Internal Auditor’s blogs reflect the personal views and opinions of the authors. These views may differ from policies and official statements of The Institute of Internal Auditors and its committees and from opinions endorsed by the bloggers’ employers or the editors of Internal Auditor.

What Audit Committees Expect From CFOs and Others​​

Comments Views

​I like a lot of what Deloitte has to say o​n this top​ic in its latest CFO Insights. While it focuses on expectations of chief financial officers (CFOs), similar points apply equally to internal audit, risk management, compliance officers, and others.

The No. 1 expectation is "no surprises." The audit committee doesn't want to hear news of significance for the first time at the meeting, especially if their approval or even action is required. This requires not only timely communications from management, but — and I have emphasized this many times — an agreement between the board and management as to what they will be told and when. The board sets itself up for a surprise, and management sets itself up for their anger, if that agreement has not been made.

No. 6 is "effective risk management." I agree that while the CFO may not be the executive responsible for the management of risk — that should be the CEO — I look to the CFO (and the CAE) to be champions, evangelists, and exemplars.

The second article in this edition is "Leading Areas of Board Focus." There is no surprise here, with strategy, risk oversight, and board composition leading the way with cyber and disruptive technology meriting mention. This is a key point:

"These two topics, strategy and risk oversight, go hand-in-hand as boards remain vigilant and focused on monitoring strategy and related metrics and alternatives, while also overseeing and mitigating risks to the strategy and the business itself."

How can the board have separate discussions on strategy and risk to those strategies? Makes no sense to me.

What would I add to Deloitte's list?

  • Be clear and concise. Get to the point and tell the committee what they need to know and do, then let the discussion move on to another topic. Too much committee time is wasted as management talks about all the good stuff they have done — which does not drive action by the board.
  • Get the necessary information to the board early, so they have time to consider it before the meeting and the discussion can focus not on reading the material but deciding what needs to be done about it.
  • Be realistic about the volume of information shared with the board. Do you really expect them to absorb a 100-page briefing book? Find ways to communicate what they need to know and provide supporting details in an easy-to-read appendix.
  • Use the language of business and cut out any techno-babble.
  • Be honest and don't sugarcoat bad news.

What do you think?

Internal Auditor is pleased to provide you an opportunity to share your thoughts about these blog posts. Some comments may be reprinted elsewhere, online or offline.

 

 

Comment on this blog post

comments powered by Disqus
  • IIA AIS_Dec 2019_Blog 1
  • IIA Bookstore_Dec 2019_Blog 2
  • IIA Quality_Nov2019_Blog 3