Audit risk is rapidly increasing but setting up the right communications protocol can help firms.
The board depends on an effective and transparent audit committee in order to fulfill its fiduciary duties. To replenish the crucial link between these committees and the board, audit oversight mechanisms have been introduced to enhance the auditing process. But strengthening internal controls and implementing new strategies to improve the performance of the audit committees can be complicated, especially in today’s uncertain and more complex regulatory environment.
In a message to directors, KPMG, one of the big four auditing firms, recently unveiled its 10-strong to-do list for audit committees in 2012. In order to reduce audit risk and improve the quality of auditing procedures, the firm recommends the following:
(i) Stay focused on the audit committee’s top priority: financial reporting and related internal control risk. This number one to-do from last year holds true for 2012. Ensuring that the audit committee’s agenda focuses on the issues that require its attention will be a significant undertaking.
(ii) Continue to monitor accounting judgments and estimates, and prepare for accounting changes. Monitor fair value estimates, impairments and management’s assumptions underlying critical accounting estimates. Recognize that the company’s greatest financial reporting risks are often in areas where there is a range of possible outcomes, and management is called upon to make difficult judgments and estimates.
(iii) Consider whether the financial statements and disclosures tell the company’s story. Given the importance of transparency to the investor community, as well as the SEC’s ongoing focus on disclosures, consider how disclosures can be improved – perhaps going beyond what’s ‘required’ – to better address expectations.
(iv) Focus on the company’s plans to grow and innovate. Growth, strategy and innovation will be front and center as companies search for top-line growth and look forward, beyond the recessionary environment. A key challenge will be monitoring and calibrating growth plans to appropriately balance risk and reward. (Remember: good risk management enables innovation and growth).
(v) Reassess the company’s vulnerability to business interruption and its crisis readiness. As illustrated by the earthquake in Japan, the European debt crisis, and other systemic disruptions over the past 24 months, the global interconnectedness of businesses, markets, and risk poses challenges for virtually every company.
(vi) Understand how technology change and innovation are transforming the business landscape – and impacting the company. Informational technology (IT) risk discussions should be moving (rapidly) beyond ‘defensive’ issues (compliance, data privacy, system implementations) to address the critical challenge today: understanding the transformational implications of IT and emerging technologies – cloud computing, social media, mobile technologies, and data – and the strategic issues they present. The audit committee can help the organization get its arms around IT by insisting on more-frequent and robust communications with the CIO; elevating IT discussions to senior management/full board level (beyond the ‘IT shop’); helping to frame the big picture view of the company’s IT governance efforts (on data and social media); clarifying the oversight role(s) of the board, audit committee, and other committees; and strengthening the board’s understanding of IT (by bringing IT expertise onto the board and/or through education).
(vii) Focus on asymmetric information risk and seek out dissenting views. Is the audit committee hearing views from those below and beyond senior management –middle management and business unit leaders, sell-side analysts and critics, and other third parties – about the risks and challenges facing the company? Does the information provided by management, internal audit and external auditors tell a consistent story? What is being said about the company by customers, employees, and others on social media networks? Make time to visit company facilities and attend employee functions.
(viii) Consider the impact of the regulatory environment on compliance programs and business plans. The increasing complexity of the global regulatory environment – including compliance challenges posed by the Foreign Corrupt Practices Act and the UK Bribery Act, the SEC’s whistleblower bounty program, and Dodd-Frank provisions on conflict minerals and compensation clawbacks – will require continued attention
(ix) Understand the company’s significant tax risks and how they are being managed and modeled. Prospects for business tax reform; ongoing assessment of uncertain tax positions; increased state, federal, and global enforcement activities; and the continued complexity of operating globally in different tax regimes all pose significant compliance and financial risks. To stay abreast of critical tax risks – including internal control, compliance and disclosure issues – establish a clear communications protocol for management to update the audit committee on the status of its tax risk management activities
(x) Monitor the PCAOB’s initiatives on auditor independence and transparency, and consider the implications for the audit committee. PCAOB initiatives are designed to promote auditor independence, objectivity and professional skepticism have potentially significant implications for the audit process and the role of the audit committee. Consider how the audit committee currently reinforces auditor independence and skepticism. Would a more robust audit committee report be beneficial to investors?
To view KPMG’s full message to directors click here.