Investors want greater certainty, LESS RISK

With Sarbanes-Oxley Section 404 processes largely in place, many audit committees are now refocusing on the basics of financial reporting oversight to ensure they have a handle on the fundamental issues that can drive - or undermine - stakeholder confidence. The dialogue at our last Audit Committee Institute (ACI) roundtable session in Houston as well as recent ACI surveys of audit committee members around the country confirm this “back-to-basics” focus. They also shed important light on key oversight issues and processes that many audit committee members feel could be improved.

Focusing on numbers, risks, and controls

Audit committee members clearly have a growing appreciation for the importance of management’s accounting judgments and estimates, and how tentative or fragile some estimates can be. When polled during the 2006 Audit Committee Issues Conference (which KPMG’s Audit Committee Institute co-sponsored), more than half of the audit committee members said they were only “somewhat satisfied” or “not satisfied” that management provides them with the information they need to oversee its accounting judgments and estimates.

Some 80% said they wanted - or needed - to spend more time discussing this issue. And more than half were not fully satisfied that “management’s discussion and analysis” (MD&A) presented a clear and accurate picture of the company’s financial condition and the results of operations.

Given the dramatic increase in restatements over the past five years - as well as the growing complexity of accounting standards and pressures on companies to “make earnings” - it’s no surprise that audit committee members want to gain a better understanding of this area of financial reporting, and, in particular, the process used by management to arrive at its judgments and estimates.

Audit committees are increasingly recognizing the critical link between the oversight of the financial reporting process and oversight of the risk management process. However, oversight of the risk management process - which many audit committee members have identified as their second highest priority for 2006 - continues to present significant challenges.

Audit committee members, directors, and senior executives attending the ACI roundtable expressed concern about the effectiveness of both their company’s risk management processes, and the audit committee’s oversight of that process. More than 70% said that the company’s process to identify significant risks could be better; and only one in four were “very satisfied” that the board and audit committee are effective in overseeing the significant financial and non-financial reporting risks facing the company.

More than 80% were concerned about the adequacy of the information and reports that management provides regarding the status of its risk management efforts. Many audit committee members also said there was no “bright line” delineating risk oversight responsibilities of the audit committee, full board, and other board committees, reflecting the importance of effectively communicating and coordinating the risk oversight process.

Terry Strange, a panelist at our Houston roundtable session and chairman of the audit committees of several large public companies, suggests that no single model fits all companies.

“In my view, oversight of a company’s risk management program is a board responsibility,” says Strange. “But depending on the situation, primary responsibility [for risk oversight] could fall to the audit committee, a separate risk committee, or the full board. Ultimately, the board needs to determine what’s appropriate.”

Generally, audit committees are more confident now - as compared to 2 years ago - in their oversight of internal controls, including Section 404 compliance processes. However, many continue to express concern about this area of oversight: In our annual survey, more than one third said they are only somewhat or not satisfied with their oversight of internal controls. And, during our annual issues conference, oversight of internal controls was cited by audit committee members as their third highest priority for the year.

In Strange’s view, the 404 compliance process provides an important baseline for the committee’s oversight process: “It’s been a positive in that it gives the committee a line of sight into the control environment, control process, and effectiveness of controls,” he says. “When problems arise, identifying the cause and remedial action can be much simpler.”

Reconsidering agendas, refining activities

Since Sarbanes-Oxley was enacted in 2002, the agendas for most audit committees have been dominated by oversight of Section 404 requirements and implementation processes. With 404 processes widely in place, many audit committees today are taking a step back and reassessing their agenda-setting process.

In our annual survey, more than one third of audit committee members were only somewhat satisfied or not satisfied with their committee’s agenda-setting approach. And, more than half of the participants at our annual issues conference were not fully satisfied that their audit committee’s 2006 agenda appropriately addresses the issues that require their attention and oversight.

Serving as a blueprint for the audit committee’s planned activities - as well as setting expectations for those who interact with the committee and demonstrating the committee’s compliance with its charter and other regulatory requirements - the agenda needs to be definitive and focused. Yet, as Strange observes, it also should be sufficiently flexible to deal with new and evolving matters. “I believe the agenda should be a guide,” he says.

Generally, audit committees are meeting more frequently - and holding longer meetings - in response to the mandates of Sarbanes-Oxley and the scrutiny of the financial reporting process. Still, many audit committee members feel that their meetings could be more productive. More than half of those polled said they should be spending more time - from 50% to 75% of their meeting - asking questions and discussing issues rather than listening to presentations. And, more than one third rated the quality of their pre-meeting materials as moderate or low.

On a positive note, Strange believes that presentations tend to “improve as management and others understand what is needed by audit committee members.” He said he’s seen “definite improvement in pre-meeting materials, both in terms of quality and the timely provision.”

Audit committees also expressed some concern about their own effectiveness. In our annual survey, most audit committee members said their self-evaluation process could be improved, and more than half said their company does not provide periodic in-house education.

Strange points to the composition of the audit committees as a key influence on self-evaluation and education efforts. “My experience is that audit committee members take their responsibility very seriously and continually look for ways to improve their performance and adopt best practices.”

Expanding the depth and breadth of knowledge

In ACI’s annual survey of audit committee members, more than 60% said their company does not provide them with periodic in-house education. At those companies that did offer in-house education, more than 80% of audit committee members devoted less than 8 hours to such programs.

A robust orientation program and ongoing education are essential to ensure that committee members have the depth and breadth of knowledge they need to carry out their oversight responsibilities. (For example, the New York Stock Exchange requires listed companies to address director orientation and education in their corporate governance guidelines.)

Educational topics will vary, of course - from industry issues and regulatory developments to business operations and accounting practices - but the hallmarks of good educational programs are input and participation of management, internal and external auditors, corporate counsel, and outside “experts” as well as a curriculum tailored to the needs of the committee members.

Also, a new-member orientation - or “on-boarding” - program can be an invaluable educational component by helping to familiarize new committee members with the workings of the committee and the board, as well as the company’s financial management, operations, and key areas of risk.

The premium on audit committee effectiveness

The demand by investors and regulators for greater “certainty” - that a company’s financial reporting and disclosures are accurate and transparent, that its risks are known and being managed properly, that someone is “minding the store” - has never been more intense.

From what we’re hearing at our roundtable discussions and in our surveys, audit committees, by and large, recognize the key challenges before them in this “post-Sarbanes-Oxley” environment: ensuring they understand the numbers, risks, and controls affecting financial reporting; developing focused prioritized agendas; and making the best use of their time and resources.

In each of these respects, the audit committee’s relationship and communications with management, auditors, and others involved in the financial reporting process is key. Says Strange: “Timely and open communication, a clear understanding of expectations among all parties, and confidence of each party in the ability and commitment of the others are essential.”

The authors

Regina H. Mayor is a principal in KPMG LLP’s CFO Advisory Services practice. She can be reached at [email protected]

Edgar R. “Bud” Giesinger is managing partner of KPMG LLP’s Houston office. He can be reached at [email protected]

The views and opinions are those of the authors and do not necessarily represent the views and opinions of KPMG LLP. All information provided is of a general nature and is not intended to address the circumstances of any particular individual or entity.