations, and to seekprofessional certification whereappropriate

• Are appropriately funded withinthe organisation.

The committee should consider theadequacy of the size and skill-set ofthe internal audit department in thelight of the business environment inwhich the company operates.Important attributes could includecomputer and systems experience,treasury experience, and foreignlanguage skills, if appropriate.

The audit committee should alsotake responsibility for reviewing orconcurring with the appointment,replacement, or dismissal of thedirector of internal audit.

Internal audit effectiveness

The audit committee shouldevaluate whether the company isfully utilising internal audit skillsand providing necessary support.Some questions to ask include:

• Is the internal audit mandateappropriate? Has it kept pacewith the company’s activities andinformation and control systems?

• Does internal audit haveadequate resources, both in termsof skills and funding?

• Would the function be betterresourced and delivered if it wasoutsourced to an externalsupplier?

• How is the internal auditprogramme determined?

• Does internal audit investigateareas significant to the keyoperational and financial risksfaced by the business?

• Does the company act onrecommendations from internalaudit and monitor the changesmade?

• Do the internal auditors have aneffective working relationshipwith the external auditors, andwith company personnelinvolved in risk managementprocesses?

Outsourcing is becoming apopular option for manycompanies. It provides access to awider range of skills, which small,traditional internal audit

departments may lack, and canprovide a solution to the difficultiesfaced by companies of all sizes inretaining, for example, specialist ITand treasury auditors. Anotheradvantage for some companies isthat it can enhance theindependence of internal auditfrom operational management.

A more radical approach toevaluation is to commission abenchmarking exercise. Thisinvolves an independent review ofthe internal audit department’sactivities, which is used as the basisfor benchmarking its activitiesagainst comparative internal auditdepartments. Such reviews canimprove the effectiveness of theinternal audit department byidentifying actions necessary toensure that future needs are met.



Communicating and reporting

Effective oversight of thefinancial reporting processrequires the committee to havesignificant interaction withmanagement, ask difficultquestions, and obtainreasonable answers.

The committee also has a dutyto report on its activities to themain board.

Working withmanagementTo be able to contributeconstructively to the business,committee members must have agood understanding of thecompany’s operations. Regular andmeaningful dialogue withmanagement will contribute towardmaintaining this understanding.Matters on which the auditcommittee might obtain regularbriefings from managementinclude:

• Management’s assessment of thebusiness risks the company isfacing and its planned responseto those risks

• Current issues affecting thecompany’s industry (for exampleregulatory issues or informationabout the competitiveenvironment)

• The effect new tax laws or otherregulations may have on thecompany

• The legal environment, includingthe status of any pending lawsuitsor administrative proceedings,and the status of product andenvironmental liability andwarranty reserves

• Treasury activities, including cashmanagement, hedging, foreigncurrency transactions, and use ofnew or unusual financialinstruments

• The company’s foreignoperations, including locations,and local controls over financialreporting

• Employee compensation policies,procedures for reviewing officers’expenses and benefits, andcontrols over agreements withtemporary and contract staff

• Insurance cover for directors andsenior officers.

Improved decision-making

Our experience from talking tocompanies about their auditcommittees is that most considerthe committee does help toenhance the quality of financialand management informationsupplied to the board. This should,in turn, lead to improved decision-making in the company.

For some, particularly smaller,listed companies, there is a concernthat the audit committee adds tothe demands placed onmanagement resources, andtherefore costs. Indeed a few worrythat audit committees could add anunnecessary tier to themanagement structure, or createunwanted and additionalbureaucracy.

We believe there should beflexibility about how requirementsfor the composition of auditcommittees are applied in smallcompanies. It may be acceptableto have non-executives oncommittees who are not completelyindependent, provided this is madetransparent to shareholders. But wedo not consider that smaller listedcompanies should be excused fromthe requirement to have acommittee. New fast-growingcompanies are often in greater needof the experience and advice thatan audit committee can offer thanare much larger, more maturebusinesses. Younger companiestend to have less sophisticated riskmanagement systems, less robustinternal controls, and moreaggressive accounting policies.

It is generally accepted that thecommercial advantages of a wellset-up audit committee outweighany cost or management resourceconsiderations.



ReportingresponsibilitiesAudit committees – operating underdelegated authority – have a duty toreport their activities to the mainboard. In some countries,committees also have a formalobligation to report to theshareholders.

The board of directors

The formality, detail, and frequencyof audit committee reports to theboard vary. For example, the boardmay ask the audit committee toundertake and report to it on awider review of internal control.The reports should, however,contain an overall summary ofcommittee activities for the periodand a series of recommendations.A report in written form ispreferable.

The audit committee should use itscharter as a guide when preparing areport. If the audit committeeintends to make any suggestionsrequiring substantive action by theboard, it should ensure that boardmembers have adequate time toconsider the proposals and takeappropriate action.

Shareholders

An increasing number of countriesrequire the audit committee toreport on behalf of the board toshareholders, for example byhaving the chairman of thecommittee report at the annualgeneral meeting, or by including awritten summary of activities in theannual report. In the USA, a letterfrom the audit committee must beincluded in the annual report orproxy statement. The EuropeanUnion has proposed that listedcompanies include a corporategovernance statement in theirannual reports to shareholders.

Good practice is to include in theannual report information on thecommittee’s organisation andmembership, its charter andresponsibilities, and its principalactivities during the year. Asuggested list of contents is

provided on the next page. Thisinformation may be included aspart of a wider section in theannual report dealing with thecompany’s governancearrangements.

Opening channels ofcommunication to shareholdersunderlines the growing belief thataudit committees should play amore active role in encouraginggreater transparency in financialinformation reported to the market.



‘Greater transparency aboutthe workings of the auditcommittee will give greaterconfidence to shareholdersand other users of accounts’UK Institute of Chartered Accountants deputy president,

April 2002

Outline report on activities of the audit committee inthe company’s annual report to shareholders

Set out below is an illustrative listof suggested contents.

Organisation and role of the auditcommittee

1. Composition of the auditcommittee

– Members and secretary –names and appointment (shortbiographical details may beincluded)

– Confirmation that themembers of the committeemet the definition ofindependence as required (bythe SEC or other nationalregulation)

– Appointment process

– Relevant qualifications,expertise and experience ofeach member.

2. Role of the audit committee

– Main responsibilities of theaudit committee

– The audit committee’s charter(a copy may be included),and any changes made to it.

3. Resources

– Any dedicated resourcesavailable to the committee,internal or bought-in.

4. Remuneration of auditcommittee members

– Remuneration policies inrelation to the members of thecommittee (or cross-refer tothe directors’ remunerationreport, if any).

Principal activities of thecommittee during the year

5. Meetings

– Number of meetings, andattendance

– Agenda covered by themeetings.

6. Financial reports

– Description of activitiescarried out to monitor theintegrity of the financialreports

– Confirmation that thecommittee reviewed anddiscussed with managementand the external auditor thefinancial statements andsupporting managementcommentary

– Confirmation that thecommittee discussed withthe external auditor anyother matters required to bediscussed by relevant law orregulation

– The committee’srecommendation to theboard of directors onwhether the board shouldapprove the audited financialstatements.

7. Risk management and internalcontrol

– Description of thecommittee’s review of thecompany’s systems of riskmanagement and internalcontrol, as they affectfinancial reporting.

