So How Well are You Doing Your Job as an Audit Committee Member?

A fundamental element of the governance of an organisation, regardless if it is public or private sector, is a functional Audit Committee. This is usually either a sub-committee of the board or as is often the case in the public sector, an advisory committee consisting of primarily external independent members, which then provides advice to the Chief Executive Officer or equivalent.

As directors we are all aware of this. However I am seeing time and time again many audit committees failing in delivering upon a fundamental aspect of its responsibility.  Specifically appropriate oversight by the Audit Committee of the Internal Audit function is sometimes lacking.

The Australian Institute of Company Directors (AICD) in conjunction with the Institute of Internal Auditors (Australia) (IIA) and the Auditing and Assurance Standards Board (AASB) has produced an insightful good practice guide for Audit Committees which includes, amongst other guidance, details on the aspects of oversight it should be exercising over the internal audit function. However the elements covered by this guide are not always implemented in practice.  Internal Audit is one of the most important tools in the toolbox of directors because it is functionally accountable to the board and not to management.  It provides the necessary assurance to the board so that it can deliver upon its fiduciary duty.  It is therefore fundamental that the Audit Committee plays a significant role in the oversight of such a function that is primarily there to service it and not line management.

I am not referring to the functional reviews of the deliverables that the Internal Audit function may produce to the Audit Committee through its reports, instead I am referring to some of the other key aspects that are way too often in the controlling hands of the organisation’s management that the internal audit function is auditing.

With regards to in-house internal audit functions, in your role as an Audit Committee member here are a few questions I am posing to you:

• Has an independent member of the committee been involved in appointment of the Chief Audit Executive (CAE) including being part of the short-listing and interview panel? Following on from the Audit Committees recommendation has the board (where applicable, if not then the CEO) ratified the appointment of the CAE?
• Have you insisted upon at least the CAE being a professional member of the relevant professional institute, namely the Institute of Internal Auditors? We would expect the CFO to be either a CA or CPA, therefore it makes logical sense to expect the CAE to have professional internal audit accreditations.
• Have you as an Audit Committee reviewed the Internal Audit budget and made an informed decision as to if you believe it is suitable for its functional delivery against your assurance needs?
• As a minimum have you provided performance review input into the performance appraisal of the CAE? Better still has the Audit Committee itself conducted the performance appraisal? Remember the CAE is accountable to you, not to management.
• Does the internal audit function report against key performance indicators that you have agreed with the CAE based upon a suitable mix of administrative and functional qualitative measures?
• Has the Audit Committee reviewed and recommended for approval the Internal audit charter including agreeing the reporting lines of the CAE? Better practice has the CAE reporting administratively to the CEO and functionally to the Audit Committee. How far up the hierarchy is the CAE reporting to?
• Has the internal audit function had an external quality assurance review, which will determine if it is indeed abiding to the professional standards? This is in effect an audit of the auditors and is a critical component of providing assurance to the board that the internal audit function is fit for purpose.
• Should the CAE leave the organisation has the Audit Committee had a confidential exit meeting with the outgoing CAE to determine the reasons for the departure?

In relation to where an internal audit function is outsourced, there are a myriad of different questions that you could ask yourself, however I will touch upon those in a different write up.

Naturally the above questions do not take away from also providing input into the functional aspects and results of the internal audit function, however I believe that they may assist in addressing some of the administrative oversight that is required by a fully effective Audit Committee.

Being an Audit Committee member is a difficult and important role, let us not lose sight of one of the key aspects of that role, namely the effective oversight of one of the board’s most important tools, the internal audit function.