Data in a recently published report from our colleagues at the Center for Audit Quality (CAQ) reflect an encouraging trend. Publicly traded companies are sharing more information about how their audit committees interact with the companies' external auditors.
One of the more telling findings in the Audit Committee Transparency Barometer is the surprising growth in the number of companies willing to share details about how their audit committees evaluate the work external auditors do. The CAQ report finds the number of S&P 500 organizations reporting the evaluation criteria has grown from 8 percent in 2014 to 38 percent in 2017.
The CAQ report isn't the only one that shows the move toward more transparency:
- Deloitte's Center for Board Effectiveness reviewed proxies for the S&P 100 and found disclosures in three key areas — the number of financial experts on the audit committee, the audit committee's role in reviewing certain external communications, and the audit committee's role in approving audit engagement fees grew by more than 10 percent in 2016.
- EY's Center for Board Matters reported in its Audit Committee Reporting to Shareholders in 2017 that the number of Fortune 100 companies stating the audit committee is responsible for the appointment, compensation, and oversight of the external auditor grew from 45 percent in 2012 to 87 percent in 2017.
Shareholder interest in greater transparency isn't limited to audit committee relations with external auditors. The Financial Time's Agenda Week reported last week that pressure on boards to do more on climate disclosures is growing. It reported that among the Fortune 250, average shareholder support for environmental proposals hit 27 percent in 2017, up from 17 percent in 2015, according to ProxyMonitor.org, a website sponsored by the Manhattan Institute's Center for Legal Policy.
All this transparency can't help but strengthen governance in organizations. Yet there is one glaring disclosure missing from this list. What role does internal audit play in publicly traded companies? Does it exist? Is it independent and well resourced? Does it provide assurance to management and the board on the effectiveness of risk management and internal controls? Is it an integral element to the company's governance?
Back in January, I included advocating for good governance as one of the 5 Resolutions for Internal Auditors in 2017 to Prepare for the Future. In that blog post I wrote:
Ultimately, good governance practices are what make or break companies, and having an independent and objective evaluation of the effectiveness and efficiency of those practices is critical to success.
I've also written that it is a fundamental function of internal audit to evaluate and improve the effectiveness of risk management, control, and governance processes for the organization — especially where statutory and regulatory compliance are concerned. This specific wording comes from the Definition of Internal Auditing contained in the International Professional Practices Framework (IPPF). What's unwritten — yet should be understood — is that internal auditors must also be advocates for the critical business processes that foster effective compliance.
So why aren't shareholders demanding transparency about internal audit's standing within the organization? The simple answer is that most shareholders — and many audit committee and board members — don't understand and appreciate the value internal audit brings to the organization. The IIA is working to change that through its advocacy efforts around the world, including promotion and dissemination of its Global Advocacy Platform and its concerted efforts to build relationships with organizations that speak directly to stakeholders, such as the National Association of Corporate Directors, the Global Network of Director Institutes, and others.
In the U.S., we have established a full-time presence in Washington, D.C. Our efforts have focused on working with legislators to create new Securities and Exchange Commission regulations that would require transparency about risk management and internal auditing. The IIA wants publicly traded organizations:
- To disclose whether the reporting company has an independent internal audit structure and in such detail as necessary to fully describe the independent nature of the audit function; or
- If no such independent internal audit structure is in place, to describe how the company's executive management and its board of directors gain assurance on the overall effectiveness of the company's management of risks and systems of internal control.
In the current atmosphere of deregulation in Washington, D.C., it would seem an uphill battle to create new regulations. However, we are finding support among legislators built on the simple premise that good governance practices benefit organizations and foster trust in the capital markets.
The trend toward greater transparency is laudable. Shareholders deserve to know that the organizations in which they place their trust and money are well-run. Regulatory or shareholder-driven reporting that provides useful insights into organizational governance are powerful tools that help build accountability. I believe it is just a matter of time before reporting on internal audit takes its place among them.
As always, I look forward to your comments.