4.2. The Audit Committee and senior management

To be effective, the audit committee must be independent from management and free from any undue influence. Members of the audit committee should not have any executive powers, management functions or delegated financial responsibility.[33]

As Audit Committees are generally advisory in nature, the members’ understanding of the difference between the responsibilities of the committee and the decision-making functions of management must be clear.

The approach the Audit Committee adopts in its interaction with senior management will have a direct bearing on the effectiveness of the committee. If the committee demonstrates a positive culture of continuous improvement, rather than a punitive culture, the committee is more likely to effectively fulfil its role.

The entity can contribute to a strong relationship with the Audit Committee by arranging for the external Audit Committee Chair to attend selected management meetings as an observer. This would assist the Audit Committee to maintain an up-to-date understanding of the entity. It can also assist the Chair to maintain constructive relationships with senior management. Attendance at such meetings is also an opportunity for the Chair to brief senior management on Audit Committee activities.

The Audit Committee can contribute to strong relationships with management by providing executive managers with a brief summary of the issues dealt with at each meeting, including details of actions to be undertaken by management. This simple process can heighten the visibility of the committee and be a practical way to demonstrate that the Chief Executive/Board take the responsibilities of the committee seriously.

It is important that senior managers have a good understanding of the Audit Committee’s responsibilities. Entity managers should adopt an open and constructive attitude in their dealings with the committee as a whole and with individual members. They are to be forthcoming in identifying any areas of potential weakness or risk that could be considered in developing the internal audit plan, and be constructive when interacting with or addressing issues the Audit Committee or internal and external audit raise.

Better practice tip: The Audit Committee and senior management

A better practice Audit Committee will ask senior management to advise the committee on emerging significant risks and changes to the business.

The Audit Committee should be alert to opportunities for senior management representatives to attend meetings, to facilitate further discussion on action to implement audit recommendations, or to explain why any recommendation has not been addressed appropriately or in a timely way. Presentations or attendance by senior managers at an Audit Committee can be useful in building trust and effective communication links between the committee and management, particularly where the entity is managing significant risks and where internal and/or external audit have made significant recommendations. Presentations from senior management should align with the Audit Committee’s responsibilities.

Follow-up of audit recommendations

An important responsibility of the Audit Committee is to review actions taken by management to implement internal and external audit recommendations. The action management takes should accord with the responses and timeframes documented in the audit reports that have been agreed by the entity and reviewed by the Audit Committee. One way the committee can effectively monitor management’s implementation of audit recommendations is to have a standing agenda item requiring a listing of outstanding recommendations to be tabled at scheduled meetings. To assist the committee to assess management’s performance in implementing audit recommendations, internal audit should maintain an appropriate process for monitoring and reporting on the status of agreed internal or external audit recommendations or agreed recommendations from parliamentary committees or other review bodies. Outstanding recommendations should be prioritised for action by the Audit Committee.

Better practice committees will arrange for officers responsible for implementing significant audit recommendations to attend committee meetings to enable the committee to obtain direct feedback on progress in implementing the recommendations.

Better practice committees will also ask management to review the findings of relevant ANAO cross-agency audit reports or other publications, such as better practice guides relevant to the entity, and to assess their own operations against the report’s recommendations and better practice.

Where necessary, the Audit Committee should advise the Chief Executive/Board on action it considers necessary to address significant issues in internal and external audit reports. This can be done through a written report or summary provided to the Chief Executive/Board or through discussions between the Chief Executive/Board and the committee Chair.

Chief Operating Officer

Increasingly FMA agencies are establishing a position of Chief Operating Officer (COO) as a key member of the agency’s executive management team. COOs are generally responsible for a broad range of administrative functions that will include matters such as risk management, legislative compliance and internal audit, that are within the purview of the agency’s Audit Committee.

In these circumstances, there may be an inherent conflict of interest in the COO being a member of the Audit Committee. It is therefore better practice for the COO not to be a member of the Audit Committee but could be invited as an observer, to provide briefings to the committee on business developments.

Chief Financial Officer

The relationship between the Chief Financial Officer (CFO) and the Audit Committee is an important one in the context of the committee’s financial statement and internal control responsibilities. The Audit Committee should put arrangements in place that provide for the CFO to advise the committee in a timely manner of all significant accounting and financial reporting issues that may affect the financial statements and the underlying systems of internal control, and for the committee to seek assurance that any such issues are being addressed in a timely manner. In addition, the Audit Committee can provide the CFO with advice and assistance on matters relating to the preparation of the entity’s financial statements. [34]

To avoid potential conflicts of interest it is better practice for the CFO to be invited to attend Audit Committee meetings as an observer, rather than as a committee member.

Chief Information Officer

Effective lines of communication are required between the Chief Information Officer (CIO) and the Audit Committee, as information and communications technology is an important part of the entity’s business operations and will often be an area of risk requiring careful review. Ideally, the CIO will be able to clearly explain specialised information technology system matters to the committee, or a member will possess sufficient expertise to enable the committee to fully understand the CIO’s advice and any potential implications.

To avoid a potential conflict of interest, it is better practice for the CIO to be invited to attend Audit Committee meetings as an observer, rather than as a committee member.

Head of Internal Audit

Establishing a sound working relationship with the Head of Internal Audit will assist the Audit Committee to meet its responsibilities, particularly those relating to internal audit that include reviewing internal audit plans and reports, and resourcing of the internal audit function.

It would be expected that the Audit Committee is consulted on the appointment of the Head of Internal Audit.

To avoid a potential conflict of interest it is better practice for the Head of Internal Audit to be invited to attend Audit Committee meetings as an observer, rather than as a committee member.

 

---

Previous: The Audit Committee and the Chief Executive/Board

Next: The Audit Committee and other committees