Approximately 280 audit committee members serving on the board of directors of at least one U.S. public company were surveyed between November 2008 and February 2009.  Their responses comprise the findings of the 4th Annual Public Company Audit Committee Member Survey. 

The economic crisis is changing the way audit committees function, with 75% indicating they have increased their “hands-on involvement” with management because of the crisis.  Key requirements audit committee members feel are necessary to increase their oversight include holding more frequent formal and informal meetings, having more open and frank discussions with management, receiving quality information from a variety of sources, exercising skepticism and questioning information and assumptions, and visiting key business units and foreign offices.

Dissatisfaction with Risk Management Processes

The primary focus for audit committees in 2009 is to understand the short and long-term risks to the company posed by the financial crisis and recession.  However, a significant portion of members surveyed are not fully satisfied with their understanding of how management is addressing many of these risks.  Other top priorities for audit committee agendas in 2009 include risk management, financial statement issues, disclosures, internal controls, and IT risk.

Although risk management is increasing in focus, risk oversight responsibilities of audit committees often remain unclear.  The adequacy and effectiveness of the company’s governance processes for managing risk as a result of the financial crisis is being reassessed by 74% of respondents.  The lack of clear delineation of responsibilities of the full board and its standing committees for oversight of significant business risks is a concern shared by 54% of respondents.  There are several areas of particular concern to audit committee members: the committee lacks a good understanding of the link between strategy and risk, management may not have a holistic view of risk, stress-testing of risk assumptions may not be rigorous enough, and the impact of culture and incentives on the company’s risk profile is not fully understood.

Specific Risk Concerns

There is a strong correlation between the areas audit committee members report being least effective in their oversight and the areas in which members express concern about the quality of information they receive.  These areas include IT risk, fraud risk, financial risks posed by the financial crisis and recession, and significant risks facing the business.  Boards are working with management to address this issue by determining the information needed by the board and how it should be presented to best enable meaningful discussions about the company’s risks, its performance, and where it is heading.

Audit committee members also expressed concerns about risks posed by conducting business internationally.  Almost half (49%) are not fully satisfied with the company’s ability to manage risks associated with doing business in emerging market countries and 27% are not fully confident that their company has an effective program in place to comply with the Foreign Corrupt Practices Act.  Yet despite these concerns, 45% of audit committee members report never visiting company operations or facilities in foreign countries.

While the CFO and internal audit department are central to the financial reporting process at companies, they often lack clear performance objectives.  Respondents indicate that 71% do not have a formal succession plan for the CFO and 50% are concerned that their audit committee’s evaluation process for the CFO is not sufficiently rigorous.  There is also some concern about the rigor of evaluation processes in place regarding the chief audit executive and external auditor.  Importantly, 27% of respondents are not fully satisfied that the audit committee, internal auditor, and senior management have a clear, shared vision of the role of internal audit at the company.

Desire for Change

Audit committee members indicated a need for increased effectiveness regarding many key oversight processes.  Audit committee members would like to see meeting materials include more comparisons to industry statistics and benchmarking (46%) and better identification of important issues (41%).  Audit committee meetings could be more effective and efficient by spending more time discussing issues and asking questions instead of listening to presentations (46%) and by better prioritizing agenda issues (42%).  Audit committee effectiveness could be enhanced by improving committee agendas (30%), understanding of the company’s strategy and related risks (23%), information flow (18%), and committee composition (13%).  Finally, audit committees’ effectiveness may be enhanced by implementing performance evaluations of individual audit committee members, as only 21% currently perform these evaluations.

Subscribe to ERM Insights

The latest research, insights and opportunities from the NC State ERM Initiative to help
you and your organization lead with confidence.

ERM Enterprise Risk Management Initiative 2009-03-01