Complying with the new regulations has not only dramatically increased the workload and responsibilities of CFOs, finance teams, and directors, but it also has fundamentally changed their role and their relationship with other, nonfinancial groups within the corporation. For example, the provisions of the Sarbanes-Oxley Act call for senior finance executives and the audit committee of the board to take a much more active role in the operations of the business, as they are charged with certifying the strength of both a company’s internal controls and the information they generate. Three sections of Sarbanes-Oxley are especially relevant: section 302, which outlines corporate responsibility for financial reports; section 404, which covers management assessment of internal controls; and section 409, which requires more rapid public disclosure of so-called material events in company performance.
Traditionally, the role of the audit committee has been to oversee, monitor, and advise company management and outside auditors in conducting audits and preparing financial statements, subject to the ultimate authority of the board of directors. The Securities and Exchange Commission (SEC) first recommended that publicly held companies establish audit committees in 1972. The stock exchanges quickly followed suit by either requiring or recommending that companies establish audit committees. In 2002, Sarbanes-Oxley increased audit committees’ responsibilities and authority, and raised membership requirements and committee composition to include more independent directors. The SEC and the stock exchanges followed with additional new regulations and rules to strengthen audit committees.Keinath and Walo (2004), p. 23.
Fulfilling all of the duties and responsibilities assigned to them under recent legislation and newly adopted stock exchange rules and shifting to a more proactive oversightRegulatory review, monitoring, and supervision used in reporting and monitoring internal controls. role represent major challenges for audit committees. Their responsibilities have been expanded in major ways and now include ensuring accountability on the part of management and internal and external auditors; making certain all groups involved in the financial reporting and internal controls process understand their roles; gaining input from the internal auditors, external auditors, and outside experts when needed; and safeguarding the overall objectivity of the financial reporting and internal controls process.
Importantly, in the wake of Sarbanes-Oxley, the relationship between management and outside auditors has been replaced by one between the audit committee and outside auditors. The audit committee now is directly responsible for appointment, compensation, retention, and oversight of independent auditors who report directly to the audit committee. And, by vesting responsibility and authority for certain audit-related actions in the audit committee—to the exclusion of the full board, management, and shareholders—Sarbanes-Oxley appears to alter the traditional delegation, under state law, of board power to a committee.
The audit committee must also establish specific procedures for handling complaints received by the company regarding accounting, internal accounting controls, or auditing matters, including confidential submission by company employees of concerns regarding questionable accounting or auditing matters. In addition, all audit services and permitted nonaudit services provided by outside accounting firms must be preapproved by the audit committee. All approvals of nonaudit services must also be disclosed in the company’s periodic reports. Certain nonaudit services by firms that perform audits are expressly prohibited.
As noted in Chapter 4 "Recent U.S. Governance Reforms", the composition and credentials of the audit committee are also tightly regulated. Public companies are required to have an audit committee consisting of at least three independent members of the board of directors. Each committee member must be “financially literate” and at least one member must be designated as the “financial expert,” as defined by applicable legislation and regulation.
Audit committees are required to define their responsibilities and operations in an audit committee charter.For an example of an audit committee charter, consult the Web site of any major public corporation., This section is based on The Institute of Internal Auditors (2006), “The Audit Committee—Purpose, Process, Professionalism.” http://www.theiia.org Such a charter should (a) clearly delineate audit committee processes, procedures, and responsibilities that have been sanctioned by the entire board; (b) define membership requirements, including a provision for a financial expert; (c) allow for yearly reviews and changes; (d) designate the minimum number of meetings to be conducted; (e) accommodate executive sessions with appropriate entities and allow for engaging outside counsel as needed; (f) outline the committee’s responsibilities in regard to risk management, compliance issues, and review of its own effectiveness; identify the specific areas the audit committee should review as well as with whom those reviews will be conducted; and include such specific roles as annual report preparation oversight and yearly agenda planning; and (g) delineate the audit committee’s relationships with the internal and external auditors; appoint, evaluate, set time limits for, and discharge (with the concurrence of the full board) the external auditors; and evaluate the independence of both the internal and external auditors.