From: Elliott, Marcus [MElliott@JPI.com] Sent: Monday, February 17, 2003 9:45 AM To: 'rule-comments@sec.gov' Subject: File No. S7-02-03 Requests for Comments on Proposed Rules February 17, 2003 Via email to: rule-comments@sec.gov The Honorable Jonathan G. Katz Secretary U.S. Securities and Exchange Commission 450 Fifth Street, NW Washington, DC 20549-0609 Re: File No. S7-02-03; Request for Comments on Proposed Rules Concerning Standards Relating to Listed Company Audit Committees Dear Mr. Katz: By way of introduction, I am Vice President of Internal Audit for JPI Partners, LLC, a nationwide developer of luxury apartment complexes. My background includes approximately twenty years of internal audit experience with both public and private companies, plus internal audit consulting services for a public accounting firm. I am a member of the Institute of Internal Auditors and the Information Systems Audit and Control Association. On behalf of a prior client, in 1999, I conducted an extensive research project into the best practices for Audit Committees. My purpose in writing is to comment on the following two aspects of the proposed rules. I. Audit Committee Member Independence For an Audit Committee to be effective, independence is the cornerstone on which all else is built. Central to achievement of this goal, it follows that the individual members of the Audit Committee must have true, genuine independence, not only in form, but in substance. It is my recommendation that the final rule regarding Audit Committee independence should have these elements: The committee should be comprised of directors who are independent of the management and operating executives. Members, including the committee chairman, should be appointed by the Board of Directors. At least one of the committee members should have a background in financial reporting, accounting or audit. An independent director is one who: A. Is not and has not been employed in an executive capacity of the company for at least five years prior to election to the Audit Committee; B. Is not an advisor or consultant to the company, nor affiliated with any firm that is; C. Is not affiliated with a significant customer or supplier of the company; D. Does not have a personal services contract with the company; E. Is not affiliated with a tax-exempt entity that receives significant contributions from the company; and F. Is not a spouse, parent, sibling, child or in-law of any person described in (A) through (E) or any member of management. It is axiomatic that no one can properly serve two masters. This is no less true for members of an Audit Committee. To be truly independent, it is imperative that any member of the Audit Committee have no financial interests at stake, or at risk, in any of their oversight responsibilities. This takes on added importance in those situations in which the Audit Committee must investigate potential fraudulent actions of company senior management. This task is the very heart of the Sarbanes-Oxley Act. II. Internal Auditor's Appointment and Role Given a truly independent Audit Committee, properly composed of independent directors, how are they to best serve the public interest when confronted with the most difficult of all their tasks: Investigating potential fraud by company senior management? What resources and staff do they have at their disposal to conduct their investigation? The SEC has posed the question, "Should the Audit Committee also be directly responsible for the appointment, compensation, retention and oversight of an issuer's internal auditor?" How this question is answered will have a direct bearing on how the preceding two questions are answered. The Audit Committee can have few more effective resources at their disposal than the company's Internal Audit Department. However, as with the Audit Committee itself, to be effective the Internal Audit Department must have organizational independence. The best way to ensure this independence is to have responsibility for the appointment, compensation, retention and oversight of this function rest with the Audit Committee. It has been my experience that far too often the Chief Audit Executive (CAE) is selected by company senior management, and worse, too often reports to the CFO. These arrangements, all so typical, have a doubly harmful effect on corporate governance when malfeasance by senior management is involved. First, it places the CAE and Internal Audit Department in the untenable situation of auditing members of management who have direct control over their careers and financial well-being. Second, it places a barrier to direct, open communication between the CAE and the Audit Committee, thus hamstringing the role of the Audit Committee. As has been reported in the case of WorldCom, the CAE, Cynthia Cooper, had to defy direct orders from her CFO and continue her audit investigation in a manner that jeopardized her continued employment. Her courage eventually uncovered one of the biggest fraudulent corporate financial scandals in history and, deservedly, earned her selection as one of Time magazine "Person's of the Year." We can only wish that all CAEs would have such courage. Experience tells us "The Night Detective" is the exception, not the rule. Accordingly, I recommend that the SEC adopt a rule that ensures that the Audit Committee be directly responsible for the appointment, compensation, retention and oversight of an issuer's Chief Audit Executive. This will ensure that the fiduciary responsibility of the CAE is to the Audit Committee, Board of Directors and the general public interest. If the goal of the Sarbanes-Oxley Act is to ensure that public companies, and specifically, the senior management of such companies, conduct themselves in accordance with sound business ethics, then the SEC must promulgate rules which will ensure that Audit Committees are composed of independent directors and that they have at their disposal an effective means to oversee and monitor the actions of senior management. Independent directors, defined as I have proposed, combined with a Chief Audit Executive, selected by and reporting directly to the Audit Committee, can be the cornerstone on which this new, enlightened corporate governance is built. Thank you for considering my recommendations. Sincerely yours, Marcus B. Elliott Vice President - Internal Audit JPI Partners, LLC 600 East Las Colinas Boulevard, Suite 1800 Irving, Texas 75039 972-556-8933 melliott@jpi.com This electronic message contains information which may be legally confidential and/or privileged. The information is intended solely for the individual or entity named above and access by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.