The relationship between the audit committee and board of directors is an important one. It sets the tone-at-the-top for the rest of the organization and influences other important aspects of the company.
The audit committee is a separately chartered committee of the board of directors. The audit committee has a direct relationship with the board of directors as it reports to the board on a quarterly or more frequent basis on such things as audit plans, audit findings and other items deemed to be significant.
The role of the audit committee has significantly expanded in recent years. Realizing this, the board of directors has begun to shift some of the audit committee’s responsibilities to separately chartered committees to create a balance of duties and ensure they are effectively executed. These additional committees have often included a compensation committee, disclosure committee, and nominating and governance committee.
Select one of the areas below to view a sample of audit committee and board or directors information available on KnowledgeLeader.
Achieve Sustainability by Integrating the Section 404 and Section 302 Compliance Process Questionnaire
For most companies, the administrative burden encountered during the first year of Section 404 compliance warranted a fresh look at the overall compliance process. This questionnaire focuses on strategies for integrating compliance activities around Sections 404 and 302 of The Sarbanes-Oxley Act of 2002 with the objective of achieving a sustainable internal control structure.
Audit Committee Charter - Example 5
Audit committees assist the board in monitoring the integrity of the financial statements, external auditor qualifications, performance of the internal audit function and external auditors, and company’s compliance with regulatory requirements. This charter provides one example.
Audit Committee Charter Review Checklist
This checklist addresses a variety of topics and acts that often fall within the Audit Committee’s responsibilities. It provides a broad framework and a set of activities that can be undertaken by the Audit Committee to achieve appropriate oversight. This document is intended to only be used as a sample guide to understanding and reviewing the current charter.
Audit Committee Annual Planning Schedule - Sample
This sample schedule provides an annual planner for audit committee activities and demonstrates how to schedule and track audit committee activities throughout the year. Using an annual planner helps ensure that required topics and issues are discussed and not overlooked.
Board Of Directors Authority Charter, Checklist, and Matrix
This sample Board of Directors authority charter can be used to assist board members, management, and internal audit directors to establish clear attributes of authority to better manage the governance process. The charter includes an activities checklist and an authority matrix for specific areas.
Control Environment Audit Work Program
This audit work program focuses on the control environment component of the COSO Framework. Sample risks addressed in this audit work program include: a code of conduct and other policies does not exist regarding acceptable business practices, conflicts of interest, or expected standards of ethical and moral behaviour; adequate staffing levels are not maintained to effectively perform required tasks; and an independent governing body that provides oversight for management's activities does not exist.
Corporate Governance: Relationship with Internal Auditors
The purpose of this policy is to establish reporting relationships for the internal auditors of the company. Both internal and external auditors, by the nature of their work, have a special relationship with the board of directors. This policy spells out particular reporting relationships to ensure that appropriate governance can be applied.
Disclosure Committee Questionnaire
The purpose of this questionnaire is to ensure that all necessary quarterly financial reporting disclosures are addressed, and any changes to these disclosures are explained by management.
Entity Level Controls - Control Environment Questionnaire
The control environment provides an atmosphere in which people conduct their activities and carry out their control responsibilities. It is the foundation for all other components of internal control, providing discipline and structure. This excel-based template provides a number of COSO elements and the related control objectives for entity level controls. Within the questionnaire you can document items such as whether the control exists; whether it was designed properly; related test procedures; and management action plan for deficiencies. The following sections have been updated in this questionnaire: Integrity & Ethical Values, Commitment to Competence, Board of Directors or Audit Committee, Organizational Structure, Assignment of Authority & Responsibility.
Evaluation of Internal Audit Performance – Audit Committee Questionnaire
This questionnaire allows members of the audit committee to review, critique, and evaluate the internal audit function on an annual/periodic basis.
The Expanded Responsibilities of the Audit Committee – Questionnaire
When the SEC adopted rules mandated by the Sarbanes-Oxley Act of 2002, it, among other things, expanded and formalized the responsibilities of audit committees. The major exchanges also weighed in, defining expectations for audit committees. This document suggests keys questions to help the audit committee function effectively.
Financial Institution Security Audit Work Program
This work program is an aid to assess the quantity of risk and the effectiveness of a financial institution’s risk management processes as they relate to the security measures instituted to ensure confidentiality, integrity, and availability of information, instilling accountability for actions taken on the institution’s systems.
