Professional Documents
Culture Documents
Risk oversight
Risks by their very nature are uncertain and affect all areas of a business. The audit committees role is to review and challenge, where appropriate, the companys risk profile and ensure that risk management processes are in place, especially those affecting financial reporting and reputational risks.
Understand the companys framework for risk assessment and managements related policies and procedures Understand how the company documents and responds to identified risks Review whether appropriate focus is being paid to the companys risk intelligence gathering and assessment processes and understand the companys ability to both identify emerging risks and anticipate risk events Review whether the risk disclosures in the financial statements and in the Form 10-K are appropriate, robust and understandable Review the companys major financial risk areas and understand the adequacy of controls and monitoring procedures in place Periodically reassess the list of top risks, determining who in management and which committee of the board is responsible for each Meet directly with key executives responsible for risk management and focus on whether they understand they are empowered to inform the committee of extraordinary risk issues and developments that require the committees immediate attention outside of the regular reporting process Focus on the companys plans for achieving any information technology milestones, especially for IT transformation projects, given the importance of IT to most organizations Understand the use, if any, of emerging technologies (such as cloud computing), their relevance to the company and the associated risks Understand whether IT security processes are updated as appropriate and are in line with the strategy of the company Review whether processes to evaluate acquisitions include an assessment of controls at the acquired entity, such as tone at the top and controls around IT risks
Help promote healthy skepticism among fellow committee and board members
Consider alternative viewpoints Evaluate whether the companys crisis preparedness is adequate Consider periodically rotating audit committee members, staggering the terms of service to have the benefit of new skills and perspectives Engage independent advisers, as necessary Recognizing the significant workload of board service, and especially of audit committees, consider policies limiting directors other board service or audit committee participation Conduct an annual committee self-evaluation, considering what the committee could have done better and what the committee needs to do next year
10
Executive sessions
Audit committees are increasingly holding private sessions, often with internal audit, the external auditor and management. Audit committee members may use this time to reflect on issues, evaluate what is working and what opportunities exist for improvement, and identify follow-up actions. Schedule regular sessions with and without internal audit, the external auditor and management Schedule regular sessions with various members of management, such as the CFO, controller, general counsel and others as appropriate Consider private audit committee sessions both before and after meetings with the internal auditor, the external auditor and management Provide clear objectives and expectations for each meeting Prepare specific topics and questions Understand the response and resolution for each issue raised
11
12
13
This publication has been carefully prepared but it necessarily contains information in summary form and is therefore intended for general guidance only; it is not intended to be a substitute for detailed research or the exercise of professional judgment. The information presented in this publication should not be construed as legal, tax, accounting, or any other professional advice or service. Ernst & Young LLP can accept no responsibility for loss occasioned to any person acting or refraining from action as a result of any material in this publication. You should consult with Ernst & Young LLP or other professional advisors familiar with your particular factual situation for advice concerning specific audit, tax or other matters before making any decision.