Professional Documents
Culture Documents
Audit Committee Handbook
Audit Committee Handbook
Audit Committee Handbook
1
Table of Contents
Introduction............................................................................................................................4
Terms of Reference............................................................................................................6
Independence......................................................................................................................7
Conflicts of Interest............................................................................................................7
Terms of Appointment........................................................................................................8
Skills...................................................................................................................................8
Additional Skills.................................................................................................................8
Scope of work.........................................................................................................................9
Overall Assurance..............................................................................................................9
Financial Reporting..........................................................................................................10
Communication....................................................................................................................10
Annual Reports.................................................................................................................11
Bilateral Communications................................................................................................11
.............................................................................................................................................46
In today's complex world, the Audit Committee can contribute tremendously to a 'no surprise'
environment. An effective Audit Committee should be a key feature in a strong, effective
governance culture and bring significant benefits to the Company. Carefully designed
practices can also help the Audit Committee to maximise its contribution to the ABC
Company.
Developing practices which are based on robust principles - whether terms of reference,
recruiting the right members, or focused agendas and rigorous processes - is fundamental in
fulfilling the Audit Committee's responsibilities.
This handbook articulates the principles underlying the role of the Audit Committee. It
provides guidance to help Audit Committee members to gain a better understanding of the
processes and issues that drive effective oversight of risk management, control and
governance, and of economy, efficiency and effectiveness.
The main focus of the Audit Committee’s work is related to internal control matters, such as
the safeguarding of assets, the maintenance of proper accounting records and the reliability of
financial information.
In performing that role the Audit Committee’s work will predominantly focus upon the
framework of risks, controls and related assurances that underpin the delivery of the
Company’s objectives (the Assurance Framework).
As a result, the Audit Committee has a pivotal role to play in reviewing the disclosure
statements that flow from the Company’s assurance processes. In particular these cover the
Statement on Internal Control, included in the Annual Financial Statements.
Both of these documents should come to the Audit Committee before being submitted for
approval to the Board.
It is the responsibility of the Board of Directors to establish and maintain processes for
governance. The Audit Committee independently monitors, reviews and reports to the Board
of Directors on the processes of governance and, where appropriate, facilitates and supports,
through its independence, the attainment of effective processes.
We hope that this handbook will help Audit Committee members to identify and achieve their
objectives and add value to governing bodies, their organisations and other stakeholders
The Audit Committee shall support the Board of Directors and the Managing Director by
reviewing the comprehensiveness of assurances in meeting the Board of Directors and
Managing Director’s assurance needs, and reviewing the reliability and integrity of these
assurances.
The Audit Committee shall be independent and objective; in addition each member shall have
a good understanding of the objectives and priorities of the organisation and of their role as
the Audit Committee member.
3. Skills
The Audit Committee shall corporately own appropriate skills to allow it to carry out its
overall function.
4. Scope of Work
The scope of the Audit Committee’s work shall be defined in its Terms of Reference, and
encompass all the assurance needs of the Board of Directors and the Managing Director.
Within this, the Audit Committee shall have particular engagement with the work of Internal
Audit, the work of the External Auditor, and Financial Reporting issues.
The Audit Committee shall ensure it has effective communication with the Board of
Directors, the Chief Audit Executive, the External Auditor, and other stakeholders.
In addition, the role of the Chairperson and provision of appropriate secretariat support are
important elements in achieving Audit Committee effectiveness.
The Chairperson of the Audit Committee has particular responsibility for ensuring that the
work of the Audit Committee is effective, that the Audit Committee is appropriately
resourced, and is maintaining effective communication with stakeholders.
The Audit Committee shall be provided with appropriate secretariat support to enable it to be
effective. This is more than a minute taking function - it involves providing pro-active
support for the work of the Audit Committee and helping its members to be effective in their
role.
Terms of Reference
The Audit Committee shall be given formal Terms of Reference by the Board of Directors.
These shall be reviewed regularly and in turn shall require the Audit Committee to regularly
review its own effectiveness.
The Audit Committee shall have appropriate authority to require any member of the
organisation either to:
• Attend the Audit Committee meeting; or
• Provide written report(s) to the Audit Committee for the purpose of providing
information to assist the Audit Committee in fulfilling its role of advising the Board of
Directors.
