Étiquette : Audit committee

La présidence du comité d’audit ?


Je reproduis, ci-dessous, un article du blogue de Norman Marks sur les questions qu’un candidat devrait se poser avant d’accepter le poste de président du comité d’audit.

L’auteur  a recueilli les points de vue personnel et professionnel des praticiens de longue date dans le domaine de la gouvernance, plus précisément dans les fonctions d’audit et de gestion des risques. Bonne lecture.

If I was Chair of the Audit Committee

If I was asked to join a board and serve as the chair of the audit committee (which I am qualified to do), I would apply the lessons from what seems like a lifetime of working with audit committees. In most cases, the chair was excellent and I would hope to be as effective as they were.

P1010734After what I would assume would be a thorough and detailed orientation to the organization and its challenges by such key people as the CEO, CFO and her direct reports, General Counsel, Chief Operating Officer, Chief Accounting Officer, Chief Strategy Officer, Chief Information Officer, Chief Audit Executive, Chief Risk Officer, head of Investor Relations, Chief Information Security Officer, Chief Compliance Officer, Chairman of the Board or Lead Independent Director, lead external audit partner, and outside counsel (and others, depending on the organization), I would turn my attention to the following:

Do I now have a fair understanding of how the organization creates value, its strategies, and the risks to those strategies?

Do I have a sufficient understanding of the organization’s business model, including its primary products, organization and key executives, business operations, partners, customers and suppliers, etc.?

How strong is the management team? Are there any individuals whose performance I need to pay attention to, perhaps asking more detailed questions when they provide information?

Who else is on the audit committee and do we collectively have the insight, experience, and understanding necessary to be effective? Where are the gaps and how will they be addressed?

What are the primary financial reporting risks and how well are they addressed? What areas merit, if any, special attention by the audit committee? Who should I look to for assurance they are being managed satisfactorily? Who owns the compliance program (if any) on controls over financial reporting, and how strong is the assessment team?

What are the other significant financial and other risks (for which risk management oversight has been delegated by the full board) that merit special attention? Who should I look to for assurance they are being managed satisfactorily?

How strong is the external audit team and how well do they work with management and the internal audit team? What are their primary concerns? Is their fee structure sufficient or excessive? Is their independence jeopardized by the services they provide beyond the financial statement audit (even if permitted by their standards)?

How strong is the internal audit team and does the CAE have the respect of the management team and the external auditor? Are they sufficiently resourced? Are they free from undue management influence (for example, is the CAE hoping for promotion to a position in management, does he have free access to the audit committee, and is his compensation set by management or the audit committee)? What are their primary concerns? Do they provide a formal periodic opinion on the adequacy of the organization’s processes for governance and management of risk, as well as the related controls? How do they determine what to audit?

Who owns and sets the agenda for the audit committee? Is there sufficient time and are there enough meetings to satisfy our oversight obligations?

Do the right people attend the audit committee meetings, such as the general counsel, CFO, CAE, CRO, CCO, chief accounting officer, and the external audit partner?

How does the approval process work for the periodic and annual filings with the regulator (e.g., the SEC)?

How are allegations of inappropriate conduct managed? Who owns the compliance hotline, who decides what will be investigated and how, and at what point is the audit committee involved? Is there assurance that allegations will be objectively investigated without retaliation?

What concerns do the other members of the audit committee have? Does the former chair of the committee have any advice?

Articles reliés au sujet :

Is the Audit Committee Really the Secret Sauce for Cyber Security? (tripwire.com)

The responses to the questions raised at Audit Committee Meeting SCC from Mr Nigel Behan of UNITE. (unitesomersetcounty.wordpress.com)

UK wants Big Four to compete for audit work (fcpablog.com)

The difference between internal audit and external audit, by a firm consulting (iareportg5.wordpress.com)

L’efficacité de l’audit interne dans le secteur des services financiers | Recommandations de IIA UK


Vous trouverez, ci-dessous, un document de consultation de l’IIA UK, partagé par Denis Lefort, CPA, CA, CIA, CRMA, concernant le rôle de l’audit interne dans le secteur financier. On y retrouvera plusieurs recommandation à l’intention de l’Institut des auditeurs internes certifiés, dont quelques-unes controversées. Je vous invite à lire ce document.

Effective Internal Audit in the Financial Services Sector

The Rewarding Profession of Internal Audit / C...
The Rewarding Profession of Internal Audit / Corporate Management (Photo credit: danielleherner)

« In the course of our consultation, the Committee asked a range of questions around the role, scope and position of internal audit in the organisation’s governance and risk management frameworks. The responses received highlight the range of practice across the industry, with a varying degree of uniformity of practice and aspiration between organisations.

There was a general consensus around the importance of the independence of Internal Audit; both independence from Executive Management authority, from the Risk Management and Compliance functions, and from executive decision making responsibilities. There was also strong support for an unrestricted scope of Internal Audit, and for greater clarity and consistency of Internal Audit’s role in auditing areas such as strategy, culture, risk appetite and key corporate events.

Areas in which there was a greater divergence of response include the role and extent of Internal Audit involvement in challenging strategic decision making; whether there are circumstances in which it would be appropriate for Internal Audit to report to a Board Risk Committee rather than tothe Audit Committee, the nature of Internal Audit’s Executive reporting line and who this line should report into (e.g. CEO / CFO); and the appropriateness of the Chief Internal Auditor having the right to attend Executive Committee meetings. In these areas, the Committee has formed a view based on both the responses received and Committee discussion ».

Articls reliés :

Strongest Outlook for Internal Audit Resources in Five Years, Reports The Institute of Internal Auditors (virtual-strategy.com)

New UK internal auditor code seen needed to restore credibility (uk.reuters.com)

Le comité d’audit du C.A. | Une tâche exigeante que vous apprendrez à aimer


J’ai cru que le billet de Lucy P. Marcus, paru en décembre 2012, serait d’un grand intérêt pour plusieurs membres de C.A. qui ont un penchant pour le comité d’audit, la gestion des risques et les contrôles internes.

Audit committee: The toughest job you’ll ever love

Compliance Audit Committee
Compliance Audit Committee (Photo credit: hyfen)

« I’m preparing for an upcoming board audit committee meeting, and I am conscious that I am reading the briefing papers more carefully, slowly and deliberately than usual. I am always thorough, but recent events have given me pause. I am sure I am not the only member of an audit committee who, seeing the headlines about accounting that touch the boardroom, is taking extra care of late ».