Institute of Internal Auditors
February 18, 2003
William G. Bishop III, CIA
Jonathan G. Katz, Secretary
Transmitted via electronic mail: firstname.lastname@example.org
File No. S7-02-03
Dear Mr. Katz:
The Institute of Internal Auditors (IIA) supports the efforts of the Securities and Exchange Commission (SEC) to improve corporate governance processes of listed companies by specifying standards for audit committees. The IIA endorses the SEC's proposed rulemaking that requires a national securities organization to stop listing the securities of an issuer that is not in compliance with the stated standards of responsibilities for its audit committee or that has one or more audit committee members who fail to satisfy the independence criteria.
The IIA agrees with the basic tenets of the standards for an audit committee in the SEC's proposed rules. They are consistent with The Institute's position on the key responsibilities of an effective audit committee, except that the SEC proposal is silent on the committee's responsibility for oversight of the internal auditor. An appropriately structured relationship between the audit committee and internal auditor is essential and needs to be made explicit in the SEC's standards for audit committees. The Federal Financial Institutions Examination Council, representing the Office of the Comptroller of the Currency, Federal Deposit Insurance Corporation, Federal Reserve Board, and Office of Thrift Supervision, have already recognized the importance of this relationship and issued policy guidance to their examiners that, ideally, the chief internal auditor should report directly and solely to the audit committee regarding both audit issues and administrative matters.
In Section 2B of the SEC's discussion of the proposed changes, the question is posed about "whether the audit committee should be directly responsible for the appointment, compensation, retention and oversight" of the internal auditor? The IIA's answer is "Yes" and recommends that the SEC should include the following duties among the audit committee's responsibilities.
The audit committee should approve:
The IIA's guidance to its 83,000 members amplifies ways in which the chief audit executive and the internal audit activity can support the audit committee with the responsibilities recommended above. Those guidelines state that the chief audit executive should report functionally to the audit committee or other appropriate committee of the governing board. The term "functional reporting" is defined on the basis that an effective audit committee must be responsible for:
These guidelines offered above are based on The IIA Research Foundation's publication Audit Committee Effectiveness - What Works Best, 2nd Edition, prepared by PricewaterhouseCoopers, LLP. A sample audit committee charter is attached to this letter as a "best practice" example.
To reiterate, The IIA supports the extraordinary efforts the SEC is making to improve corporate governance. Restoration of confidence in that process and the fairness of the publicly released reports must include diligence, competency, and conscientious effort by directors, management executives, internal auditors, and public accountants.
To further strengthen and support these critical governance initiatives, The IIA strongly encourages the SEC to approve proposed amendments to listing standards submitted by the New York Stock Exchange calling for all listed companies to have an internal audit function. To ensure that internal auditing serves audit committees as intended, internal audits should be required to be performed by competent staff in accordance with The Standards for the Professional Practice of Internal Auditing (Standards). Internal auditors can demonstrate professional competence by compliance with the Standards, obtaining the Certified Internal Auditor designation, and implementation of a quality assurance program with periodic external assessments of the internal audit activity.
The audit committee carries out a critical component of the board's role and responsibilities. This proposed SEC rulemaking that specifies the requirement of independence for all audit committee members and standards for audit committee performance are important steps forward. We recommend that the SEC add to the audit committee's responsibilities the oversight of the issuer's internal audit activity.
The IIA is pleased to have this opportunity to suggest changes and provide comments on the proposed SEC rules. If we can be of any assistance or provide additional explanations to assist the Commissioners and staff, we welcome your telephone calls or written communications.
Sample Audit Committee Charter
The following sample charter captures many of the best practices used today. Of course, no sample charter encompasses all activities that might be appropriate to a particular audit committee, nor will all activities identified in a sample charter be relevant to every committee. Accordingly, this charter must be tailored to each committee's needs and governing rules.
Audit Committee Charter
To assist the board of directors in fulfilling its oversight responsibilities for the financial reporting process, the system of internal control, the audit process, and the company's process for monitoring compliance with laws and regulations and the code of conduct.
The audit committee has authority to conduct or authorize investigations into any matters within its scope of responsibility. It is empowered to:
The audit committee will consist of at least three and no more than six members of the board of directors. The board or its nominating committee will appoint committee members and the committee chair.
Each committee member will be both independent and financially literate. At least one member shall be designated as the "financial expert," as defined by applicable legislation and regulation.
The committee will meet at least four times a year, with authority to convene additional meetings, as circumstances require. All committee members are expected to attend each meeting, in person or via tele- or video-conference. The committee will invite members of management, auditors or others to attend meetings and provide pertinent information, as necessary. It will hold private meetings with auditors (see below) and executive sessions. Meeting agendas will be prepared and provided in advance to members, along with appropriate briefing materials. Minutes will be prepared.
The committee will carry out the following responsibilities: