​​​How Can the Role of the Audit Committee Enhance External Audit Quality?

Comments Views

​This was the title of a paper issued by the Chartered Accountants of Canada. I give them a lot of credit for this paper as it provides valuable advice and is not a "puff piece" for the external audit firms.

The conclusions were that the audit committee should perform the following every year:

  • Establish an effective financial reporting environment.
  • Oversee the annual work of the auditor.
  • Review the audit plan.
  • Consider the impact of business risks on the audit plan.
  • Assess the reasonableness of the audit fee.
  • Monitor the execution of the audit plan, with emphasis on the more complex and risk areas of the audit.
  • Review and evaluate the auditor’s findings.
  • Conduct an annual assessment.

While the U.S. debates whether (external) audit quality can be improved by enforced rotation of the audit firm, this paper gets it right: the quality of the external auditor’s performance is the responsibility of the audit committee. The committee should conduct a serious and formal review of the external auditor’s performance at least annually. This paper recommends a more in-depth review at least every five years — but in my opinion that is far too long an interval and problems may occur without warning.

We have had and continue to have failures in external audit performance. I am not talking about the trivial details of documentation that the PCAOB examiners seem to be finding, but real failures to detect material errors in financial statements. Failures have been reported all around the globe, but the finger has been pointed at the firms and not at the audit committees.

It is time to ensure that audit committees review the performance of the external auditors with the same diligence as the audit firms review management’s system of internal control and financial statements. I don't mean the same level of effort, just the same professional skepticism and objectivity.

Over the years, I have seen audit committees be more diligent in their oversight of management than of the external auditor. That has to stop if we are to see progress.

Ask yourself whether your audit committee does this:

  • Shows deference to the audit partners, their opinions, technical knowledge, and experience over that of management (or the internal auditors, for that matter).
  • Completes a rapid annual review of the performance of the external auditor, lasting only a few minutes because there are more important items on the committee agenda.
  • Pays more attention to the fee schedule than the audit firm’s risk assessment or the quality of the audit team’s communication skills and ability to work with management (and the internal auditor) — note that special attention should be paid to the senior managers that actually run the engagement.

The paper has a number of suggested areas for the audit committee to monitor, but they are traditional and not necessarily the way to find the defects that result in a poor audit.​

Here are some additional areas to consider:

  • Does the audit team focus on areas of higher risk of a material misstatement, or does it spend too much time on areas that are low risk?
  • Does the audit team have a sufficient understanding of the business, its processes, organization, and people to know the difference?
  • Does the audit team only bring to the audit committee matters meriting its attention?
  • Does the audit team work well with management? Does it communicate effectively and provide sufficient notice to management (especially at other locations) to minimize operational disruption? Is its skepticism at an appropriate level?
  • Does the audit team work well with the internal audit team, respecting the quality of their work, and their insights into the quality of internal control and the areas of greater risk? Does the audit partner have an effective relationship with the head of the internal audit team, ensuring that their work is coordinated and duplicate efforts minimized where possible?
  • Do the various parts of the audit team work well together: the financial audit team, the IT audit team, and the tax team, etc.?
  • Does the lead partner take ownership and responsibility for the entire audit team, including teams at other locations? Is work effectively coordinated and low risk work minimized?
  • Does the audit firm continuously improve?
  • If the PCAOB examiners review the audit of the company, are the results shared in sufficient detail with the audit committee?
  • Where the audit partner says additional work is required because of directives from the PCAOB Examiners, does he provide details and documentation to support his claim? Is the company asked to pay for defects in the quality of the audit?

As CAE, I worked with the audit committee to strengthen their review of the external auditor’s performance. I developed a questionnaire that I sent to financial and other key leaders around the company, held interviews as necessary, summarized the results, discussed them with the external audit partner, and briefed the audit committee. It was an objective audit engagement that enabled the committee to understand what they couldn’t see for themselves — how the audit team performed in the field and with management. The external audit firms never liked the review, but recognized it was valuable to the audit committee.

The review drove effective change and improved audit quality.

Does your audit committee provide effective oversight of the external auditor?

I welcome your views.

​The opinions expressed by Internal Auditor's bloggers may differ from policies and official statements of The Institute of Internal Auditors and its committees and from opinions endorsed by the bloggers' employers or the editors of Internal Auditor. The magazine is pleased to provide you an opportunity to share your thoughts about these blog posts. Some comments may be reprinted elsewhere, online or offline.



Comment on this article

comments powered by Disqus
  • Your-Voices-Recruitment-January-2022-Blog-1
  • Fraud-Virtual-Conference-January-2022-Blog-2
  • IT-General-Controls-Certificate-January-2022-Blog-3





A Risk Assessment Tool for Auditors and Risk Officershttps://iaonline.theiia.org/blogs/marks/archive/Pages/A-Risk-Assessment-Tool-for-Auditors-and-Risk-Officers.aspxA Risk Assessment Tool for Auditors and Risk Officers
Audit Committee Priorities Remain Risk, Compliance, and Technologyhttps://iaonline.theiia.org/blogs/marks/archive/Pages/Audit-Committee-Priorities-Remain-Risk,-Compliance,-and-Technology.aspxAudit Committee Priorities Remain Risk, Compliance, and Technology
Is There Value in the Term "GRC"?https://iaonline.theiia.org/blogs/marks/archive/Pages/Is-There-Value-in-the-Term--GRC.aspxIs There Value in the Term "GRC"?
Building the Audit Plan Around Assurance on Governance, Risk Management, and Related Controlshttps://iaonline.theiia.org/blogs/marks/archive/Pages/Building-the-Audit-Plan-Around-Assurance-on-Governance,-Risk-Management,-and-Related-Controls.aspxBuilding the Audit Plan Around Assurance on Governance, Risk Management, and Related Controls