One of the most important steps for a company preparing for an IPO is to form an effective audit committee composed of three independent directors. In fact, the SEC prohibits the NYSE and NASDAQ (among others) from listing companies that are not in compliance with its audit committee regulations. This article discusses the importance, primary roles, and structure of an audit committee.
What is an Audit Committee?
The audit committee is a committee of a company’s board of directors that is responsible for ensuring the integrity of a company’s financial reporting. The committee also helps to manage external and internal audit effectiveness and provides oversight to a company risk mitigation strategies and internal control framework. The audit committee reports directly to the company’s board of directors and remains independent of all other organizations within the company.
The NYSE first endorsed the “audit committee” concept in 1939, and the SEC recommended that companies establish an audit committee starting in 1972. After the passing of the Sarbanes-Oxley Act in 2002, the SEC formalized and strengthened the requirements of audit committees. Effective audit committees are expected to hold companies accountable, provide valuable insights about financial reporting and control matters, and help prevent fraud and other illegal behavior.
Primary Roles of an Audit Committee
At the most basic level, the audit committee is responsible for hiring, firing, and compensating the external auditors of the company, as well as approving all audit and non-audit services provided by the external auditor. The committee compares fees and budgeted hours across years, closely monitors risks identified by internal and external auditors, and ensures steps are taken to mitigate those risks. Having the right, experienced audit committee chair who can work well with the CFO, controller, Internal Auditor, External Auditor, and CEO is critical.
An audit committee also must maintain a written charter on the company’s website that outlines the committee’s purpose, duties, responsibilities, and annual performance self-evaluation metrics. The NYSE and other self-regulating organizations have set a minimum list of items that must be addressed in the charter. Deloitte and other “Big 4” firms often publish sample audit committee charters to assist companies who are creating or updating their own charters.
SEC rules require every audit committee to disclose whether a written charter has been adopted. Different stock exchanges have similar requirements for the contents of audit committee charters. For example, the NYSE requires an audit committee to assist the board in overseeing the following four key areas (NYSE 303A.07A):
To effectively oversee the four areas shown above, the NYSE outlines the minimum duties and responsibilities that an audit committee has. When evaluating performance annually, the audit committee members should review how well they carried out these duties and responsibilities. The duties and responsibilities required by the NYSE and other exchanges include:
- Review of the report from the independent auditor describing
- The external auditor’s quality control procedures
- Any material issues that have arisen within the past five years
- All relationships between the firm and the external auditors
- Committee review of
- The annual and quarterly financial statements with company management and the independent auditor.
- Types of information used in earnings releases and guidance
- Risk assessment and management
- Individual meetings with management, internal auditors, and the independent auditor
- Review of disagreements with management and resolutions
- Implementation of hiring policies
- Regularly reporting to the board of directors
- Establishing procedures for accounting- and fraud-related complaints
Companies preparing to go public need to understand the audit committee listing requirements of various exchanges, learn from the audit committee charters of comparable companies, and determine the specific areas of oversight, duties, and responsibilities the committee members should have. As examples, the company names below are linked to their respective audit committee charters.
SEC Release No. 34-47516(d)(2) requires public companies to have an audit committee composed of at least three members (called directors because the individuals are also members of the company’s board of directors). All directors on the committee must be able to read and understand fundamental financial statements and are required to be independent. As such, directors may not receive any consulting or other compensation aside from what they receive for service as a committee member. Directors are also unable to hold management positions within the company or hold more than 10% of the company’s stock. It is recommended that directors not serve on more than four audit committees.
The SEC also requires companies to have at least one “financial expert” on the audit committee and to disclose the name of that financial expert. Companies lacking a financial expert must explain why they fail to have such a director. A financial expert is an individual who understands financial statements, understands GAAP and has experience applying it to accounting estimates, has experience preparing, auditing, or utilizing financial statements, has experience with internal controls, and understands audit committee functions (SEC Release No. 33-8177 Paragraph II.A.4).
For example, Amazon.com, Inc. disclosed three financial experts currently serving on its audit committee in a 2020 SEC Filing:
- Thomas Ryder was Chairman and CEO of Reader’s Digest for about eight years. Ryder previously served as a director of ILG, Inc., RPX Corporation, Quad/Graphics, Inc., Starwood Hotels & Resorts Worldwide, Inc. and as Chairman of the Board of Directors at Virgin Mobile USA, Inc.
- Wendell Weeks has been Chairman and CEO of Corning Incorporated for about 15 years. He has also held leadership roles in financial management, business development, and commercial leadership.
- Indra Nooyi was Chairman and CEO of PepsiCo., Inc. for about 12 years. She had previously served as the CFO of the company and held various roles in finance, corporate strategy, and strategic planning.
On Apple’s Investor Relations site, three audit committee members are listed. James Bell (former CFO at Boeing) and Susan Wagner (co-founder and director at BlackRock) are listed as committee members, while Ronald Sugar (former CEO at Northrop Grumman) is listed as the audit committee chair.