The Audit Committee will require access to funding to cover the costs incurred in fulfilling
its role. The funding shall be sufficient to:
• Adequately meet the remuneration and working expenses of its members;
• Adequately meet the relevant training needs of its members;
• Provide specialist (external) advice or opinions when required; and
• (If agreed as appropriate in the organisation) provide external review of the
effectiveness of the Audit Committee.
An effective Audit Committee must have members who are both independent and objective.
It is good practice, so far as possible, for Audit Committee members to be independent non-
executive Board members.
However, many organisations will not have sufficient independent non-executive Board
members who are also willing to serve as Audit Committee members to provide sufficient
numbers or skills for the Audit Committee.
When there are insufficient non-executive Board members to form the Audit Committee,
independent external members need to be appointed. These members will be appointed to the
Audit Committee but not to the Board of Directors.
They will often be chosen because of particular skills or experience that they hold which will
be beneficial to the Audit Committee. They may be remunerated at appropriate rate for the
time and effort they are expected to contribute.
As Audit Committee membership will be the only contact they have with the organisation,
such members will have to make particular efforts to obtain and maintain appropriate
understanding of the organisation, which is vital if they are to make a meaningful
contribution to the Audit Committee’s considerations. In this respect, appropriate induction
training is critical, as is an ongoing programme of activity to ensure the member maintains
sufficient appropriate contact with the organisation.
Executive members of the organisation shall not be appointed to the Audit Committee. The
role of the Executive is to attend, to provide information, and to participate in discussions,
either for the whole duration of a meeting or for particular agenda items.
The Managing Director and the Chief Financial Officer shall routinely attend the Audit
Committee. It is also normal for the Chief Audit Executive and a representative of the
External Auditor to attend. However, the Terms of Reference should provide for the Audit
Committee to sit privately without any non-members present for all or part of a meeting if
they so decide.
Conflicts of Interest
Normally the process for recording declarations of conflicts of interests in the Audit
Committee shall mirror the processes used at Board level. Each member of the Audit
Committee shall take personal responsibility to pro-actively declare any potential conflict of
interest arising out of business arising on the Audit Committee’s agenda or from changes in
the member’s personal circumstances. The Chairperson of the Audit Committee shall then
determine an appropriate course of action with the member. For example, the member might
simply be asked to leave while a particular item of business is taken; or in more extreme
cases the member could be asked to leave the Audit Committee.
Terms of Appointment
The terms of appointment of the Audit Committee member shall be clearly set out at the time
of appointment in a Letter of Appointment. The letter shall also specify what other activities
the individual may or may not undertake in relation to the organisation. The impact on
independence of further remuneration from other activities shall be given careful
consideration.
Skills
The Audit Committee is charged with ensuring that the Board of Directors and Managing
Director of the organisation gain the assurance they need on risk management, governance
and internal control. So, it needs a range of skills and experience relevant to various aspects
of risk, governance and control.
The Audit Committee shall identify, and agree with the Board of Directors, the other skills
required for Committee effectiveness. These identified skills shall inform the choice of
members of the Audit Committee. The required skills set shall be periodically reviewed.
Additional Skills
All Audit Committee members, whatever their status or background, will have training and
development needs. Those who have recently joined the Audit Committee will need induction
training, either to help them understand their role; or if they have Audit Committee
experience elsewhere, to help them understand the organisation.
Scope of work
Overall Assurance
In most organisations there are a number of sources of assurance, both internal and external,
sometimes primarily intended for the benefit of the organisation and sometimes primarily
intended for the benefit of other stakeholders.
The Board of Directors and Managing Director’s assurance needs are largely met by
evaluating the various sources of assurance (or gaps in sources of assurance), testing and
determining their reliability, and then forming an overall view on the state of risk
management, governance and internal control (which is especially important in supporting
the Statement on Internal Control).
The work of Internal Audit is carried out primarily for the benefit of the Board of Directors
and Managing Director of the organisation. Although the work of the External Auditor is
normally primarily conducted for the benefit of shareholders, it is still of significant benefit to
the organisation as well.
The work of Internal Audit is likely to be the single most significant resource used by the
Audit Committee in discharging its responsibilities. This is because the Chief Audit
Executive, in accordance with Generally Accepted Auditing Standards, has a responsibility to
Audit Committee Handbook Page 9
submit an annual opinion on the overall adequacy and effectiveness of the organisation’s risk
management, control and governance processes. There is consequently a major synergy
between the purpose of the Chief Audit Executive and the role of the Audit Committee.
