Speech by SEC Staff:
Making Audit Committees More Effective
Robert K. Herdman
U.S. Securities and Exchange Commission
Tulane Corporate Law Institute
March 7, 2002
The Securities and Exchange Commission, as a matter of policy, disclaims responsibility for any private publication or statement by any of its employees. The views expressed herein are those of Mr. Herdman and do not necessarily reflect the views of the Commission, the Commissioners, or other members of the Commission's staff.
Thank you very much Sy for that kind introduction. I am very glad to be a part of this conference.
When Sy first invited me to speak at this conference, he told me that the attendees would be predominantly lawyers. Sy also explained to me that this conference historically has had an M&A focus. And so I considered giving you a breathtaking overview of the implementation issues attendant to the new Financial Accounting Standards Board (FASB) Statements on Business Combinations, SFAS 141 and 142. But, Sy advised that you are all working hard to forget everything you ever knew about the pooling of interests method, and would prefer to think about something else.
Recently, we have seen accounting and auditing matters on the front page of major newspapers and in the evening news like never before. I had plenty of topics to choose from!
Because the role of the audit committee is central to insuring the integrity of published financial statements on which investors rely, and which are central to the efficiency of our capital markets, I decided that would be a useful topic for today's time with you.
Before I go on, I must remind you of the standard disclaimer that my remarks today are my own, and do not necessarily represent the views of the Commission, the Commissioners, or other members of the Commission's staff
Audit Committee as Key Element of Efficient and Reliable Capital Markets
It was not that long ago that a number of "new" requirements for audit committees were issued. In 1999, the Blue Ribbon Committee on Improving the Effectiveness of Corporate Audit Committees ("Blue Ribbon Committee") issued its recommendations to improve the independence, operations, and effectiveness of audit committees. The stock exchanges adopted new listing requirements. The Auditing Standards Board of the AICPA beefed up standards for auditors with respect to the audit committee, and the SEC issued a rule for new audit committee disclosures in December 1999.
The stock exchanges' new listing requirements with respect to audit committees included an 18-month phase-in, and did not become fully effective until the summer of 2001. As a result, many say the jury is still out as to how effective they have been. But, given the breadth and scope of recent business failures, and attendant questions about companies' accounting, auditing and corporate governance practices, we cannot simply wait and allow the clock to run to gather more evidence on the effectiveness of the 1999 rules. We need to reexamine some key issues carefully, and we need to do it now.
That is why, last month, Chairman Pitt reached out to the stock exchanges for their consideration of how to improve corporate governance in general and requirements for audit committees in particular.
Inevitably, I believe, the committees formed by the exchanges to study these matters will re-focus on two of the fundamental tenets of the 1999 report, and those are: independence and financial literacy of audit committee members.
The new stock exchange rules now require that all members of the audit committee be independent. However, an exception is permitted for one non-independent audit committee member, if there is sufficient reason to allow it, and the SEC requires that any such exceptions and the reasons for it be disclosed.
Some have argued that there should be 100% absolute independence of all members of the audit committee. This is something that deserves further consideration. In making this determination, the nature of various relationships, especially indirect ones, needs to be revisited, as well. For example, people are questioning whether relationships such as consulting fees or contributions to charities favored by board members impact independence.
In addition, because the road to becoming an audit committee member begins with the nomination process, some have asked whether independent parties, not the CEO/Chairman, should be responsible for nominating members of the audit committee. Former SEC Chairman Rod Hills has suggested that an ineffective audit committee should be considered a material weakness in internal control, and that a prerequisite to effectiveness is total independence of the members of the committee, including the nominating process.
Similarly, some have questioned whether the exchange requirements about "financial literacy" or financial and accounting expertise of audit committee members went far enough. They point out that few audit committees' composition changed as a result of the new rules. As you know, while all have to be "literate," only one member has to have "expertise". But that expertise need not have been attained by actually functioning as a financial officer or as a practicing accountant. Just being a CEO will do. The balance point between how much an audit committee member needs to know him or herself, vs. how much they can rely on financial management and the auditors will continue to be most important, and delicate.
For that reason, others recommend that audit committees more frequently avail them-selves of outside advisors, and not solely, as is often the case now, in times of crisis.
But just as we need more study about the exchanges' listing requirements about audit committees, we need to make sure that performance under the current requirements is sufficiently rigorous. We need that right now. Today.