Internal Audit Engagement Letter: Sample
This sample internal audit engagement letter informs the auditee of an upcoming audit. It details the audit objectives, the timeline, and the audit team members. It also covers the pre-audit meeting, expected deliverables, and the audit team’s mission.
Internal Audit Reporting: Impact and Clarity: Guide and Example
Effective Internal Audit reports and communications are a critical aspect of the audit process. Strong reporting is more than just appearance, and should be a reflection of the audit approach, performance, and organizational governance objectives. This guide provides practical advice for audit reporting, and includes an example report to the Audit Committee.
Inventory Management Audit Work Program
The purpose of this work program is to provide the general steps used to perform an inventory management audit. This document provides audit procedures for the review of purchasing, warehousing, distribution, finance, marketing/support, and engineering..
Job Description: Vice President, Corporate Audit
This sample job description outlines the roles and responsibilities for the position of a Vice President, Corporate Audit. This description focuses on overseeing the development of an internal audit plan; supervising the evaluation and testing of internal controls; and reviewing the implementation of new systems and procedures to guarantee the adequacy of internal controls.
Manual General Ledger Journal Entries Policy
This sample policy ensures all manual journal entries to the Company’s general ledgers are properly prepared, supported by adequate documentation, reviewed, approved and recorded and that journal records are maintained in accordance with audit requirements.
Monitoring Audit Work Program - Example 2
This audit work program focuses on the monitoring component of the COSO Framework. Sample risks addressed in this audit work program include: internal and/or external audit comments and management responses are not provided to the audit committee or board of directors and internal audit does not have the authority to review any aspect of the entity's operations.
Restaurant Regional Office Internal Control Audit Work Program
The purpose of this work program is to conduct an internal control review at a restaurant company’s regional office. Example audit areas covered in this work program include: payroll, overtime, inventory, bank reconciliations, and approved vendors.
Risk Assessment Audit Work Program
This audit work program focuses on the risk assessment component of the COSO framework. Sample risks addressed in this audit work program include: management does not have a business planning process in place that examines existing objectives and establishes new objectives when necessary; senior management does not develop plans to mitigate significant identified risks; and changes in risks are not identified in a timely manner.
Setting the Audit Committee Agenda - Board of Directors and Management Questionnaire
Good business leaders are aware that the world is changing – dramatically. This questionnaire offers ideas for boards and their audit committee regarding matters they should consider to manage change in the years ahead.
Staying Focused on Core Business Issues Amid Corporate Governance Compliance – Questionnaire
Companies address a myriad of new corporate governance requirements established by U.S. Congress, the exchanges and regulators. While meeting these requirements, it is equally imperative to address the core business and profitability issues facing the organization, particularly in today’s increasingly demanding global marketplace. This document addresses questions focused on balancing corporate governance and business operational demands.
25 ‘Worst Practices’ in Educating the Audit Committee: What Not to Do
In these uncertain times, profits are being challenged, everyone is clamoring for more oversight, the control environment is threatened as layoffs grow, and IT has a whole new set of risks. With this backdrop, the relationship between the chief audit executive and audit committee has never been more important. The communication must be open, continual, pertinent and timely. To explain how to do this, consider first some thoughts on how not to do it.
2011 Internal Audit Capabilities and Needs Survey
Protiviti’s fifth annual survey found that internal auditing professionals are to play a leadership role, support the C-suite and board agenda while being prepared for continuous and ongoing change.. Participants, including chief audit executives along with internal audit directors, managers and staff, answered more than 100 questions in four categories: General Technical Knowledge, Audit Process Knowledge, Personal Skills and Capabilities and a new category, Risk Management and Governance Process Knowledge. The survey was designed to gauge how internal audit professionals perceive their present capabilities, where they currently see need for improvement and how they prioritize those needs.
Achieving High Performance in Internal Audit
Protiviti and the Institute of Internal Auditors – Australia, conducted research with chief audit executives from over 150 organizations exploring how organizations enable their internal audit function to advance good corporate governance. The research found a significant number of internal audit functions lack the appropriate framework to operate independently and objectively; an excessive level of influence is exercised by executive management over audit committee activities and the oversight and management of the internal audit function; and the majority of internal audit functions are unable to demonstrate compliance with the International Standards for the Professional Practice of Internal Auditing.