The role of the Audit Committee in relation to Internal Audit shall include advising the Board
of Directors and Managing Director on:
• The Audit Strategy and periodic Audit Plans, forming a view on how well they
support the Chief Audit Executive’s responsibility to provide an annual opinion on the
overall adequacy and effectiveness of the Company’s risk management, control and
governance processes.
• The results of Internal Audit work, and management response to issues raised by that
work.
• The resourcing of Internal Audit.
• The Terms of Reference (or equivalent) for Internal Audit.
Whilst the work of the External Auditor is not primarily conducted for the benefit of the
Company or its Audit Committee, the Audit Committee shall nevertheless engage with the
activity of the External Auditor. As well as considering the results of external audit work,
they shall enquire about and consider the External Auditor’s planned approach and the way in
which the External Auditor is co-operating with Internal Audit to maximise overall audit
efficiency, capture opportunities to derive a greater level of assurance and minimise
unnecessary duplication of work.
Financial Reporting
The Audit Committee will not itself be able to review the accounts in detail in order to advise
the Managing Director whether they are true and fair. In reaching a view on the accounts, the
Audit Committee shall consider:
• Key accounting policies and disclosures;
• Assurances about the financial systems which provide the figures for the accounts;
• The quality of the control arrangements over the preparation of the accounts by the
Chief Financial Officer;
• Key judgements made in preparing the accounts;
• Any disputes arising between those responsible for preparing the accounts and the
Auditor.
Communication
After each meeting of the Audit Committee a report shall be prepared for the Board of
Directors and Managing Director to:
Audit Committee Handbook Page 10
• Summarise the business taken by the Audit Committee, explaining if necessary why
that business was regarded as important; and
• Offer the views and advice from the Audit Committee on issues which they consider
the Board of Directors or Managing Director should be taking action.
If the minutes of the Audit Committee meeting are used as the report, care shall be taken in
their presentation to highlight the advice being provided. These reports shall normally be
copied to the Chief Audit Executive and to the External Auditor (especially if the report
contains advice about or to the Auditor).
Annual Reports
The Audit Committee shall also provide an Annual Report, timed to support preparation of
the Statement on Internal Control. This internal report needs to be open and honest in
presenting the Audit Committee’s views if it is to be of real benefit to the Board of Directors
and Managing Director.
The Annual Report shall summarise the Audit Committee’s work for the year past, and
present the Audit Committee’s opinion about:
• The comprehensiveness of assurances in meeting the Board of Directors and
Managing Director’s needs;
• The reliability and integrity of these assurances;
• Whether the assurances available are sufficient to support the Board of Directors and
the Managing Director in their decision-taking and their accountability obligations;
• The implication of these assurances for the overall management of risk;
• Any issues that the Audit Committee considers pertinent to the Statement on Internal
Control and any long term issues that the Audit Committee thinks the Board of
Directors and/or Managing Director should give attention to;
• Financial reporting for the year;
• The quality of both Internal and External Audit and their approach to their
responsibilities; and
• The Audit Committee’s view of its own effectiveness, including advice on ways in
which it considers it needs to be strengthened or developed.
Bilateral Communications
There shall be mutual rights of access among each of the Chairperson of the Audit
Committee, the Managing Director, the Chief Audit Executive, and the External Auditor.
Whether or not that right of access is exercised, there shall be an annual bilateral meeting
between the Chairperson of the Audit Committee and each of these parties to ensure that
there is clear understanding of expectations and mutual understanding of current issues.
Purpose
Authority
The Audit Committee has authority to conduct or authorise investigations into any matters
within its scope of responsibility. It is empowered to:
• Appoint, compensate, and oversee the work of any registered public accounting firm
employed by the organisation.
• Resolve any disagreements between management and the Auditor regarding financial
reporting.
• Pre-approve all auditing and non-audit services.
• Retain outside counsel, accountants, or others to advise the Audit Committee or assist
in the conduct of an investigation.
• Seek any information it requires from employees - all of whom are directed to
cooperate with the Audit Committee's requests - or external parties.
• Meet with company officers, External Auditor, or outside counsel, as necessary.
Composition
The Audit Committee shall consist of at least three and no more than six members. The Board
of Directors or its nominating Committee shall appoint Committee members and the
Chairperson of the Audit Committeeperson.