8. External auditors

– Procedures adopted to reviewthe independence of theexternal auditors, includingany policies on the provisionof audit and non-auditservices

– Confirmation that thecommittee received from theexternal auditors a writtendisclosure of the auditor’sindependence, if applicable,and discussed with theauditors their independencefrom the company andmanagement

– Description of thecommittee’s oversight of theexternal audit process, andconfirmation that the externalauditors’ performance wasreviewed

– The committee’srecommendation to the boardon the appointment of theauditors and, if applicable,the process adopted to selectnew auditors.

9. Internal audit function

– Any reviews carried out of theplans and work of thedepartment. If there is nointernal audit function, anexplanation of thecommittee’s consideration ofwhether such a function isneeded

– Description of thecommittee’s oversight of theinternal audit function andwhether any review of itsperformance was performed.



Maintaining and measuringeffectiveness

Maintaining the quality of theaudit committee’sdeliberations, and effectiveoversight of financial matters,requires the committee todirect continuous attention to:

• Understanding business issues

• Communicating regularly withmanagement and the auditors

• The ongoing training needs ofcommittee members

• Evaluating its own performance.

The requirements to obtain a goodunderstanding of business issues,and to communicate and work withmanagement and auditors, weredealt with in earlier sections of thisbooklet. This section focuses onthe areas of training and assessingperformance.

Training needsAudit committee members shouldmaintain their knowledge and skillson a regular basis. Additionaltraining should be given on joiningthe committee. Subjects forcontinuing training that may beappropriate include:

• Financial and risk management

• Treasury operations and controls

• Accounting and corporatereporting developments

• Regulatory requirementsapplicable to the company,including company law

• Developments in wider businesssector trends, public policy andcorporate governance.

Unless such matters are alreadyaddressed by management, theexternal auditors should provideguidance on developments inaccounting and auditing. Otherrequirements could be met byattendance at external courses andseminars.

Comments we have received frombusiness executives indicate thatthe areas of financial riskmanagement (especially treasuryoperations and the potential impactof complex financial instruments)and changes in accountingstandards (particularly when manyor all standards change at the sametime) are two areas whereinformation and training may beparticularly valuable.

Maintaining and measuring effectiveness


‘Audit committees shall be aware that themaintenance of professional competence requiresa continuing reasonable awareness ofdevelopments and best practice in accounting,auditing and internal control, including relevantnational and international pronouncements’European Investment Bank, February 2002

EvaluatingperformanceRecent pronouncements oncorporate governance haveemphasised the need for boardsand board committees to be able todemonstrate a high level ofprofessionalism. This is reflectednot only in recommendations formore training, but also forevaluating performance on aregular basis.

Evaluation can take place at thelevel of reviewing the performanceof individual committee members,and assessing the effectiveness ofthe committee as a whole.

Reviews of performance could takeplace on the basis of self-assessment or by some means ofindependent or facilitated review.In the case of a review of thecommittee as a whole, an exercisesupervised by an outside facilitatoris likely to be most beneficial. Theviews of the external auditors canbe helpful to the committee inassessing its own performance.

Any process for evaluatingperformance will not be successfulunless an action plan isimplemented to respond to areasidentified for improvement.

Individual members

The chairman of the auditcommittee or the board shouldperiodically review theperformance of each auditcommittee member. Considerationshould be given to an individual’s:

• Business knowledge

• Specific areas of expertise

• Objectivity and independence

• Understanding of the duties andresponsibilities of the committee

• Willingness to devote time topreparing for meetings

• Attendance at meetings.

Collective performance – doesyour committee measure up?

To assess its effectiveness, thecommittee should periodically (forexample, annually) review what ithas accomplished and whether ithas fulfilled its responsibilities.One way a committee can assessitself is by evaluating its activitiesagainst its charter. The results ofthe evaluation should be discussedwith the board. Among the topicsto consider are the composition ofthe committee, conduct ofmeetings, activities, andrelationships with auditors andmanagement.

Audit committees should also takeadvantage of opportunities tobenchmark their organisationalprocedures and activities withcommittees in similar companies.Conferences and seminars provideopportunities to network and learnfrom the experience of others.

Useful guidance is available on howto evaluate the audit committee’sactivities. The following pagesprovide a suggested audit committeework programme and self-assessment guide. A similar guide inalso included in our report for theUS Institute of Internal AuditorsResearch Foundation, entitledImproving Audit CommitteePerformance: What Works Best, 2ndedition.



This guide can be used by auditcommittees, periodically, todetermine how effectively they aremeeting their responsibilities. Itreiterates the good practice featuresdiscussed in this publication, andindicates who should be involvedin each step.

It also contains a work plan whichcan be completed each year.Cross-references are provided tothe relevant part of the ExampleAudit Committee Charterpresented on pages 13 to 16.

To use the guide, indicatewhether the practices in each ofthe following areas are currentlybeing followed (yes or no). Alsolist suggested follow-up steps, if any.

Audit committee work programme and self-assessment guide:Does your committee measure up?



Authority

Obtained board authority to performactivities within its terms of reference.

Has unrestricted access to membersof management, employees andrelevant information.

Has authority to establish proceduresto deal with concerns of employeesand complaints received by thecompany regarding accounting,internal control and auditing matters.

Received board authority to beresponsible for appointment,compensation, retention andoversight of the work of the externalauditor as well as approval of non-audit services.

Organisation – membership

The board periodically reviews themix of experience and skills ofcommittee members to maintain anappropriate balance.

Committee members are appointedby the board or a nominatingcommittee of the board.

The size of the committee isappropriate to the organisation.

[The majority of ] [All] committeemembers are independent ofmanagement according to theregulatory / stock exchangedefinition and requirements.

2.1

2.4

2.5,2.6

2.7,2.8

-

3.1

3.2

3.2

Board

Management

Board

Board/ chairman of committee

Board

Board

Board

Ref to

charterPractice

Is practice being followed?

Yes/No/NA Follow-up steps necessary

Alsoinvolved



The experience and qualifications ofcommittee members are compatiblewith the duties of the committee,including the ability to understandfinancial statements.At least one of the members hasaccounting or related financialexpertise.

Members serve an appropriate termof office.

Organisation – meetings

Only committee members areentitled to attend meetings. Seniormanagement and external andinternal auditors are invited to attendmeetings as necessary.

The committee meets regularly, withspecial meetings called ascircumstances warrant. (At least 3 or4 meetings each year are desirable.)

Meeting agendas and supportingpapers are prepared and distributedsufficiently far in advance to enablecommittee members to prepare formeetings.

Minutes of meetings are circulated on atimely basis to members of the board,audit committee, (and external andinternal auditors where appropriate).

The chairman or another member ofthe committee attends the boardmeeting at which the financialstatements are approved.

Members of the committee attendevery meeting.

The committee meets with in-houselegal counsel on a regular basis.

New committee members areprovided with sufficient backgroundinformation and training to meet theirresponsibilities effectively.

The committee has adequate resourcesto discharge its responsibilities.

3.4,3.5

3.6

3.8, 3.9

3.10, 3.11

3.12

3.13

3.14

3.15

3.16

-

-

Board/chairman of committee

Board

Committee secretary

Committee secretary

Board/ chairman of committee

Legal counsel

Chairman of committee/ committee secretary

Chairman of committee

Ref to

charterPractice



Alsoinvolved



Internal Control

Evaluate the ‘control culture’established by management.

Understand the control systemsimplemented by management forapproval of transactions, recordingof data, and compliance of thefinancial statements with relevantstandards and requirements.

Consider whether internal controlrecommendations made byexternal and internal auditors havebeen implemented bymanagement.

