November 24, 1999
Mr. Jonathan G. Katz
U.S. Securities and Exchange Commission
450 Fifth Street, N.W.
Washington, D.C. 20549-0609
Re: Audit Committee Disclosure -- Release No. 34-41987 File No. S7-22-99
Dear Mr. Katz:
The Institute of Internal Auditors (IIA) appreciates the opportunity to submit our comments on the Securities and Exchange Commission's (SEC) proposed new rules and amendments to improve audit committee disclosures and enhance the reliability and credibility of financial statements of public companies. On behalf of The IIA's more than 70,000 members around the world, many of whom work for public companies and interact regularly with audit companies, let me express our support for your efforts to adopt the recommendations of the Blue Ribbon Committee on Improving the Effectiveness of Corporate Audit Committees (BRC).
In our testimony to the BRC The IIA expressed its belief "that the ability of the audit committee and internal auditing to work well together significantly impacts how effectively the audit committee can fulfill its responsibilities." The IIA also believes that each audit committee should ensure that its organization has an adequately staffed, professional internal auditing function. Appropriate resources must be available to audit committees as they exercise their corporate governance responsibilities.
The IIA believes that audit committees should receive a report on the adequacy and effectiveness of internal controls - the process that supports good governance and accountability. Further, we think that the internal auditor should prepare the assessment. The report would be coordinated and draw upon representations from management about the sufficiency of internal controls, the results of tests of control systems performed by internal auditors and others on the management team, and the work of the external auditor. The audit committee should evaluate and assess the adequacy of the report and make appropriate recommendations to the board.
While annual assessments, proxies, and annual financial reports can be used effectively to communicate pertinent information to investors, processes that support ongoing monitoring and reporting are becoming more critical in today's information environment. Technology has created expectations of instant information, wider distribution of greater volumes of information, and more analysis of the available information. An effective internal auditing function is a critical resource for providing audit committees with assurances about the risk management, control, and governance processes used to ensure accurate financial reporting.
Pre-Filing Review of Quarterly Financial Statements
The IIA believes that a review of interim financial information by independent auditors prior to filing with the SEC will result in more reliable and credible interim financial statements. And, if the goal is to improve the accuracy of interim financial information to investors, then such reviews should be required prior to public earnings releases. Unfortunately, additional reviews are likely to impede more timely release of information. Cost considerations, especially for smaller companies, will also need to be considered. Whatever solution is adopted should be applied to all public companies as the goal is to protect the investing public.
The Audit Committee Report
The IIA is supportive of requiring a public report by the audit committee that discloses their activities relative to the financial reporting process. Such a report should be worded to be a report of activities and not a "certification" of the financial statements. If such reports are required of audit committees, and if reports are required from the external auditors, then management should also be required to provide a report representative of their role in the financial reporting process.
In accordance with The IIA's testimony to the BRC, "we believe that the `partnership' between audit committees, boards, regulators, external auditors, internal auditors, and management cannot be ignored. Efforts to improve one partner's responsibilities for financial reporting should be complemented by changes to improve the other partners' responsibilities. The internal auditing profession is uniquely positioned to assist each of the partners in improving its effectiveness." Here again, we would like to emphasize the need for audit committees to be supported by an adequately staffed, professional internal auditing function.
Audit Committee Charters
We support disclosure of the audit committee charter and believe that it should be done on an annual basis. However, while we are supportive of this disclosure, we believe that a required "compliance" statement by the audit committee could have the effect of reducing charters to vague, broadly-worded, "boiler-plate" documents with limited value. In situations where companies have adopted lengthy, detailed charters, we would be supportive of some type of summary disclosure that addressed certain required items at a minimum.
Disclosure About "Independence" of Audit Committee Members
We believe that all public companies should comment on the independence of its audit committee directors, use the same definition of independence for directors, and adhere to the same disclosure standard. Also, we believe that companies should be required to disclose information concerning their external auditors that might be perceived as impairing the independence of the external auditor. Disclosure of information such as that required to be discussed with the audit committee by Independence Standards Board (ISB) Standard One would help ensure the independence of the external auditors.
Proposed Safe Harbors
The IIA is supportive of adopting "safe harbors" to cover these new disclosure requirements for audit committees. It is in the public and investors interest to protect and promote best practice for audit committees in exercising their role in the governance process.
Established in 1941, The Institute of Internal Auditors is an international professional organization with world headquarters in Altamonte Springs, Florida. The IIA has over 70,000 members in internal auditing, governance, internal control, IT audit, education, and security. With representation from more than 100 countries, The Institute is the acknowledged leader in standards, certification, education, research, and technological guidance for the profession worldwide.
Thank you again for allowing The IIA to provide our comments. If The IIA can provide further assistance, please feel free to call me.
William G. Bishop III, CIA