Each Committee member shall be both independent and financially literate. At least one
member shall be designated as the "financial expert," as defined by applicable legislation and
regulation.
Meetings
The Audit Committee will meet at least four times a year, with authority to convene
additional meetings, as circumstances require. All Committee members are expected to attend
each meeting. The Audit Committee will invite members of management, Auditor or others to
attend meetings and provide pertinent information, as necessary. It will hold private meetings
with Auditor (see below) and executive sessions.
Meeting agendas will be prepared and provided in advance to members, along with
appropriate briefing materials. Minutes will be prepared.
Responsibilities
Financial Statements
Internal Control
Internal Audit
• Review with management and the Chief Audit Executive the charter, activities,
staffing, and organisational structure of the Internal Audit function.
• Have final authority to review and approve the annual audit plan and all major
changes to the plan.
• Ensure there are no unjustified restrictions or limitations, and review and concur in
the appointment, replacement, or dismissal of the Chief Audit Executive.
• At least once per year, review the performance of the CAE and concur with the annual
compensation and salary adjustment.
• Review the effectiveness of the Internal Audit function, including compliance with
Generally Accepted Auditing Standards.
• On a regular basis, meet separately with the Chief Audit Executive to discuss any
matters that the Audit Committee or Internal Audit believe should be discussed
privately.
• Review the External Auditor’s proposed audit scope and approach, including
coordination of audit effort with Internal Audit.
• Review the performance of the External Auditor, and exercise final approval on the
appointment or discharge of the Auditor.
• Review and confirm the independence of the External Auditor by obtaining
statements from the Auditor on relationships between the Auditor and the company,
including non-audit services, and discussing the relationships with the Auditor.
• On a regular basis, meet separately with the External Auditor to discuss any matters
that the Audit Committee or the Auditor believe should be discussed privately.
Compliance
• Review the effectiveness of the system for monitoring compliance with laws and
regulations and the results of management's investigation and follow-up (including
disciplinary action) of any instances of non-compliance.
• Review the findings of any examinations by regulatory agencies, and any Auditor
observations.
• Review the process for communicating the Code of Conduct to company personnel,
and for monitoring compliance therewith.
• Obtain regular updates from management and company legal counsel regarding
compliance matters.
Reporting Responsibilities
• Regularly report to the Board of Directors about Committee activities, issues, and
related recommendations.
• Provide an open avenue of communication between Internal Audit, the External
Auditor, and the Board of Directors.
• Report annually to the shareholders, describing the Audit Committee's composition,
responsibilities and how they were discharged, and any other information required by
rule, including approval of non-audit services.
• Review any other reports the Company issues that relate to Committee
responsibilities.
Other Responsibilities
• Perform other activities related to this charter as requested by the Board of Directors.
• Institute and oversee special investigations as needed.
The role of the Chairperson of the Audit Committee goes a good deal beyond chairing
meetings.
Indeed it is the key to achieving Committee effectiveness. The additional workload should be
taken into account when appointing the Chairperson.
Exactly how a particular Chairperson manages the Audit Committee will vary depending on
the character of the individual and the needs of the specific organisation.
Agenda Setting
• Before each meeting the Chairperson and the Audit Committee Secretary shall meet to
discuss and agree the business for the meeting. The Chairperson shall take ownership
of, and have final say in, the decisions about what business will be pursued at any
particular meeting.
Communication
• The Chairperson shall ensure that after each meeting appropriate reports are prepared
from the Audit Committee to the Board of Directors and to the Managing Director.
• The Chairperson shall ensure that the Audit Committee provides a suitable Annual
Report to the Board of Directors.
• The Chairperson shall have bilateral meetings at least annually with the Managing
Director, the Chief Audit Executive and the External Auditor, and with the
Chairperson of the Board of Directors. In addition, the Chairperson shall meet any
people newly appointed to these positions as soon as practicable after their
appointment.
• The Chairperson shall also ensure that all Committee members have an appropriate
programme of interface with the organisation and its activities to help them
understand the organisation, its objectives, business needs and priorities.
Monitoring actions
• The Chairperson shall ensure that there is an appropriate process between meetings
for action points arising from Committee business to be appropriately pursued.
• The Chairperson shall also ensure that members who have missed a meeting are
appropriately briefed on the business conducted in their absence. The Chairperson
may choose to rely on the Secretariat to take these actions.