Consider how management hasreviewed the adequacy of controlssurrounding electronic dataprocessing and computer security.

Financial reporting

Review the areas of greatestfinancial risk and howmanagement is dealing with them.

Review significant accounting andreporting issues and understandtheir likely impact on the financialstatements.

Oversee the periodic financialreporting process and review theinterim financial statements,annual financial statements andpreliminary announcements priorto their release.

Review management process forensuring information contained inanalyst briefings and pressannouncements is consistent withpublished financial information.

Meet with management andexternal auditors to review thefinancial statements and results ofthe audit.

4.1

4.2, 4.3

4.4

4.5

4.6

4.7

4.8

4.9

4.10

Management

Management

Management/IT department

Management/ treasury

Management/ external auditors

Management

Management/externalauditors

Ref to

charterPractice



Alsoinvolved

The following part of the guide can be used as an annual work plan



Ensure that significant adjustments,unadjusted differences,disagreements with managementand critical accounting policieshave been discussed with externalauditor.

Consider whether the narrativeinformation included in the othersections of the annual report isunderstandable and consistent withthe information in the financialstatements.

Read the representation lettersgiven by management to theexternal auditors and consider anyspecific representations therein.

Compliance with laws &regulations

Review management’s proceduresfor monitoring the company’scompliance with laws andregulations.

Review updates from managementand legal counsel regardingcompliance matters that may affectthe financial statements.

Review the findings of anyexaminations by regulatoryagencies.

External audit

Review the qualification,performance and compensation ofthe auditors and makerecommendations on appointmentto the board.

Consider the independence of theexternal auditor, and any conflictsof interest that may arise.

Review the external auditors’proposed audit scope andapproach. Enquire into reasons forsubsequent changes to the auditplan.

4.11

4.12

-

4.13

4.14

4.16

4.17, 4.19

4.18

4.20

Externalauditors

Management/externalauditors

External auditors

Management

Management/ legal counsel

External auditors

External auditors

External auditors

Ref to

charterPractice



Alsoinvolved



Discuss any audit problems,including restrictions on the scopeof the audit or denials of access torequested information.

Review reports made by theexternal auditors to management,and ensure that managementresponds to these findings.

Meet privately with the externalauditor on a regular basis.

Review policies for the approval ofnon-audit services and makerecommendations.

Enquire as to any planned relianceon the work of internal audit by theexternal auditor.

Enquire as to the extent to whichaudit and accounting firms otherthan the principal auditors are used,and understand the rationale forusing them.

Internal audit

Review the activities and structureof internal audit and approve theinternal audit charter.

Review and concur in theappointment, replacement ordismissal of the head of internalaudit.

Meet privately with the head ofinternal audit on a regular basis.

Review significant findings resultingfrom internal audit and ensure thatmanagement responds on a timelybasis.

Review the internal audit plan withthe director of internal audit,particularly with regard to theinvolvement in control systems andthe financial reporting process.

Review the staffing, training andbudget of the internal audit function.

4.21

4.22

4.24

4.25

-

-

4.27

4.28

4.30

4.31

4.32

-

External auditors

External auditors/

management

External auditors

External auditors

External auditors/

internal audit

Management

Internal audit

Management

Internal audit

Internal audit/ management

Internal audit

Internal audit/ management

Ref to

charterPractice



Alsoinvolved



The committee’s own reportingresponsibilities

Report committee activities to theboard regularly.

Ensure that any reports oncommittee activities required bylaw and listing rules have beenprepared.

Evaluating performance

Periodically assess the performanceof individual members and of thecommittee as a whole.

Assess the achievement of theduties specified in the charter andreport to the board.

Charter

Review the committee charterannually and discuss any proposedchanges with the board.

Ensure the charter is approved/reapproved by the board.

4.33, 4.34

4.35

4.36

4.37

4.38

4.39

Board

Chairman of committee

Board

Board

Board

Ref to

charterPractice



Alsoinvolved

Appendix

Audit Committees: mandatory or voluntary requirementsin 41 major countries

Argentina

Under new regulations (Decree677/01) audit committees will bemandatory for some listedcompanies. The regulations set outthe duties of audit committees andrequire that the audit committeeshould have a majority ofindependent non-executivedirectors. The regulations cameinto force in March 2002, andrequire companies to establishaudit committees no later than 28 May 2004.

Australia

Audit committees will becompulsory for the ASX AllOrdinaries Index, which equates tothe top 500 companies on theAustralian Stock Exchange (ASX),for the first financial yearcommencing after 1 January 2003.The structure, role and operation ofcommittees must comply with thebest practice recommendationsdetermined by the ASX CorporateGovernance Council. The Councilalso provides best practiceguidance for other listedcompanies to set up an auditcommittee. Listed companies willbe required to explain in theannual report any areas ofdeparture from the best practicerecommendations, and includereasons for the departure.

The best practice guidancerecommends that the auditcommittee should have at leastthree members, all of whom shouldbe non-executive directors – the

majority should be independentand the chairman should beindependent, and not the chairmanof the board.

Austria

Audit committees are not arequirement for listed companies.Austrian company law requires thatmeetings of a committee of thesupervisory board (thebilanzausschuss) be held to dealwith financial reporting matters.All members of the supervisoryboard have to be independent non-executive directors.

Companies may optionallyestablish audit committees inaccordance with the voluntaryAustrian Corporate GovernanceCode.

Belgium

There is no requirement for listedcompanies to have auditcommittees. Non-mandatoryrecommendations have been issuedby the Brussels Stock Exchange,drawn up by the BelgianCommission on corporategovernance, on how auditcommittees should conduct theiractivities. Under therecommendations, membership ofthe committee should be confinedto non-executive directors, with amajority of independent directors.

A new Corporate Governance Lawhas been enacted, that permitscompanies to establish auditcommittees of their boards of

directors. Where a committee isestablished, its roles andresponsibilities should be formallydefined in the company’s statutes.

Brazil

Although audit committees are notrequired, Brazilian corporate lawrequires all public companies toestablish a conselho fiscal. Thiscommittee is appointed by theshareholders to evaluate the actionsof the board of directors, review thecompany’s financial statements andannual report, and to consideraction to be taken in the event ofany instances of fraud or error.

In September 2002 the BrazilianInstitute of Corporate Governance(IBGC) issued its revised Code ofCorporate Governance BestPractices, which recommends thataudit committees be established forall companies. Adoption of thecode is voluntary. It does notinclude detailed guidelines on auditcommittee duties, composition orreporting.

Canada

By law, Canadian publiccompanies are generally requiredto have an audit committee of atleast three members, the majority ofwhom must be independent. Boththe Toronto and Montreal stockexchanges have issued rulesrequiring listed companies to give a‘statement of corporate governancepractices’ in their annual reports orinformation circulars. Thestatement should normally include

Appendix – Audit Committees: detailed requirements in 41 major countries


discussion of the board sub-committees, including the auditcommittee, their mandates and theiractivities.

The Ontario Securities Commissionis expected to release rules in 2003for the role and composition ofaudit committees. These rules areexpected to resemble rules of theAmerican stock exchanges and theprovisions of the Sarbanes-OxleyAct 2002.

Chile

Audit committees are only requiredfor banks, in accordance with theChilean Banking Law and thespecific regulations established bythe Chilean Superintendence ofBanks.