Audit committee members simply must ask the tough questions of management, and of internal and external auditors. And, they have to understand the sometimes highly complex information and results put before them. As with most things in life, the rules are now, and will continue to be, very important. But in the final analysis, it is the attitudes and approach of those entrusted with carrying them out that determine whether the exercise has a positive impact.
Key Qualities of Audit Committee Effectiveness
When I think about audit committee effectiveness, I believe there are three key qualities to focus on. My thoughts on this are inclusive of events since I joined the SEC five months ago, and also reflect more than thirty years in practice, during which I attended countless audit committee meetings.
My suggested "short list" of tasks for an effective audit committee is as follows:
- Control the Agenda
- Be Diligent
- Take the time
I. Control the Agenda
The Blue Ribbon Committee's report said that auditors should look to the audit committee as the client, and that the committee should have the power to hire and fire the auditors. That is an overarching concept that must be acted on if audit committees are to fulfill their function. Another way to conceptualize it is to make sure that the audit committee controls the agenda, in dealing with the following matters.
Competence and Independence of Auditors
First, the audit committee must evaluate the competence and independence of the external auditors. And, more particularly, of the partner who is leading the effort. There has been a lot of focus on the potential impact of non-audit services in this evaluation, although I believe that the focus on the nature of these services misses the point. What is important about it is that providing other services should not create a "debt" to management to be "repaid" when a tough financial reporting issue arises. And, even if there are no other services, keep in mind that the company pays the audit fee as well, and no partner wants to lose that fee.
So, audit committee members need to probe to find out the nature and extent of issues that management and the auditors gave considerable attention to. It's not enough to merely be told there were no reportable disagreements. After all, that's a term of art that means essentially that management finally acquiesced to avoid a qualified opinion. The real world is normally much more subtle than that. It should be expected that there were at least a few issues where management wanted to take a more aggressive approach. After all, missing quarterly earnings targets by a penny is punished brutally by the market these days. Simply put, the audit committee should hear about these matters and the nature and outcome of these discussions.
The issue of what some refer to as the "revolving door," whereby key audit firm personnel are hired by the client company into key positions, is also a topic of frequent discussion and should be an area of focus by audit committees as well Some have suggested imposing "waiting periods" in which a partner with a firm would not be eligible to be hired by a client company until a few years after ceasing to be involved in that particular client engagement. This has proven to be a difficult topic to deal with in a formal rule-making context in the past. But individual audit committees have devised approaches to it, including setting limits on the number of firm personnel the company can hire. Absolute prohibitions may not be necessary, or desirable, here, but common sense is!
Second, don't forget the importance of internal control and the internal audit function. The Report of the Blue Ribbon Committee emphasized almost exclusively the audit committee's role in the financial statements.
The internal control structure, and the internal audit team that tests and reinforces that structure, is crucial to the success of a company in stemming fraud and abuse, and in the preparation of accurate financial statements.
As such, the importance of the audit committees' understanding of the companies' internal control structure and their assessment of internal audit's effectiveness is crucial in ensuring this important link in the chain is solid. And when internal and external auditors suggest improvements in controls, there should be compelling reasons why they're not adopted. "Repeat comments" are a red flag!
Audit Scope and Fees
My third agenda topic is one that I think is generally handled well today. That is, discussion of the scope of work that the internal and external auditors intend to carry out as a result of their assessment of controls and other planning efforts.
A related aspect of this is perhaps not done so well. And that is audit committee consideration of the audit fee as a way to monitor whether the scope of work is sufficient. Now that there is a required disclosure of audit fees in proxy statements, it should be relatively easy to compare these fees with those of a reasonably comprised peer group.
Other items that the agenda should focus on are management, and the corporate code of conduct. The audit committee should ask for and receive frank assessments of the competence of financial management.
Audit committees should be champions of corporate codes of conduct and, in particular, should be wary of granting exceptions to these codes.
Access must be Direct and Independent
The audit committee must be given direct, unfettered, independent access to management, internal audit, and external auditors. The audit committee must be able to communicate in confidence with these three groups independently of each other.
One area I have emphasized since becoming Chief Accountant is for companies to meet with us about unusual accounting issues. And we have created a role for audit committees when this is done. In the updated Guidance for Consulting with the Office of the Chief Accountant posted on our website, we note that we want to know, among others things, what the audit committee's view is on the company's proposed accounting treatment. We decided it is best to have the audit committee involved upfront, before the company comes to the SEC, as opposed to after the fact. In this way, the audit committee can provide useful input, and not just be a rubber stamp.