• The Chairperson shall take the lead in ensuring that Committee members are provided
with appropriate appraisal of their performance as a Committee member and that
training needs are identified and addressed. The Chairperson shall themselves seek
appraisal of their performance from the Managing Director (or Chairperson of the
Board of Directors), as appropriate
• The Chairperson shall ensure that there is a periodic review of the overall
effectiveness of the Audit Committee and of its Terms of Reference.
Appointments
The secretariat shall be able to support the Chairperson of the Audit Committee in identifying
business to be taken, and the relevant priorities of the business. For this reason, and as the
Audit Committee is a committee of the Board of Directors, the Audit Committee Secretariat
function shall be supervised by the Board of Directors secretariat. The Chairperson of the
Audit Committee and the secretariat shall agree procedures for commissioning briefing to
accompany business items on the Audit Committee’s agenda and timetables for the issue of
meeting notices, agendas, and minutes.
The Chairperson of the Audit Committee shall always review and approve minutes of
meetings before they are circulated.
Careful consideration shall be given to ensuring that the Audit Committee Secretariat
function is not biased. If the function is provided by Internal Audit there may be a risk of bias
When the Audit Committee decides to meet privately, the Chairperson shall decide whether
the secretariat members should also withdraw. If so, the Chairperson shall ensure that an
adequate note of proceedings is kept to support the Audit Committee’s conclusions and
advice.
(Date)
You are hereby appointed by the Board of Directors as a member of the Audit Committee of
(organisation). As a member of the Audit Committee you are accountable to the Board of
Directors through the Chairperson of the Audit Committee. Your appointment is for (number)
years from (date). This appointment may be renewed (number) times (by mutual agreement)
after the duration of this appointment.
The Audit Committee is a Committee of the Board of Directors of (organisation) and the
purpose of the Audit Committee is to:
• Review the comprehensiveness of assurances in meeting the Board of Directors and
Managing Director’s assurance needs;
• Review the reliability and integrity of these assurances;
• Advise the Board of Directors and the Managing Director about how well assurances
consequently support them in decision taking and in discharging their accountability
obligations.
The Audit Committee is chaired by (name) and the other members are (names). (It is
recommended that the new member be provided with a list of their contact details)
The Secretary of the Audit Committee is (name / contact details) and they will shortly be in
touch with you to discuss and arrange appropriate induction training.
To help you understand the governance arrangements and the role of Audit Committees, a
copy of the “Audit Committee Handbook” is enclosed with this letter of appointment.
Your duties as the Audit Committee member are expected to typically take (number) days per
annum, including time to read papers in preparation for meetings and a programme of activity
to keep you in touch with the organisation’s activities and priorities. The Audit Committee
normally meets (number) times each year, but additional meetings may be required from time
to time. Your remuneration will be (include details of amount and means by which it will be
paid).
Conflicts of Interest
Appraisal
As a member of the Audit Committee you will be subject to appraisal by the Chairperson of
the Audit Committeeperson (include brief details of the appraisal process).
Termination
If you choose to resign from this appointment you will be expected to give (number) months
notice, unless your circumstances have changed in a way that makes it appropriate for you to
resign immediately. If your performance as the Audit Committee member is decided to be
unacceptable (see appraisal) or if your conduct (including conflicts of interests) is
unacceptable your appointment may be terminated by the Board of Directors.
Spring Meeting
• Comment on the accounts for the year just finished prior to their finalisation and
submission for audit;
• Advise on the content of the Statement on Internal Control for the year just finished,
to be presented alongside the finalised accounts;
• Review Internal Audit’s finalised periodic work plan for the financial year just begun.
• Agree the Audit Committee’s annual report to the Board of Directors and Managing
Director.
Summer Meeting
Autumn Meeting
Winter Meeting
• Advise on the Internal Audit strategy and the periodic work plan for the beginning of
the new financial year;
The Audit Committee shall take an active role in the prevention and deterrence of fraud, as
well as an effective ethics and compliance program. The Audit Committee shall constantly
challenge management and the External Auditor to ensure that the organisation has
appropriate antifraud programs and controls in place to identify potential fraud and ensuring
that investigations are undertaken if fraud is detected. The Audit Committee shall take an
interest in ensuring that appropriate action is taken against known perpetrators of fraud.
This document is intended to make Audit Committee members aware of their responsibilities
as they undertake this important role. It highlights areas of corporate activity that may require
additional scrutiny by the Audit Committee.