They are not required for otherlisted companies. However, thelaw requires large listed companiesto establish a special Directors’Committee, with the power toreview financial statements prior topublication, examine reports fromthe external auditors, considerrelated party transactions, and toreview the remuneration policy forexecutive management. Theprincipal purpose of the Directors’Committee is to safeguard minorityinterests, and it does not in practicedischarge the responsibilities of atypical audit committee.

China

Chinese companies have a two-tierboard structure comprising asupervisory board and amanagement board. In accordancewith recent requirements of theChina Securities RegulatoryCommission (CSRC), themanagement board must contain a

number of independent directors,and Chinese companies may alsooptionally appoint an auditcommittee.

If an audit committee is established,the majority of the committeemembers must be independentdirectors. One of the independentdirectors of the committee must bean accounting professional. Theprincipal responsibilities of theaudit committee includerecommending the appointment ordismissal of the external auditor,supervision of the internal auditfunction and reviewing financialinformation and disclosures.

Czech Republic

The Corporate Governance Code,approved in 2001, recommendsthat listed companies set up anaudit committee. The code is notmandatory. The Czech Securitiesand Exchange Commission stronglyencourages all companies listed onthe Prague Stock Exchange to adoptthe Code and to include astatement of compliance in theirannual reports. The Coderecommends that audit committeesshould include between three andfive members, the majority or all ofwhom are independent.

Denmark

Audit committees are not arequirement for listed companies.Supervisory boards have legally-defined oversight responsibilities forfinancial matters, and some listedcompanies have set up auditcommittees drawn from membersof the supervisory board. For thoseaudit committees established‘voluntarily’, there is no tradition ofpublic reporting on their activities.

A special committee of theCopenhagen Stock Exchange hasbeen set up to discuss corporategovernance matters – and furtherpronouncements on auditcommittees are expected in thenext year.

Finland

There is no legal requirement forcompanies to establish auditcommittees. Some Finnishcompanies have two-tier boardstructures and the supervisoryboard has oversight responsibilitiesunder law for financial matters.However, more large companiesare setting up audit committees ona voluntary basis. There are nogeneral guidelines regardingmembership or independence ofthe audit committee. The HelsinkiStock Exchange does not requirelisted companies to have an auditcommittee, but in the event thatthey do so, prefers that suchcommittees are composed ofindependent members. Auditcommittees customarily report tothe board, while the supervisoryboard reports to the shareholders.

France

A series of corporate governancereports in France has recommendedthe voluntary adoption of auditcommittees. The Viénot reports of1995 and 1999, and most recentlythe Rapport Bouton of September2002, state that each companyboard should set up an auditcommittee with a proportion ofindependent members. The BoutonReport recommends that at leasttwo-thirds of the audit committeemembers should be independentboard directors and that noexecutive officer be part of its



membership. It also recommendsthat members have appropriatefinancial expertise.

Currently, these recommendationsare voluntary and have not beenformalised by incorporation into thelaw or the Paris Bourse (EuroNextParis) listing rules. However,companies are recommended by thestock exchange regulator, theCommission des Opérations deBourse (COB), to state in theirannual report the status ofimplementation of therecommendations and, in the caseof non-compliance, why they havenot implemented them.

Germany

The Stock Corporation Act inGermany requires public companiesto implement a two-tier boardsystem. As a result of the 1998Corporate Control and TransparencyAct (KonTraG), the supervisoryboard (Aufsichtsrat) is responsiblefor the appointment of externalauditors and for establishingcommittees of the board for specificpurposes, such as forming an auditcommittee.

A government commissionappointed by the Ministry of Justiceadopted the German CorporateGovernance Code (Kodex) inFebruary 2002. Subsequently theTransparency and Disclosure Act(TransPuG) was passed in July 2002,requiring companies by law to givean annual statement of complianceor non-compliance with the code intheir reports.

The code recommends theestablishment of audit committees,comprising members of thesupervisory board, to deal with

issues of accounting, auditing(engagement, independence,significant audit matters and auditfees) and risk management. Thechairman of the audit committeeshould not be a former member ofthe company’s management board.The audit committee should reportto the supervisory board.

Greece

There is no requirement for listedcompanies in Greece to have auditcommittees. New corporategovernance legislation enacted inNovember 2002 requires thepresence of independent directorson the board, but there is no specificprovision for audit committees.

The Capital Market Commissionissued good practice Principles onCorporate Governance in Greece forlisted companies in 1999 thatencourage formation of auditcommittees. The principles statethat audit committees should haveclear terms of reference from theboard, and should be made up of atleast three non-executive directors.

Hong Kong

The Stock Exchange of Hong Kongoperates two markets: the MainBoard (MB); and the GrowthEnterprise Market (GEM). Auditcommittees are not currently amandatory requirement forcompanies listed on the MB, but area requirement for GEM issuers.GEM audit committees need to becomprised of a majority ofindependent non-executives (or allindependent directors if there areonly two members.) For MB issuers,a Code of Best Practice onCorporate Governance issued by thestock exchange recommends the

establishment of an audit committeeand requires listed companies todisclose compliance or non-compliance in their interim andannual accounts with the code.

In January 2002, the Hong KongStock Exchange decided to amendthe MB rules to make auditcommittees compulsory. Theproposed rule requires thecommittee to comprise at least threenon-executive directors with amajority (including the chairman)being independent non-executivedirectors. At least one committeemember should have an appropriatequalification or experience infinancial reporting. Issuers shouldalso disclose information relating totheir audit committees in theirannual reports. These proposals areintended to be implemented in 2003.

Hungary

There is no code or listing rulerequiring listed companies toestablish audit committees. Underthe Company Law (CXLIV/1997),public limited companies shouldestablish a supervisory board, to beresponsible for the supervision ofmanagement, it has the right toexamine the books and records ofthe company. The supervisoryboard is required to submit a writtenopinion on the financial statementsto the general meeting.

India

In February 2000, the Security andExchange Board of India (SEBI)added a new Clause 49 to its listingrules requiring listed companies tohave audit committees comprisingthree or more non-executiveindependent directors, at least oneof whom should have financial and



accounting knowledge. The SEBIrules also provide guidance on theconstitution, roles andresponsibilities and frequency ofmeetings for audit committees.

The Companies Bill 2003, which isawaiting enactment, proposes thatevery public company with a paid-up capital of 50 million rupeesshould establish an audit committeeof the board. The audit committeeshould consist of no fewer than twoindependent directors.

Indonesia

Audit committees are mandatoryunder the listing rules of the JakartaStock Exchange, and for large orstrategically important state-ownedenterprises. In addition, theIndonesian Code for CorporateGovernance recommends that allcompanies should have auditcommittees. Indonesia has a two-tier board system comprising aboard of directors and a board ofcommissioners. The board ofcommissioners has the responsibilityto establish the audit committee.For listed companies, the auditcommittee must comprise oneindependent commissioner (aschairman of the committee) and atleast two other external members.

The audit committee reports directlyto the board of commissioners. Areport of the activities of the auditcommittee should also be includedin the annual report.

Ireland

The Listing Rules of the Irish StockExchange currently require Irishlisted companies to follow the sameCombined Code requirements as UKlisted companies. These require

companies to include a ‘comply orexplain’ statement of compliance ornon-compliance with the code,including the recommendation toestablish an audit committee.

A proposed new Companies Billwas published in early 2003. Underits provisions, each public limitedcompany would be required toestablish an audit committeecomposed wholly of independentnon-executive directors. Each largeprivate company would also berequired either to establish an auditcommittee, or to explain in itsannual report why it had not.

