It is not enough for audit committee board members to simply review financial statements and audit results—it takes a far more proactive approach to catch theft or misappropriations within an organization.
Unfortunately, the majority of calls I receive from members of audit committees occur after (rather than before) a known or suspected fraud has been uncovered. This installation of Forensic Friday is meant to provide an overview as to the requirements of audit committees, so that members better understand their responsibilities and become more proactive in their roles to stop fraud before it happens.
Audit committees have gained prominence since the 2008 financial crisis hit, now over a decade ago. During that time, several best practices have emerged. Today’s audit committees typically serve many functions, including:
Providing oversight. The primary purpose of an organization’s audit committee is to provide oversight of the financial reporting process, audit process, system of internal controls, and compliance with laws and regulations. It is also responsible for the hiring and oversight of the work provided by the external audit firm.
Setting the tone at the top. Employees can’t reasonably be expected to adhere to antifraud standards and processes if they don’t see ethical behavior being demonstrated by the very top of the organizational chart. By setting the proper ‘tone at the top,’ the audit committee can establish an attitude of integrity and accountability, including the implementation of a method of reporting known or suspected activity (i.e., through an anonymous employee hot-line) for which the committee requires timely investigation and reporting of complaints received.
Conducting fraud risk assessments. It is important for the committee to identify the types of risks the organization faces and their likelihood of occurrence. These assessments should include an evaluation of existing internal controls and the identification of any weaknesses that could expose the organization to potential losses or theft.
Understanding the accounting issues. The committee needs to be more than just a passive recipient of the organization’s financial reports. Members of the committee should be familiar with relevant issues and recent developments within their industries, ask relevant questions, and challenge management on the accounting for detailed transactions. If the organization’s industry has specialized accounting rules, the committee members should consider consulting outside specialists who can bring them up to speed on such issues.
Communicating with external auditors. The committee needs to regularly communicate with outside auditors, because the external audit team performs a review of the organization’s internal controls and the systems in place to detect and prevent fraud. Communication includes formal meetings before the audit to specifically address any issues identified by the committee that auditors should examine, as well as formal meetings after the audit is complete to follow up on the issues discussed.
Communicating with staff. Committee members should not restrict their internal communications to upper management only. They need to reach out to employees throughout the organization as well, in order to make sure that all individuals feel they are part of the team and critical to the success and integrity of the organization and its goals.
Audit committee members have a fiduciary duty to protect their customers, investors, lenders, members, etc. from fraudulent activities. Forensic accounting experts can help committee and board members follow these best practices and stay on top of fraud trends and compliance requirements. Such outside expertise will also prove invaluable, helping to defend against potential fraud and misappropriation within their organizations.