Commonwealth Bank of Australia: Merging powerful audit insights with technology
Commonwealth Bank, one of the largest companies listed on the Australian Stock Exchange, provides integrated financial services to clients. In this profile, Rachel Grantham, head of Strategy and Operations for Group Audit at Commonwealth Bank, states that a key team objective “is to ensure our people have the right audit methodologies, tools and processes to execute high-quality audit reviews and deliver optimum value to the business.” Grantham describes how her team achieves this through data analytics and continuous monitoring.
Corporate audit at Unilever: Responding to change
Unilever is a global consumer goods giant with hundreds of consumer brands spanning 14 categories of home, personal care and food products. In this profile, Alan Johnson, leader of the corporate audit group, discusses how the group responded to change when the company’s corporate structure changed. Johnson also discusses the organization’s “Well-Being Program” that was established for audit managers to make sure they strike the right level of work-life balance.
Dentsply’s IAS team leverages technology to meet global financial audit objectives while controlling costs
Dentsply, a manufacturer of dental supplies and instruments, conducts business in more than 120 countries. In this profile, Jeff Walters, Dentsply’s audit director, discusses how the audit department is expected to cover 60 to 70 percent of the company’s operating assets. This expectation is defined in the internal audit charter, approved by the audit and finance committee of Dentsply’s board of directors. Walters describes how his team achieves this coverage through an integrated audit approach that leverages technology.
External Auditor Considerations
This section of Protiviti's "Guide to Internal Audit" addresses common questions concerning the use of external auditors. Some of the topics covered are: Can we use our external auditors to perform internal audit work? And, do all internal audit reports need to be reviewed by the external auditor?
How Internal Audit Adds Value to the Governance Process
An uncertain economic environment punctuated by financial scandals has pushed the concept of corporate governance to the forefront. Internal audit, with a clear mandate from The IIA, is taking a fresh look at governance and making it an integral part of the audit universe and risk-based plans. Remember, governance is the domain of internal audit. This article offers 15 governance principles for public companies to help focus internal audit efforts in this area.
Global Technology Audit Guide (GTAG) 4: Management of IT Auditing
This fourth GTAG is designed for CAE and internal audit management personnel who are responsible for overseeing IT audits. The focus of this guide is on providing specific recommendations that a CAE can implement immediately, and to help sort through the strategic issues regarding planning, performing, and reporting on IT audits. Consideration is given to the fundamentals as well as emerging issues.
Guide to Internal Audit
This internal audit guide is designed to be a helpful and easy-to-access resource that internal audit professionals can refer to regularly in their jobs. The 90 questions and answers will assist those planning to develop a function. The booklet provides guidance on issues ranging from roles and reporting structures to risk assessments, and management’s responsibilities. Eleven appendices include samples and additional information. This guide has now been updated to reflect the SEC’s interpretive guidance on Section 404 of the Sarbanes-Oxley Act, PCAOB Auditing Standard No. 5, and other timely matters for internal auditors.
Management and Audit Committee Considerations
This section of Protiviti's "Guide to Internal Audit" addresses common questions concerning management and oversight of the audit function. Some of the topics covered are: How can management utilize internal audit most effectively? What is an audit committee’s role with respect to an internal audit function? What should internal audit report to the audit committee? And, what is the role of the audit committee in evaluating the role of the external auditor?
Managing Internal Audit Cost, Effectiveness and Performance
In Singapore, good corporate governance requires that cost is not the only consideration behind the level of internal audit resourcing. The benefits of a broad, risk-based internal audit program need to receive a fair hearing in this environment. The final part of this two-part series, addresses how to measure the effectiveness of internal audit and provides key questions that should be asked by the audit committee.
The NYSE Internal Audit Requirement
This section of Protiviti's "Guide to Internal Audit" addresses common questions concerning the New York Stock Exchange (NYSE) requirement that listed companies have an internal audit function. Some topics covered are: What do the NYSE rules require? Does the rule require a written internal audit charter? And, does the NYSE rule require that The IIA Standards be followed?
Role of the Audit Committee
This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions focused on the role of the audit committee. Topics covered are: With respect to the financial reporting process and internal control over financial reporting, what is expected of the audit committee? How and when should the audit committee be involved in management’s evaluation process and in the independent public accountant’s attestation process? And, what questions are audit committees asking with respect to the Section 404 evaluation during the first year of compliance?