Italy

The Italian Stock Exchangerecommends that companies set upa board committee for internalcontrols (similar to an auditcommittee). The majority of the‘internal controls committee’ iscomposed of independent directorswhose duties include review of thescope of work of the external andinternal auditors and reporting todirectors on the adequacy of theinternal control system.

The Italian corporate governancestructure also provides for theposition of sindaci or ‘statutoryauditor’ in most companies. Thisindividual performs certain legally-prescribed oversight and corporatesecretarial responsibilities.

Under new legislation (the ‘Viettilaw’) put forward by thegovernment, companies will in thefuture have the option of pursuingone of three corporate structures:a unitary board plus boardcommittees such as an auditcommittee; a two-tier boardstructure of management and

supervisory boards; and thetraditional structure of directorsplus sindaci.

Japan

The Japanese Commercial Codewas amended in 2002, with effectfrom 1 April 2003, to allow largecorporations the voluntary optionof establishing audit committees.Companies that do not take up thisoption must continue with thepractice of appointing a ‘statutoryauditor’ in addition to the board ofdirectors. The role of the statutoryauditor is to monitor the behaviourand activity of the directors. Largecorporations (having capital of JPY500 million or more or liabilities ofJPY 20 billion or more) must have aboard of at least three statutoryauditors, one of whom must beindependent.

Companies opting to adopt the newcode provision must establish anaudit committee, and dissolve theboard of statutory auditors. Theaudit committee is elected by theboard of directors, and must consistof at least three directors, a majorityof whom should be independent.The audit committee monitors theperformance of directors andmanagement, and has the authorityto propose the appointment ordismissal of the external auditor tothe shareholder’s meeting.

Korea

Under the Commercial Code ofKorea, audit committees can beestablished voluntarily byresolution of the board of directors.However, under the Securities andExchange Act article 191-7, listedcompanies in KOSDAQ (whosetotal assets exceed 2 trillion Korean



won) should set up an auditcommittee. The act specifies thatthe audit committee shouldcomprise at least three directors,two-thirds of whom should beindependent non-executives.

Further guidance on how thecommittee should operate isincluded in the Securities andExchange Act. The CommercialCode further specifies that the auditcommittee should maintain recordsof its activities and, if significant,should report them at shareholdermeetings.

Luxembourg

Audit committees are not arequirement for listed companies.Luxembourg commercial law doesnot recognise the audit committeeas a separate body within thecompany.

However, the banking supervisorhas issued a circular (98/143) thatencourages the establishment of an‘audit committee’ in banks. Theaudit committee is composed of atleast three members of the board ofdirectors who are not involved inmanaging the business. The auditcommittee deals principally withinternal audit matters – externaland internal auditors mayparticipate in the meetings.

Malaysia

The Kuala Lumpur Stock Exchange(KLSE) has required listedcompanies to have auditcommittees since 1993. The listingrules were revised in 2001 and nowrequire audit committees to have atleast three members, a majority ofwhom must be independentdirectors. The chairman of the

audit committee must be anindependent director and at leastone member of the committeeshould have an accounting orfinancial background. Companiesare required to include in theirannual reports a narrative statementof how they have applied theprinciples set out in the MalaysianCode on Corporate Governance,and a statement of compliance ornon-compliance with the bestpractices outlined in the code.Reasons should be given for anynon-compliance.

The KLSE listing requirements alsostate that company annual reportsmust include a report by the auditcommittee, disclosing: committeecomposition; terms of reference;number of meetings held in theyear; summary of activities and anexplanation of the mechanisms(including internal audit) thatenable the committee to dischargeits responsibilities effectively. If theaudit committee is of the view thatany matter reported to the board ofdirectors has not been satisfactorilyresolved, resulting in a breach ofthe listing requirements, the auditcommittee is required to reportsuch matters to the KLSE promptly.

Mexico

In 2001 the Securities Market law(Ley Del Mercado De Valores) wasissued by the Mexican SecuritiesCommission. It requires that listedcompanies establish an auditcommittee with a majority ofindependent directors. As ageneral rule, the chairman of theaudit committee should be anindependent director.

The Code of Best Practices issuedalongside the law recommends that

the audit committee should numberbetween three and seven persons.The law and the code indicate therole and responsibilities of thecommittee, including:recommending to the board theappointment and terms of service ofthe external auditor; assisting theboard in reviewing financialinformation for publication; andhelping to oversee the internalcontrol systems and evaluating theireffectiveness.

Netherlands

A voluntary code of practice – thePeters Committee report – waspublished in 1997 and contains 40recommendations regardingcorporate governance for listedcompanies in the Netherlands. It recommends the appointment bythe supervisory board of directors(many large Dutch companies havea two-tier board structure) of anindependent audit committee,composed of members of thesupervisory board.

Compliance with the Petersrecommendations is notmandatory, but most largecompanies have adopted therecommendations.

A new Corporate GovernanceCommittee (the TabaksblatCommittee) was recentlyestablished. Its draft report,published in July 2003,recommends listed companiesshould establish an audit committeeunder the supervisory board. Thereport also recommends thecorporate law be changed toinclude a requirement that listedcompanies give a statement ofcompliance or non-compliance withthe Tabaksblat Code.



New Zealand

Audit committees are not currentlya requirement for listedcompanies. However, in 2002 theNew Zealand Stock Exchangeissued a proposed rule change oncorporate governance. Theproposed rule incorporates aCorporate Governance BestPractice Code and requires alllisted companies to have an auditcommittee comprising at leastthree directors, with a majority ofindependent directors. At leastone member of the committeeshould have an accounting orfinancial background. Noimplementation date for theproposed rule has yet beenannounced.

Norway

There is no requirement, either inlaw or in listing rules, for listedcompanies to have an auditcommittee. However, voluntaryguidance on corporate governanceis expected to be introducedduring 2003.

Poland

The law requires companies tohave a two-tier board structure,with a management board and asupervisory board. The WarsawStock Exchange issued a voluntarycorporate governance code BestPractices in Public Companies in2002. The code does not specifythe need for audit committees butit defines responsibilities for thesupervisory board that are similarto audit committee responsibilities.At least half of the members of thesupervisory board should beindependent members. Themanagement board has to state

whether the company complieswith the voluntary corporategovernance code.

In practice, some of the larger andmore progressive organisationshave established sub-committeesof the supervisory board to carryout responsibilities similar to thoseof an audit committee (based on acharter that blends local legalrequirements and Polish andinternational good governancepractices).

Portugal

Listed companies are not requiredto have audit committees. By law,companies have to follow adifferent model by which theshareholders establish a ‘fiscalboard’, comprising certifiedauditors, as well as themanagement board. Companiesmay also voluntarily establish anaudit committee, as a committeeof the management board.

Rules issued by the securitiesregulator, the Comissão doMercado de Valores Mobiliáriosrequire listed companies toinclude in their annual reportsdisclosures relating to theirgovernance.

Russia

A Corporate Behaviour Code wasdeveloped through the efforts ofregulators, the businesscommunity and professionaladvisers, and recommended bythe government in 2001.Compliance with the code isvoluntary. The code recommendsthat boards of directors establishan audit committee for thepurposes of implementing and

monitoring controls over thefinancial and business activities ofthe company.

The Code recommends that theaudit committee should consistwholly of independent directors.If this is not possible, the auditcommittee should be chaired by anindependent director. Members ofthe audit committee shouldunderstand the basics of financialaccounting and reporting.

