A properly governed corporate organization will have a corporate governance structure that specifies the role of the shareholders, board, and management and their relationship with each other.
When fully implemented the structure will ensure that the organization is properly directed and controlled and that the rights and interests of stakeholders are protected.
The interests of stakeholders are protected through proper information disclosure, disciplined and transparent market conduct, and effective governance.
The board of the company is responsible for governance, oversight, and decision-making and protecting the interests of stakeholders.
The responsibility of protecting the rights and interests of stakeholders is achieved through the audit committee of the board.
Key stakeholders
The key stakeholders of an organization are those that can either affect or be affected by its performance and management. The key stakeholders include shareholders, directors, management, staff, customers, suppliers, competitors, and government among others.
They are interested in getting sufficient and relevant information on the performance and management of an organization and knowing how its performance will likely impact them.
Role of the audit committee
The audit committee helps the board of directors achieve its corporate governance and oversight responsibilities in the following areas;
Financial reporting and disclosure process
The committee ensures the reliability of the process of documenting and reporting the financial performance of the organization including sharing non-financial information over a given period. The sharing of non-financial information is important because it gives the background to financial performance.
Internal control system
The committee through the internal audit process gets assurance that the controls in place are effectively operating as designed and can be relied upon to produce reliable, accurate, and timely information. The committee also gets assurance that any lapses in the control system are promptly identified, evaluated, measured, and mitigated.
Risk management system
The committee also gets assurance from the head of risk management that an effective risk management system is in place to help the organization identify, evaluate, measure, and mitigate risks.
Internal and external audit functions.
The committee gets assurance from both internal and external auditors that they are independent and free from any conflict of interest. The committee also gets assurance that the audit plans of both internal and external auditors adequately document the procedures that auditors will follow in auditing the organization following the recognized auditing standards.
Compliance with legal and regulatory requirements
The committee also gets assurance from the head of legal and regulatory compliance that an effective legal and regulatory compliance framework is in place and operating as designed. Any legal and regulatory exposures are timely identified, evaluated, measured, and mitigated.
The audit committee’s role is to provide advice and recommendations to the board relating to its findings in the above areas.
Audit committee charter
The auditor charter is a document that outlines the process by which audit-related issues are identified, reviewed, and resolved by the committee. It guides the committee when conducting its business and the following are its suggested contents outline;
- Purpose of the charter;
- Membership on the committee;
- Meetings;
- Reporting;
- Authority;
- Duties and responsibilities;
- Risk management and controls;
- Financial reporting and disclosures;
- External auditor oversight and responsibilities;
- Internal auditor oversight and responsibilities;
- Compliance oversight and
- Investigative authority.
Membership and experience
The committee should have a minimum of three members and a maximum of five members all of whom should be independent directors.
The members of the audit committee should have a high level of financial literacy and experience in the areas of business, finance, audit, legal and regulatory requirements, risk management, and financial reporting and disclosure. They should have acquired their experience while working with local and global organizations in various sectors.
The chairperson should be a current or former practicing accountant with audit experience of at least 10 years auditing both local and global organizations and a member of the Institute of Certified Public Accountants of Uganda in good standing.
Management reports to the audit committee
The committee members should receive from management committee papers at least 14 working days before the committee meeting to enable them to read and appreciate the papers so that they are in a position to make informed contributions during the meeting. The committee papers should include the following among others;
- Minutes of previous meeting;
- Matters arising from minutes of the last meeting;
- Organization performance and operations reports;
- External auditors report;
- Internal auditors report;
- Risk management report;
- Legal and ethical compliance reports;
- IT security report;
- Human resources report and
- Special reports as requested by the board.
Private meeting with external auditors
The committee needs to have a private meeting with the external auditor to ask questions or seek clarification on issues that were not specifically addressed in the meeting.
The meeting also enables the external auditor to provide any confidential comments or information on issues that were not appropriate to talk about in the meeting.
The meeting with the external auditors could also cover the organization’s financial reporting, internal controls, the audit process, and coordination with the internal audit function.
Private meeting with internal auditors
The private meeting with the head of internal audit enables the committee to ask questions other than those relating to the formulation and implementation of the internal audit plan.
The meeting also creates an environment that enables the head of the internal audit to openly respond to questions and raise issues that were not appropriate to be raised in the meeting.
The other issues to discuss in the private meeting could include the following among others;
- Relationship with external auditors;
- Management attitude toward risk and internal control;
- Existence of adequate resources in the financial function and
- Ethical and integrity issues.
Challenges that might face the audit committee
Constant and unpredictable change
The situation of constant and unpredictable changes requires new approaches to the management and leadership of business organizations. The changes are likely to impact both the audit, performance, and reporting processes.
Lack of proper tone at the top
Lack of proper tone at the top may include a lack of strictness with management and Staff living the core values, disregarding internal controls, promoting defensible conduct, and not taking steps to reduce the increasing incidents of fraud.
Lack of talents
The committee may get substandard reports and responses from management because of a lack of skilled talents in the areas of finance, audit, risk management, and IT.
Cyber security risks
The committee is most likely to get increasing incidents of cybersecurity because of a lack of competent resources to prevent it.
Rapid growth in technology
The organization may lack the capacity to keep up pace with the rapid growth in technology resulting in IT-related risk exposures.
Environment, social and governance (ESG)
Organizations are currently under pressure to promote sustainability and social practices and there is an urgent need to enhance the capacity of the members of the audit committee in ESG practices and reporting.
Co-opting specialists
There are so many unpredictable things happening including cybersecurity, the demands of the environment, social and governance reporting, the slow embracing of technology by directors, big data, cloud computing, and artificial intelligence that might require the co-opting of specialists to advise the board members. It would be unreasonable in the short run to expect all the board members to be experts in the above.