Role of Management
This section of Protiviti's "Guide to The Sarbanes-Oxley Act" addresses common questions focused on the role of management. Topics covered are: What is the role of the disclosure committee, Section 404 compliance project sponsor, Section 404 compliance project steering committee, and other executives? Who signs off on internal control over financial reporting? And, can management rely solely on self-assessments of process owners for purposes of their evaluation of design and operating effectiveness?
Self-Assessment Helps Small Audit Departments Provide Big Returns to Their Organization
No matter how large or small an internal audit operation is, it needs to be visible to the organization to help clients and add value. One way an internal audit department can assess its visibility and value-added performance is to conduct a self-assessment of its audit operations, processes and methods. Self-assessment can be especially helpful to smaller internal audit departments that are tight on time, staff and other resources.
Setting the 2011 Audit Committee Agenda
While the economic environment has shown signs of stabilizing over the past year, the seas still look somewhat choppy for 2011. As a result, boards and audit committees must understand the major challenges their businesses will face in the coming year and set an appropriate agenda for the Audit Committee. In this podcast, Protiviti Managing Director Jim DeLoach reviews top-of-mind issues facing organizations and their boards and key areas to address in this year’s Audit Committee agenda.
Starting an Internal Audit Function
This second section of Protiviti's "Guide to Internal Audit" addresses common questions concerning starting an internal audit function. Some of the topics covered are: How should an internal audit function be staffed? Who should the head of internal audit report to? And, what are the pros and cons of outsourcing/co-sourcing internal audit?
Veritas – Risk management and audit services at Harvard University
Founded in 1636, Harvard University is one of the most venerable institutions of higher learning in the U.S. In this profile, Gail McDermott, chief audit executive of the Risk Management and Audit Services function at Harvard, discusses three key team initiatives. These include developing an internal control structure that supports globalization efforts, application of SAS 112, and promoting ethics and accountability across the University.
AICPA Audit Committee Effectiveness Center
This website from the AICPA is designed to assist organizations and their audit committees with best practice governance aids. Individual toolkits — available to corporations, not-for profit organizations, and government entities — are designed to help audit committees, internal auditors, and management implement corporate governance processes, and can be downloaded "as is" or customized to fit an organization's needs.
This site provides full text access to CIO, CIO Enterprise, and CIO Web Business magazines. It includes features not found in the print versions, including industry analysis from Giga Information Group, an interactive "ask the expert" section, and online discussion forums.
Committee of Chief Risk Officers (CCRO)
The Committee of Chief Risk Officers (CCRO) is a diverse coalition of energy companies developing tools to strengthen risk management and disclosure practices in the physical and financial trading and marketing of electricity and natural gas. Member companies represent a variety of business models, sizes, and scopes from many regions of the U.S.
Compliance Week is an online resource for financial compliance and disclosure for public companies. The site features a weekly news-style layout with the latest from regulatory bodies such as the SEC, FASB, and PCAOB. Informative articles from sections include: Q&A, Rule Setters, Rules & Commentary, International Developments, and Filers Update to name a few. Although most of the site is subscription based there are white papers on various topics, compliance career opportunities and timely events listings.
The Conference Board is a not-for-profit business and research organization for senior executives that produces publications, statistics, and reports examining best-management practices in corporate governance and citizenship, human resources, organizational effectiveness, and other issues.
Institute of Internal Auditors (IIA) The IIA is a leader in certification, education, research, and technological guidance for the Internal Audit profession, and serves as the profession's watchdog and resource on significant auditing issues around the globe. The IIA also provides internal audit practitioners, executive management, boards of directors and audit committees with standards, guidance, and information on best practices in internal auditing.
International Risk Management Institute
International Risk Management Institute, Inc. (IRMI) is a Dallas-based research and publishing company focusing on risk management and insurance. IRMI, was founded in 1978 to research important risk and insurance issues and to provide information to business, legal, risk management, and insurance professionals.
IT Governance Institute (ITGI)
To achieve success in this information economy, governance of IT is a critical facet of enterprise governance. The IT Governance Institute (ITGI) exists to assist enterprise leaders in their responsibility to ensure that IT goals align with those of the business, it delivers value, its performance is measured, its resources properly allocated and its risks mitigated. Through original research, symposia and electronic resources, the ITGI helps ensure that boards and executive management have the tools and information they need for IT to deliver against expectations.