Singapore

The audit committee is arequirement of the SingaporeCompanies Act. There is also aCode of Corporate Governance(CCG) that provides guidance andbest practices on how auditcommittees should conduct theiractivities. Though compliancewith the code by companies listedon the Singapore Stock Exchange(SGX) is voluntary, the SGXrequires companies to disclose theextent of compliance or non-compliance from 1 January 2003onwards. Companies must alsodisclose their corporategovernance practices, in theirannual reports, with specificreference to the code.

The CCG states that the auditcommittee should comprise at leastthree non-executive directors, themajority of whom, including thechairman, should be independent.Two of the members should haveaccounting or related financialmanagement expertise orexperience.

South Africa

The Code of Corporate Practicesand Conduct contained in the King



report (the King Code 2002)recommends the appointment of anaudit committee comprising amajority of independent non-executive directors. The chairmanof the audit committee should bean independent non-executive(though not also the chairman ofthe board) and should attend thegeneral meeting to respond toquestions from shareholders aboutthe committee’s activities. Themajority of the audit committee’smembers should be financiallyliterate.

All companies with securities listedon the Securities Exchange SouthAfrica (JSE), and some other typesof organisations, are expected toadhere to the provisions of the KingCode 2002. Companies shouldprovide a narrative statement ofhow they have applied theprinciples set out in the code,together with a statement ofcompliance or non-compliancewith the code. Other regulatorybodies, such as the Registrar ofBanks, also require auditcommittees that meet certainprescribed criteria.

Spain

The Law on Measures relating tothe Reform of the Financial System(Law 44/2002, effective November2002) requires that companieswhose shares or debentures arelisted on an official market shouldhave an audit committee. Non-executive directors, appointed bythe board of directors, shouldcomprise the majority of the auditcommittee.

The detailed responsibilities of thecommittee should be set out incompany articles of association,

but should at a minimum include:oversight of the company’sreporting processes and internalcontrol systems; supervision ofinternal audit; communicationswith the external auditor;recommending the appointment ofthe external auditor to the board;and reporting to the generalmeeting on matters regarding thecommittee’s responsibilities.

The National Securities MarketCommission (CNMV) has alsoissued a ‘standard report ongovernance in listed companies’,for use by those companies thathave implemented therecommendations in the voluntaryCorporate Governance Code(‘Olivencia report’).

Sweden

Neither the law nor the listingrules of the Stockholm StockExchange require auditcommittees for listed companies.The Swedish Shareholders’Association has proposed avoluntary corporate governancecode Corporate GovernancePolicy – Guidelines for BetterControl and Transparency forOwners. It recommends that theboard should appoint an auditcommittee from among the non-executive board members. Thecommittee should consist of aminimum of three members.Guidance is also given on thecommittees’ responsibilities,particularly the relationship withthe external auditors.

In late 2002 the governmentappointed a Trust Commission toreport on various mattersincluding corporate governance.The commission’s report, to be

delivered in October 2003, mayinclude recommendations inrelation to audit committees, butthese are unlikely to beincorporated in the law.

Switzerland

Audit committees are not a legalrequirement. However in July2002, the Swiss Exchange (SWX)issued a directive requiring listedcompanies to disclose informationon their corporate governancepractices in their annual reports,including information on theactivities of board committees.

In addition, a Swiss Code of BestPractice for Corporate Governancehas been published. It recommendsthat boards of listed companiesshould set up audit committees.The audit committee should consistof non-executive, preferablyindependent, members of theboard. A majority of its members,including the chairman, should befinancially literate.

Taiwan

Audit committees are notmandatory for listed companies.However, the Taiwan Security andExchange Committee (SEC)requested that all listed companieshave independent non-executivedirectors with a financial or legalbackground on their boards.

Corporate structure in Taiwan alsoprovides for the position of‘supervisor’. This individualperforms certain oversightresponsibilities with respect to theboard of directors and the externalauditors, but these functions are notclearly identified by company lawor SEC regulations.



Thailand

The Stock Exchange of Thailand(SET) has issued guidelines thatrequire listed companies toestablish an audit committee of theboard of directors. The committeeshould comprise a minimum ofthree independent directors, at leastone of whom should be a financialor accounting expert.

A notification by SET prescribes theduties and responsibilities of auditcommittees, including therequirement to disclose theirsupervisory activities in thecompany’s annual report.

Turkey

Audit committees became arequirement for listed companiesfrom 1 January 2003, inaccordance with a communiquéissued by the Capital Markets Board(CMB). The CMB requires auditcommittees to have at least twomembers, with a majority beingindependent (if only two, both mustbe independent.) The findings andrecommendations of the auditcommittee should be reported tothe board of directors.

The Corporate GovernanceWorkshop Group of TUSIAD(Turkish Society of Industrialists)has drafted a code of corporategovernance that is expected tobecome effective in the near future.According to the draft code, theaudit committee should comprisethree members and all should beindependent. Committee membersshould have an adequateknowledge of finance, accountingand basic company law.

United Kingdom

The Financial Services Authorityrequires UK listed companies tomake a statement of compliancewith the Combined Code onCorporate Governance in theirannual reports. A new version ofthe Combined Code was publishedin July 2003. It incorporates thekey recommendations of the AuditCommittees Combined CodeGuidance (‘Smith Report’),published in January 2003.

The Code recommendsestablishment of an auditcommittee comprising at leastthree, or in case of smallercompanies two, members. Allmembers of the committee shouldbe independent non-executivedirectors and the board shouldsatisfy itself that at least onemember of the audit committeehas recent and relevant financialexperience.

Although, strictly, the Code isvoluntary, the public disclosurerequirement has the effect ofrequiring UK listed companies tojustify not having an auditcommittee. The new Code willapply for reporting periodsbeginning on or after 1 November2003.

United States of America

The American and New York StockExchanges require listed companiesto have an audit committee, asdoes the National Association ofSecurities Dealers (NASD). Banksand savings institutions are alsorequired to have audit committeesunder the Federal DepositInsurance CorporationImprovement Act.

Rules issued by the Securities andExchange Commission toimplement provisions of theSarbanes-Oxley Act 2002 requireaudit committee members to meetspecified independence criteria andcarry out specified responsibilities.Audit committees must complywith the new rules by the earlier oftheir first annual shareholders’meeting after 15 January 2004, or31 October 2004.

The rules also apply, with limiteddispensations, to foreign privateissuers listed on the US markets,with compliance required by 31July 2005.



Appendix

Stock exchange requirements for audit committees

The table below summariesthe requirements of majorstock exchanges for auditcommittees. These reflect thelatest rules – in some cases therules are not yet fully effective.

Appendix – Stock exchange requirements – overview


Required by US US UK (1) Hong Kong Germany France Japan

listing rules

New York LondonDeutsche EuroNext

Stock Exchange NASDAQ Stock MB Market GEM MarketBoerse (3) Paris (4) TSE (5)

(NYSE) Exchange

AuditYes Yes

ComplyYes (2) Yes

ComplyVoluntary Voluntary

committee or explain or explain

Independent All All AllMajority (2) Majority - - -

members members members (6) members

Number of At least At least At least At least At least- - -

members three three (6) three (7) three (2) three (2)

Financial At least At least At least At least At least- - -

expertise one one one one (2) one (2)

Public reportsYes Yes Yes

Not Not - - -

by committee specified specified

1) The Financial Services Authority (FSA) is responsible for the listing rules of the London Stock Exchange (LSE). The FSA requires UK listed companies tomake a statement of compliance with the Combined Code, which recommends establishment of an audit committee in their annual reports. The tablereflects the provisions of the new Combined Code on Corporate Governance published in July 2003. The new Code will apply for reporting periodsbeginning on or after 1 November 2003.

