With new accounting standards, audit quality pressures from the Public Company Accounting Oversight Board (PCAOB) and uncertainty in the business and regulatory environment, many audit committee members I talk to say they feel tasked to the limit. This is not new. Stretched audit committees is a common phenomenon, and has been for years.
When planning the agenda for the upcoming year, it’s easy to simply continue with the same drumbeat of the prior year. But with so many demands converging, Protiviti recently published a suggested 2018 agenda of items audit committees should consider over the next twelve months. Our suggested agenda is informed by discussions with client audit committees and numerous round tables and conversations with directors serving on audit committees. We recently published the 2018 “mandate” in Volume 6, Issue 9 of The Bulletin.
The suggested 2018 agenda consists of eight issues — four pertaining to enterprise, process and technology risks, and four to financial reporting related risks. Here’s a quick overview:
Enterprise, Process and Technology Risks
Audit committees should periodically assess their effectiveness, ensure they have a sufficient business context in discharging their responsibilities, be alert for signs of a dysfunctional culture and ensure the necessary talent is in place to support their oversight. In 2018, we recommend the committee consider the following:
- Assess the effectiveness of committee composition and focus to ensure that committee members have the requisite experience and expertise. Do committee members have the requisite experience and expertise to oversee management on the appropriate issues, and are the committee charter and agenda focused on the issues most likely to affect the quality of financial and other information reported to investors? Do committee members have the time to do their jobs effectively? The committee should take a pause to consider these and other questions.
- Understand the critical risks that could affect the business and its financial and public reporting. Are emerging business risks and changes in critical enterprise risks identified and addressed in a timely manner? Are cybersecurity, privacy and identity, and other related issues adequately considered?
- Pay attention to conduct at the top, and consider the evidence supporting whether the tone in the middle is consistent with the tone at the top. Is executive management sending the right signals to the organization through both words and actions? How does management know that the culture permeating the organization is aligned with the entity’s mission, vision and values?
- Consider whether talent in the finance and internal audit functions is meeting expectations. Are there weak spots requiring attention? Are capabilities aligned with the company’s needs? Are there new skills required due to pending accounting changes?
Financial Reporting Issues
Financial reporting issues remain at the heart of the audit committee agenda. That will never change. In 2018, we recommend that audit committees:
- Oversee implementation of the new revenue recognition standard. Is management getting the job done? Has the experience to date with implementing that standard shown what can be expected on other new standards as they become effective?
- Determine whether the company is sufficiently focused on matters the SEC considers important. Does the committee understand the SEC’s concerns (e.g., diversity, workload, non-GAAP disclosures, valuation issues, asset impairments, cyber disclosures), and is it focused on those areas?
- Understand the audit issues raised by the PCAOB and how they might impact the audit process. The PCAOB’s inspections scope and new standards may influence the audit process, which in turn may affect the audit of the company’s financial statements.
- Focus on the implications of areas of change that are imminent. For example, understand the new lease accounting standard’s impact on the company’s financials and the implications of incorporating critical audit matters in the auditor’s report.
The audit committee has a difficult and demanding role amid regulatory expectations to serve as the final line of defense for ensuring quality financial reporting. The start of a new year is an opportunity for directors to self-assess committee composition and scope with an eye toward improving the control environment and the financial reporting process.
Special attention should be paid to the following areas:
- The financial reporting process, including reviewing annual and quarterly financial statements and earnings releases (including management’s discussion and analysis, information and guidance provided to analysts and rating agencies, and pro forma or “adjusted” non-GAAP information).
- Critical accounting policies, quality of management judgments and estimates impacting the financial statements, and written communication between external and internal auditors and management.
- Hiring, retention, performance and compensation of the external auditor, including pre-approval of non-audit services to be provided by the external auditor, and policies on hiring personnel from the external audit team (with an appropriate cooling-off period).
- Establishing procedures for handling complaints and employee concerns on accounting, financial reporting, internal control, auditing and related compliance issues, and periodically evaluating and revising the process as necessary to improve its effectiveness.
These suggestions are intended to be illustrative and do not purport to cover every topic the committee should consider in its self-assessment process. Read our latest Bulletin for a complete discussion of the 2018 Audit Committee Agenda outlined here. In addition, register for our January 4, 2018 webinar presenting our recommended topics for audit committees in the coming year.