The Audit Committee also needs to be aware that fraud affecting the organisation often falls
within one of three categories:
Role of the Audit Committee in the Prevention, Deterrence, Investigation, and Discovery or
Detection of Fraud
The members of the Audit Committee should understand their role of ensuring that the
organisation has antifraud programs and controls in place to help prevent fraud, and aid in its
discovery if it does occur, to properly fulfil their fiduciary duties of:
• Monitoring the financial reporting process
• Overseeing the internal control system
• Overseeing the Internal Audit and the External Auditor, and
• Reporting findings to the Board of Directors.
The Audit Committee should ensure that the organisation has implemented an effective ethics
and compliance program, and that it is periodically tested. Since the occurrence of significant
frauds can frequently be attributed to an override of internal controls, the Audit Committee
plays an important role to ensure that internal controls address the appropriate risk areas and
are functioning as designed.
Internal Audit and the External Auditor can serve a vital role in aiding in fraud prevention and
deterrence. Internal Audit staff and External Auditor staff who are experienced and trained in
fraud prevention and deterrence can help to provide assurance that:
• Risks are effectively identified and monitored;
• Organisational processes are effectively controlled and tested periodically; and
• Appropriate follow-up action is taken to address control weaknesses.
The Audit Committee needs to ensure that Internal Audit and the External Auditor are
carrying out their responsibilities in connection with potential fraud.
Fraud can be discovered through many sources, namely, Internal Audit or the External
Auditor, accounting consultants, employees, suppliers, and others. Establishing a confidential
hotline can also be an important source of information leading to fraud discovery, as part of an
organisation’s overall ethics, compliance, and fraud prevention program.
If fraud or improprieties are asserted or discovered, the Audit Committee - through the
External Auditor, Internal Audit, or accounting consultants, as appropriate - should
investigate, and, if necessary, retain legal counsel to assert claims on the organisation’s behalf.
If fraud is discovered, or there is a reasonable basis to believe that fraud may have occurred,
the Audit Committee is responsible for ensuring that an investigation is undertaken. Criteria
Conclusion
Audit Committees are required to play a pivotal role in the prevention and deterrence of fraud,
and to take appropriate action in the discovery of fraud. Independent accountants, hired by the
Audit Committee and Internal Audit will continue to play an important part in the process.
Internal control over financial reporting has always been a major area in the governance of an
organisation, and this importance has been magnified in recent years. This document is
intended to give Audit Committee members basic information about internal control to
understand what it is, what it is not, how it can be used most effectively in the organisation,
and the requirements of management with respect to the system of internal control over
financial reporting. Note that the primary responsibility of the Audit Committee with respect
to internal control is the system of internal control over financial reporting.
Internal control can be judged as effective in each of these categories if the Board of Directors
and management have reasonable assurance that:
1. They understand the extent to which the entity’s operations objectives are being
achieved.
2. Published financial statements are being prepared reliably.
3. Applicable laws and regulations are being complied with.
The COSO Framework went on to say that internal control consists of five interrelated
components as follows:
1
The Audit Committee of Sponsoring Organisations consists of the American Institute of CPAs
(AICPA), the Institute of Management Accountants (IMA), the Institute of Internal Auditor (IIA),
Financial Executives International (FEI), and the American Accounting Association (AAA).
2
The COSO publication Internal Control—Integrated Framework (Product Code Number 990012), may
be purchased through the AICPA store.
3. Control activities. Policies and procedures that help ensure that management
directives are carried out. Control activities occur throughout the organisation at all
levels in all functions. These include activities like approvals, authorisations,
verifications, reconciliations, reviews of operating performance, security of assets and
segregation of duties.
These five components are linked together and form an integrated system that should react
dynamically to changing conditions. The internal control system is intertwined with the
organisation’s operating activities, and is most effective when controls are built into the
organisation’s infrastructure becoming part of the very essence of the organisation.
An effective internal control structure can actually be part of the competitive advantage of the
organisation.
There are a few terms that you will hear frequently when discussing internal control, and
these are identified and described as follows:
Reportable condition. Has the same meaning as the term “significant deficiency.” These two
terms are used to define a significant deficiency in the design or operation of internal control
that could adversely affect a company’s ability to record, process, summarise and report
financial data consistent with the assertions of management in the organisation’s financial
statements. An aggregation of significant deficiencies could constitute a material weakness.