2) Information based on draft revisions of the listing rules, which are intended to be implemented in 2003.

3) Audit committees are not required by stock exchange rules of the Deutsche Boerse, but listed companies are required by law to state whether theycomply with the Kodex (which recommends establishment of audit committees).

4) EuroNext Paris does not require the establishment of audit committees, but the French exchange regulator (COB) has recommended listed companies tostate the status of implementation of audit committees in their annual reports.

5) Audit committees are not required by the rules of the Tokyo Stock Exchange (TSE), but may optionally be established under the Commercial Code.

6) With exceptions for small business filers.

7) In the case of smaller companies the required number of members is at least two.

Appendix

UK Combined Code requirements – audit committees

The Financial ReportingCouncil published a newversion of the UK CombinedCode on CorporateGovernance on 23 July 2003.The Code incorporatesguidance on audit committees(the ‘Smith Guidance’)developed by a group chairedby Sir Robert Smith. The newCode will apply for reportingperiods beginning on or after1 November 2003. Therequirements from the Code inrelation to audit committeesare shown below. UK listedcompanies that do not complywith these provisions shouldinclude an explanation as towhy they have not done so inthe statement of compliancerequired by the listing rules.

Main principle

The board should establish formaland transparent arrangements forconsidering how they should applythe financial reporting and internalcontrol principles and formaintaining an appropriaterelationship with the company’sauditors.

Code provisions(1)

Establishment and role

• The board should establish anaudit committee of at least three,or in the case of smallercompanies(2) two, members, whoshould all be independent non-executive directors. The boardshould satisfy itself that at leastone member of the auditcommittee has recent andrelevant financial experience.

• The main role and responsibilitiesof the audit committee should beset out in written terms ofreference and should include:

– to monitor the integrity of thefinancial statements of thecompany and any formalannouncements relating to thecompany’s financialperformance, reviewingsignificant financial reportingjudgements contained in them

– to review the company’sinternal financial controlsand, unless expresslyaddressed by a separate boardrisk committee composed ofindependent directors or bythe board itself, thecompany’s internal controland risk management systems

– to monitor and review theeffectiveness of thecompany’s internal auditfunction

– to make recommendations to the board, for it to put to the shareholders for their approval in general meeting, in relation to theappointment, reappointmentand removal of the externalauditor and to approve theremuneration and terms ofengagement of the externalauditor

– to review and monitor theexternal auditor’sindependence and objectivityand the effectiveness of theaudit process, taking intoconsideration relevant UKprofessional and regulatoryrequirements

Appendix – UK Combined Code requirements – audit committees


(1) The Smith guidance issued with the Code suggests means of applying these Code provisions.(2) A smaller company is one that is below the FTSE 350 throughout the year immediately prior to the

reporting year.

– to develop and implementpolicy on the engagement ofthe external auditor to supplynon-audit services, taking intoaccount relevant ethicalguidance regarding theprovision of non-audit servicesby the external audit firm

– to report to the board,identifying any matters inrespect of which it considersthat action or improvement isneeded, and makingrecommendations as to thesteps to be taken.

Relationship with the board

• The terms of reference of theaudit committee, including itsrole and the authority delegatedto it by the board, should bemade available.(3) A separatesection of the annual reportshould describe the work of thecommittee in discharging thoseresponsibilities.

Whistleblowing

• The audit committee shouldreview arrangements by whichstaff of the company may, inconfidence, raise concerns aboutpossible improprieties in mattersof financial reporting or othermatters. The audit committee’sobjective should be to ensurethat arrangements are in place forthe proportionate andindependent investigation of suchmatters and for appropriatefollow-up action.

The internal audit process

• The audit committee shouldmonitor and review theeffectiveness of the internal auditactivities. Where there is nointernal audit function, the auditcommittee should considerannually whether there is a needfor an internal audit function andmake a recommendation to theboard, and the reasons for theabsence of such a functionshould be explained in therelevant section of the annualreport.

The external audit process

Appointment• The audit committee should have

primary responsibility for makinga recommendation on theappointment, reappointment and removal of the externalauditors. If the board does notaccept the audit committee’srecommendation, it shouldinclude in the annual report, andin any papers recommendingappointment or reappointment, a statement from the auditcommittee explaining therecommendation and should setout reasons why the board hastaken a different position.

Independence, including theprovision of non-audit services• The annual report should explain

to shareholders how, if theauditor provides non-auditservices, auditor objectivity andindependence is safeguarded.

Appendix – UK Combined Code requirements – audit committees


(3) The requirement to make the information available would be met by making it available on request and by including the information on the company’s website.

Appendix

US Sarbanes-Oxley Act and NYSE listing rules

Sarbanes-OxleyActThe Sarbanes-Oxley Act wasenacted on 30 July 2002. The Act establishes new standardsfor corporate accountabilitythat significantly impact on theaudit committee’sresponsibilities. In manyinstances, the Act directs theSecurities and ExchangeCommission (SEC) to adoptrequired rules.

The following are key sectionswhich affect the role andresponsibilities of the auditcommittee, based on therelated SEC rules.

Section 202 – Pre-approvalrequirements

• Effective 6 May 2003, all auditingservices and non-audit serviceprovided to issuers by the auditorof the issuer shall be pre-approvedby the audit committee of the issuer

• The pre-approval requirement iswaived with respect to theprovision of non-audit services if:

– the aggregate amount of allnon-audit services provided tothe issuer constitutes not morethan 5 percent of the totalamount of revenues paid by theissuer to its auditor during thefiscal year in which the non-audit services are provided;

– such services were notrecognised at the time of theengagement to be non-auditservices; and

– such services are promptlybrought to the attention of theaudit committee of the issuerand approved prior to thecompletion of the audit by theaudit committee or by one ormore members of the auditcommittee to whom authorityto grant such approvals hasbeen delegated by the auditcommittee

• Approval by an audit committee ofa non-audit service to beperformed by the auditor shall bedisclosed to investors in periodicreports, as well as the auditcommittee’s pre-approved policiesand procedures.

Section 204 – Auditor reportsto audit committees

• Effective 6 May 2003, eachregistered public accounting firmthat performs for any issuer anyaudit required shall timely reportto the audit committee of theissuer:

– all critical accounting policiesand practices to be used;

– all alternative treatments offinancial information withingenerally acceptedaccounting principles thathave been discussed withmanagement officials of theissuer, ramifications of the useof such alternative disclosuresand treatments, and thetreatment preferred by theregistered public accountingfirm; and

– other material writtencommunications between theregistered public accountingfirm and the management ofthe issuer, such as anymanagement letter orschedule of unadjusteddifferences.

Appendix – US Sarbanes-Oxley Act and NYSE listing rules




Section 205 – Confirmingamendments

• The term ‘audit committee’means:

– a committee (or equivalentbody) established by andamong the board of directorsof an issuer for the purpose ofoverseeing the accountingand financial reportingprocesses of the issuer andaudits of the financialstatements of the issuer; and

– if no such committee existswith respect to an issuer, theentire board of directors of theissuer.

Section 301 – Public companyaudit committee

Audit committees must comply withthese rules by the earlier of the firstannual shareholders’ meeting after15 January 2004 or 31 October2004.

