What Audit Committees Want
Boards are relying on their CAEs as regulatory oversight increases, says Michele Hooper, president and CEO of The Directors’ Council.
December 01, 2013
Update Q&A Extended
What are the most important types of information you want from the chief audit executive (CAE)?
I rely on CAEs to be my eyes and ears in the organization, reporting back on culture, tone, and potential issues that may be emerging within the business. Second, an important responsibility critical to audit committee and board discussions is the CAE’s ownership and prioritization of the process management framework for risk identification. Lastly, financial and business trends are increasingly complex and global, so I look to my CAE to understand, benchmark, and propose ways to leverage the internal audit resource to assure effective coverage and impact.
What are the top risks that keep you up at night?
First, emerging markets, which are strategic growth areas but also increase internal control and compliance risk. Oversight of the culture in those markets, tone, and internal controls is critical due to the increased focus on regulatory compliance. Second, do we have adequate understanding of our cyber vulnerabilities, skills, and resources? Lastly, I worry about adequate oversight of our remote, smaller businesses, where exposure to reputational risk can be significant.
How has the role of the audit committee member changed in the past decade?
Our roles have increased substantially, and there’s a lot more on our agendas than 10 years ago. Committee members are more engaged and asking more questions of management, internal audit, and external audit. We are doing deep dive discussions on topics linked to our financials and related notes (e.g., pension accounting, deferred taxes, and revenue recognition). We also now have direct responsibility for hiring, evaluating, and compensating external auditors. Compliance responsibility for nonfinancial companies is usually housed with the audit committee, and oversight has increased significantly as regulatory enforcement has become more pervasive and aggressive.
What do you foresee being audit committee priorities in 2014?
We’ll continue to place some importance on financial reporting, risk management processes, and risks assigned to the audit committee — fornonfinancial companies that usually includes regulatory compliance risk oversight. Audit committees also are examining how to more effectively leverage the independence, knowledge, and reach of internal audit. There is increased focus on board oversight of hiring, compensation, and evaluation of the external audit firms. Lastly, the audit committee annual report and the external auditor report are under increased scrutiny for the adequacy of disclosures and some committees are beginning to voluntarily enhance their disclosures.