Material weakness. Defined in the auditing literature as a reportable condition in which the
design or operation of one or more of the internal control components does not reduce to a
relatively low level the risk that misstatements caused by errors or fraud in amounts that
would be material in relation to the financial statements being audited may occur and not be
Compensating controls. Some organisations, by virtue of their size, are not able to implement
basic controls such as segregation of duties. This apparent lack of control should be overcome
through other controls, which should be expected to be more rigorous in this situation than in
a situation where the basic control exists. This compensating control could be a permanent
part of the control system, or just temporary if a basic control is not able to function for some
period of time.
Internal control is not an absolute assurance to management and to the Board of Directors
about the organisation’s achievement of its objectives. It can only provide reasonable
assurance, due to limitations inherent in all internal control systems. For example,
breakdowns in the internal control structure can occur due to simple error or mistake, as well
as faulty judgments that could be made at any level of management. In addition, controls can
be circumvented by collusion or by management override. Finally, the design of the internal
control system is a function of the resources available, meaning that there must be a cost-
benefit analysis in the design of the system.
Everyone in the organisation has some role to play in the organisation’s internal control
system.
In a public company, the CFO and CEO are required to certify that they (among other things):
CEO. The CEO has ultimate responsibility and “ownership” of the internal control system.
The individual in this role sets the tone at the top that affects the integrity and ethics and other
factors that create the positive control environment needed for the internal control system to
thrive. Aside from setting the tone at the top, much of the day-to-day operation of the control
system is delegated to other senior managers in the company, under the leadership of the
CEO.
CFO. Much of the internal control structure flows through the accounting and finance area of
the organisation under the leadership of the CFO. In particular, controls over financial
reporting fall within the domain of the Chief Financial Officer. The Audit Committee should
use interactions with the CFO, and others, as a basis for their comfort level on the internal
control over financial reporting.
This is not intended to suggest that the CFO must provide the Audit Committee with a level of
assurance regarding the system of internal control over financial reporting. Rather, through
interactions with the CFO and others, the Audit Committee should get a “gut feeling” about
the completeness, accuracy, validity and maintenance of the system of internal control over
financial reporting.
Controller. Much of the basics of the control system come under the domain of this position.
It is key that the Controller understand the need for the internal control system, is committed
to the system, and communicates the importance of the system to all people in the accounting
organisation. Further, the Controller must demonstrate respect for the system though his or
her actions.
Internal Audit. A main role for the Internal Audit team is to evaluate the effectiveness of the
internal control system and contribute to its ongoing effectiveness. With Internal Audit
reporting directly to the Audit Committee of the Board of Directors and/or the most senior
levels of management, it is often this function that plays a significant role in monitoring the
internal control system.
All Other Personnel. The internal control system is only as effective as the employees
throughout the organisation that must comply with it. Employees throughout the organisation
Compensating Controls
It is important to realise that both the design and compliance with the internal control system
is important. The Audit Committee should be “tuned-in” to the tone-at-the-top of the
organisation as a first indicator of the functioning of the internal control system.
In addition, the Audit Committee should realise that the system of internal control should be
scaled to the organisation. Some organisations will be so small, for example, that they will
not be able to have appropriate segregation of duties. The message here is that the lack of
segregation of duties is not automatically a material weakness, or even a reportable condition,
depending on the compensating controls that are in place.
For example, suppose a company’s accounting department is so small that it is not possible to
segregate duties between the person that does the accounts payable, and the person that
reconciles the bank statements. In this case, it is one and the same person, so the implication
is that there are no checks and balances on the accounts payable person, who could be writing
cheques to a personal account, then passing on them during the bank reconciliation process
(that is, there is no one to raise the red flag that personal cheques are being written on the
company account).
Compensating controls could make up for this apparent breech in the internal control system.
• All cheques are hand signed by officers of the company, rather than using a signature
plate that is in the control of the person that prepared the cheques.
• The bank reconciliation may be reviewed by the person’s manager.
• A periodic report of all cheques that are cleared at the bank could be prepared by the
bank and forwarded to an officer of the company for review.
The Audit Committee should be aware of situations like this, and be prepared to ask questions
and evaluate the answers when an obvious breach in internal control surfaces.
Another area that the Audit Committee needs to focus on is the ability of management to
override internal controls over financial reporting to perpetrate a fraud. Examples of
techniques used by management in overriding internal controls over the financial reporting
function include:
• Back dating sales documents to a prior period;
• Making adjusting entries during the financial reporting closing process; or
• Reclassifying items improperly between the income statement and the balance sheet.