This brings us to Diligence. Now, many of you probably think you know a lot about diligence, or specifically due diligence, from the nature of your work. But just so we're all on the same page, I thought I'd look up the most basic definition of the word, and here's what I found: Diligence means: perseverance, earnestness, attention and care. What are some ways for the audit committee to enhance its diligence?
One of the most important aspects of diligence is to be proactive. Audit committees should not only rely on what is put before them as "the gospel truth". They should take it and analyze it, throw a couple of rocks at it and see if they puncture it or bounce off.
A good place to start with being proactive is with respect to discussing and understanding the companies Critical Accounting Policies. As the Commission noted in its December 12 release, audit committees need to engage in "proactive" discussions with company management and outside auditors regarding key accounting judgments. It is essential that the audit committee be actively, not passively, engaged.
Audit committee members should ask the tough questions about these policies. The rules of engagement should encourage comprehensive and constructive questions that get to the root of the biggest issues facing the company's financial presentation and disclosure.
Asking a good question is only half of the equation; obtaining an understanding of the answer is equally if not more important! We have seen examples reported in the press where it appears that a number of parties, including some of the country's most noted lawyers, accountants, and analysts, and all except a handful of journalists and short-sellers, just didn't "get it" when it came to understanding certain major publicly listed companies' businesses and implicit and explicit risks and rewards. Audit Committee members cannot walk away if they don't understand a material transaction, the economics, or the accounting behind that transaction, no matter how complex. And here it's the overall presentation and economic effect that absolutely must be understood, with as much supporting details as necessary and appropriate.
This is where our recent Commission statement on Critical Accounting Policies and MD&A disclosure will be helpful; in understanding critical accounting policies, it is important to be able to explain the range of results that would be followed, if alternate accounting methods had been used, and why the particular method was chosen. A diligent understanding of the financial presentation and underlying transaction will need to encompass an understanding of the swing factors in results, as well as risk identification and management. Focus on big issues, issues that make a difference.
Among the goals of issuing that SEC release was to assist in the dialogue among management, audit committee members, and auditors of the quality, not just the acceptability of a company's accounting practices. This was one of the new requirements in 1999 but it's not always easy to do.
Warren Buffett, one of the nation's most respected investors, is known for three key questions he developed for audit committees to consider, and he suggests the discussion of these matters be documented in the minutes of their meetings. These questions are:
- If the auditor were solely responsible for preparation of the company's financial statements, would they have been prepared in any way different than the manner selected by management? The audit committee should inquire as to both material and nonmaterial differences. If the auditor would have done anything differently than management, an explanation should be made of management's argument and the auditor's response.
- If the auditor were an investor, would he have received the information essential to a proper understanding of the company's financial performance during the reporting period?
- Is the company following the same internal audit procedure that would be followed if the auditor himself were CEO? If not, what are the differences and why?
III. Take the Time
The final point about audit committee effectiveness I'd like to make can be summed up in one word: Time. Audit committee members must make the time, and take the time, to achieve an adequate understanding of what the company's financials represent, to have enough time to consult with outside counsel and experts if necessary, to ask the tough and incisive questions, and to obtain answers that make sense. As such, an effective audit committee requires a commitment of quality and quantity time: quality time in that they will give the critical corporate governance and accounting and disclosure issues their full attention, and quantity of time to allow thorough deliberations and discussion. This means that proper upfront planning, conduct of meetings and followup are essential.
It also means that spending an hour together three or four times a year probably is not sufficient. The critical accounting policy exercise I outlined above undoubtedly requires more time than that alone. Reading the financial statements and MD&A for clarity and understandability, for purposes of making a recommendation to the full Board, requires more time than that alone. And I haven't even mentioned important responsibilities such as involvement in quarterly financial statements or compliance with laws and regulations, which is often included in a committee's charter.
Summing up what we've said so far
In short, audit committee members should be independent, have requisite expertise, and they must control the agenda, be diligent, and spend the time. To do the due diligence, you have to walk the talk! Many have asked, "who will want to be a member of an audit committee," and those who will consider additional rules will have to be mindful of the potential for overload. Who knows maybe it's as simple as the approach I've outlined.
Your Role, Your Input Counts
In closing, I commend the many members of the Bar who have stepped up to the plate and published guidelines and guidance not only for their clients but also for the corporate community at large, including testimony recently given to Congressional committees regarding corporate governance, and participation in the SEC's roundtable discussions of financial reporting and audit oversight earlier this week in New York and Washington. We welcome your views.
Thank you very much for your attention, and I would be happy to take some questions.