Responsibilities• The audit committee, in its

capacity as a committee of theboard of directors, shall be directlyresponsible for the appointment,compensation and oversight of thework of any registered publicaccounting firm employed by thatissuer (including resolution ofdisagreements betweenmanagement and the auditorregarding financial reporting) forthe purpose of preparing or issuingan audit report or related work andeach such registered publicaccounting firm shall reportdirectly to the audit committee.

Independence• Each member of the audit

committee shall be a member ofthe board of directors and shallotherwise be independent

• In order to be considered to beindependent, a member of anaudit committee may not, otherthan in his or her capacity as amember of the audit committee,the board of directors, or any otherboard committee:

– accept any consulting,advisory or othercompensatory fee from theissuer

– be an affiliated person of theissuer or any subsidiarythereof.

Complaints• Each audit committee shall

establish procedures for:

– the receipt, retention andtreatment of complaintsreceived by the issuerregarding accounting, internalaccounting controls orauditing matters; and

– the confidential, anonymoussubmission by employees ofthe issuer of concernsregarding questionableaccounting or auditingmatters.

Authority to engage advisers• Each audit committee shall have

the authority to engageindependent counsel and otheradvisers as it determinesnecessary to carry out its duties.

Funding• Each issuer shall provide for

appropriate funding, asdetermined by the auditcommittee, in its capacity as acommittee of the board ofdirectors, for payment ofcompensation:

– to the registered publicaccounting firm employed bythe issuer for the purpose ofrendering or issuing an auditreport; and

– to any advisers employed bythe audit committee.

Section 302 – Corporateresponsibility for financialreports

Effective 29 August 2002, thequarterly and annual certificationsrequired of CEOs and CFOs statethat:

• The signing officers havedisclosed to the issuer’s auditorand the audit committee:

– all significant deficiencies inthe design or operation ofinternal controls (specificallythose relating to financialreporting) which couldadversely affect the issuer’sability to record, process,summarise, and reportfinancial data, and hasidentified for the issuer’sauditors any materialweaknesses in internal control

– any fraud, whether or notmaterial, that involvesmanagement or otheremployees who have asignificant role in the issuer’sinternal controls.

Section 407 – Disclosure ofaudit committee financialexpert

• Beginning in their annual reportsfor fiscal years ending on or after15 July 2003, each issuer mustdisclose whether or not, and ifnot, the reasons why not, theaudit committee of that issuer hasat least one member who is afinancial expert, as such term isdefined by the US Securities andExchange Commission.



Summary ofNYSE listingrulesIn August 2002, the NYSEsubmitted proposed listingstandards to the SEC.Following various changes, afurther amended rule proposalwas submitted to the SEC inApril 2003. The SEC has notyet approved the rules. Theproposed NYSE standards haveimplications for boards andaudit committees. Theproposed standards includeadditional independencerequirements for auditcommittee members andextension of the auditcommittee charter.

Membership• Each company is required to

have a minimum three-personaudit committee, composedentirely of independent directors.

CharterThe committee must have a writtencharter that addresses:

• The committee’s purpose, which,at a minimum, must be to:

– assist the board oversight of:

� the integrity of thecompany’s financialstatements

� the company’s compliancewith legal and regulatoryrequirements

� the independent auditor’squalifications andindependence

� the performance of thecompany’s internal auditfunction and independentauditors; and

– prepare the report that isrequired by the SEC’s proxyrules to be included in thecompany’s annual proxystatement, or, if the companydoes not file a proxystatement, in the company’sannual report filed onForm10-K with the SEC

• The duties and responsibilities ofthe audit committee; and

• An annual performanceevaluation of audit committee.



Duties and responsibilitiesThe audit committee must:

• Directly appoint, retain,compensate, evaluate andterminate the company’sindependent auditors

• Establish procedures for thereceipt, retention and treatmentof complaints on accounting,internal accounting controls orauditing matters, as well as forconfidential, anonymoussubmissions by listed companyemployees of concerns regardingquestionable accounting orauditing matters

• Obtain advice and assistancefrom outside legal, accounting orother advisers as the auditcommittee deems necessary tocarry out its duties, and

• Receive appropriate funding, asdetermined by the auditcommittee, from the listedcompany for payment ofcompensation to the outsidelegal, accounting or otheradvisers employed by the auditcommittee.

Additional duties andresponsibilitiesThe duties and responsibilities ofthe audit committee must be, atminimum, to:

• At least annually obtain andreview a report by theindependent auditor describing:the firm’s internal quality-controlprocedures; any material issuesraised by the most recent internalquality – control review, or peerreview, of the firm, or by anyinquiry or investigation bygovernmental or professionalauthorities, within the precedingfive years, respecting one or moreindependent audits carried out bythe firm, and any steps taken todeal with any such issues; and(to assess the auditor’sindependence) all relationshipsbetween the independent auditorand the company

• Discuss the annual auditedfinancial statements and quarterlyfinancial statements withmanagement and theindependent auditor, includingthe company’s disclosures under‘Management’s Discussion andAnalysis of Financial Conditionand Results of Operations’

• Discuss earnings press releases,as well as financial informationand earnings guidance providedto analysts and rating agencies

• Discuss policies with respect torisk assessment and riskmanagement

• Meet separately, periodically,with management, with internalauditors (or other personnelresponsible for the internal auditfunction) and with independentauditors

• Review with the independentauditor any audit problems ordifficulties and management’sresponse

• Set clear hiring policies foremployees or former employeesof the independent auditors

• Report regularly to the board ofdirectors.

Internal audit • Each listed company must have

an internal audit function.



The Board Agenda – Good Practices for Meeting Market Expectations

Reporting Progress – Good Practices for Meeting Market Expectations

World Watch – Newsletter on Governance and Corporate Reporting

International Accounting Standards – A Pocket Guide

International Financial Reporting Standards – Illustrative Bank Financial Statements

International Financial Reporting Standards – Illustrative Corporate Financial Statements

International Financial Reporting Standards – Disclosure Checklist

International Accounting Standards – Understanding IAS 29

International Accounting Standards – Understanding IAS 39

International Accounting Similarities and Differences – IAS, USGAAP and UKGAAP

The latest news, discussions and IFRS publications issued by PricewaterhouseCoopers can be found atwww.pwc.com/ifrs

The following publications, which can be obtained online, contain comprehensive descriptions of theUS Sarbanes-Oxley Act, related SEC rules, and proposed US exchange rules, as well as impacts onaudit committees:

Current developments for Audit Committees 2003 – available at www.pwc.com/uscorporategovernance

Sarbanes-Oxley Act of 2002 – Current Proposals by NYSE, Amex and NASDAQ; Board and Audit Committee Roles in the Era of Corporate Reform – available at www.cfodirect.com

Sarbanes-Oxley Act of 2002; Strategies for Meeting New Internal Control Reporting Challenges – available at www.cfodirect.com

Audit Committees – Good Practices for Meeting Market Expectations is designed for the information of readers. While every effort has beenmade to ensure accuracy, the material is intended only to provide an overview of current trends and should not be viewed ascomprehensive. No responsibility for loss to any person acting or refraining from acting as a result of any material in this publication canbe accepted by PricewaterhouseCoopers. Recipients should not act on the basis of this publication without seeking professional advice.

Other publications

The following publications oncorporate practices andInternational Financial ReportingStandards have been published byPricewaterhouseCoopers and areavailable from your nearestPricewaterhouseCoopers office:

Other publications


Notes



Audit CommitteesText L - Board of...

Documents

Transcript of Audit CommitteesText L - Board of...