Apple also linked a copy of its audit committee charter, which states the following:
The Committee will be composed of not less than three Board members. Each member shall be “independent” in accordance with applicable law, including the rules of The Nasdaq Stock Market LLC (“Nasdaq”) and the more rigorous SEC independence requirements for audit committee members set forth in Rule 10A-3 under the Securities Exchange Act of 1934, as amended (the “Exchange Act”).
Each member shall be able to read and understand fundamental financial statements, in accordance with Nasdaq audit committee requirements, and at least one member will have past employment experience in finance or accounting, requisite professional certification in accounting, or other comparable experience or background, including a current or past position as a principal financial officer or other senior officer with financial oversight responsibilities and will otherwise qualify as an “audit committee financial expert” as defined by applicable SEC rules.
Best Practices of an Effective Audit Committee
Most of the information in this article has outlined legal requirements surrounding the audit committee. There are also best practices that, though not legally required, will boost committee performance. When creating an effective audit committee, companies should seek to find qualified individuals with industry-specific knowledge to serve on the committee. It can also be beneficial for an audit committee to keep an odd number of members in order to avoid split decisions. From an administrative perspective, an effective audit committee should set a time to hold annual meetings, create agendas ahead of the meetings, and be consistent and timely with decisions. Audit committee members should be skilled at evaluating their progress towards goals and at making adjustments when necessary.
Many companies have published sample audit committee agendas. BDO has an insightful guide that discusses the timing, objectives, actions, and communications that an effective audit committee could incorporate into its meetings. BDO outlines agendas for quarterly review meetings, audit planning meetings and pre- and post-earnings release meetings. An audit committee must determine how often to meet based on the needs of the company.1 More information about quarterly review and audit planning meetings can be found in the links below.
If an audit committee chooses to meet quarterly, BDO recommends meeting before the earnings release, or as soon as possible thereafter. An important meeting objective could be to discuss with external auditors the impact of significant issues that were noted during the review of company financial information. The best thing an audit committee chair can do is (1) work with legal counsel, the CFO, and others to come up with an annual calendar than includes all SEC, exchange, and charter requirements and (2) break down the annual calendar into smaller meetings to be held during the year. This becomes the default agenda to which pressing issues can be added in preparation for the meetings.
Action items may include a discussion of any of the following:
- Approval for any audit or non-audit services to be performed
- Significant changes in accounting policies
- Management judgments and accounting estimates
- Significant adjustments that have been made or are proposed
- Any disagreements with management
- Consultations with other auditors
- Difficulties encountered in performing the financial statement review
- Issues in the news that could affect the riskiness of the company
At the conclusion of the meeting, an effective audit committee will report any key items discussed to the board, including the approval of non-audit services and a conclusion as to whether the services will impair auditor independence.
BDO recommends that an audit committee meet several weeks or months before the start of the audit for a planning meeting. The goal of the meeting is to review the auditor’s audit plan and anticipated non-audit services as well as the scope and activities of the prior year’s audit.
Several of the key risks and internal controls an audit committee may choose to focus on include:
- Business and financial risks identified by management and the auditors
- Management override
- Industry conditions
- Auditor’s most recent management letter
- Problem areas noted in prior year’s audit
- Sensitive matters
- Internal auditor’s report
When working to approve the auditor’s plan, the audit committee’s discussion of the audit may include several topics, such as:
- Accounting and auditing developments
- Significant changes in company activities
- Changes in accounting policies
- Audit timing
- Locations to be examined
- Personnel being assigned to the audit
- Assistance to be provided by the internal auditors
- Involvement of other auditors
- Planned reliance on internal accounting controls
- Use of computer assisted auditing techniques
- Areas for special procedures
- Review for fraud or other improprieties
- Rotation of audit procedures
- Estimated audit fees
- Proposed non-audit services
- Comparison of operating results with prior year
BDO explains that an effective audit committee should report to the board any issues carried over from the prior year, the timing and scope of the audit, significant accounting matters affecting the financial statements, and any non-audit services to be provided by the auditors.
In addition to BDO’s audit committee meeting agenda guide, KPMG has published an audit committee meeting planner, and Protiviti has compiled a list of agenda items that an audit committee should consider adding to its list. Many other resources are available online for companies seeking to form an effective audit committee.
Companies seeking to go public should understand the importance of the audit committee and begin the process of forming an effective committee. An effective audit committee will oversee proper financial reporting, audit procedures, and firm compliance. Additionally, the committee will hold the company accountable, provide valuable insight, and help to prevent fraud and illegal behavior.
- Corporate Compliance Insights, Building an Effective Audit Committee, August 2015
- Deloitte Center for Board Effectiveness, The Role of the Audit Committee, April 2018
- Protiviti, The Audit Committee Requirements, Accessed December 2020
- Bakertilly, Considering Establishing an Audit Committee?, August 2013
- The NYSE and NASDAQ both require that the audit committee meet at least quarterly. See this publication by Weil for more information about audit committee requirements for the two exchanges.