The Audit Committee has the responsibility to help prevent or deter a management override of
controls. It is important for the Audit Committee to understand that there is a system to
uncover an override, as well as follow-up to determine its appropriateness. Questions about
management override, and the controls over management override, as well as audit steps to
detect if a management override has occurred, should be addressed to the CEO, CFO, CAE,
and External Auditor during the respective executive sessions with the Audit Committee.
Conclusion
This document should have given you a sense of what people mean when they refer to
internal control. The concepts are not complex, but sometimes the application of internal
control can be a challenge in an organisation, depending on its size and the corporate culture.
However, it is vitally important to design the system of internal control to achieve the
objectives of:
• Effectiveness and efficiency of operations;
• Reliability of financial reporting; and
• Compliance with applicable laws and regulations.
This questionnaire focuses on the five interrelated components of an internal control system,
as described in the COSO Internal Control – Integrated Framework3 publication.
The Audit Committee’s role in the internal control structure of the Company focuses on
internal controls over financial reporting and the various systems (human resources,
computing, and other) available to support that process, and this document is created to
facilitate that role. The Audit Committee needs to be assured that the controls are in place and
operating effectively.
This can be achieved through the Audit Committee’s interaction with senior management,
External Auditor, Internal Audit, and other key members of the financial management team.
Instructions for Using this Document
This questionnaire is created around the five interrelated components of an internal control
structure. Within each component is a series of questions that the Audit Committee should
focus on to assure itself that controls are in place and functioning. These questions should be
discussed in an open forum with the individuals that have a basis for responding to the
questions.
3
The questions in this questionnaire are adapted from “Evaluation Tools,” Volume 2 of the COSO
Internal Control – Integrated Framework, published September 1992, by the Audit Committee of
Sponsoring Organisations.
1. Are the Audit Committee’s responsibilities defined in a charter? If so, is the charter
updated annually and approved by the Board of Directors?
2. Are Audit Committee members independent of the company and of management? Do
Audit Committee members have the knowledge, industry experience, and financial
expertise to serve effectively in their role?
3. Are a sufficient number of meetings held, and are the meetings of sufficient length and
depth to cover the agenda, and provide healthy discussion of issues?
4. Does the Audit Committee constructively challenge management’s planned decisions,
particularly in the area of financial reporting, and probe the evaluation of past results?
5. Are regular meetings held between the Audit Committee and the Chief Financial
Officer, the Chief Audit Executive, other key members of the financial management
and reporting team, and the External Auditor? Are executive sessions conducted on a
regular basis?
6. Does the Audit Committee approve Internal Audit’s annual audit plan?
7. Does the Audit Committee receive key information from management in sufficient
time in advance of meetings to prepare for discussions at the meetings?
8. Does a process exist for informing Audit Committee members about significant issues
on a timely basis and in a manner conducive to the Audit Committee having a full
understanding of the issues and their implications?
9. Is the Audit Committee informed about personnel turnover in key functions including
the audit team, senior executives, and key personnel in the financial accounting and
reporting teams? Are unusual employee turnover situations observed for patterns or
other indicators of problems?
1. Is the organisational structure within the accounting function and the Internal Audit
function appropriate for the size of the organisation?
2. Are key managers in the accounting and Internal Audit functions given adequate
definition of their responsibilities?
1. Are policies and procedures in place for hiring, training, promoting, and compensating
employees in the accounting and Internal Audit functions?
2. Do employees understand that sub-standard performance will result in remedial
action?
3. Is remedial or corrective action taken in response to departures from approved
policies?
4. Do employees understand the performance criteria necessary for promotions and
salary increases?
Risk Assessment
1. Does the organisation consider risks from external sources such as creditor demands,
economic conditions, regulation, labour relations (e.g. unions), etc.?
2. Does the organisation consider risks from internal sources such as key employees
(retention and succession planning), financing and the availability of funding for key
programs, competitive compensation and benefits, information systems security and
backup systems?
3. Is the risk of a misstatement in the financial statements considered and are steps taken
to mitigate that risk?
4. If applicable, are the risks associated with foreign/off-shore operations considered,
including their impact on the financial reporting process?
Control Activities
1. Does the organisation have a process in place to ensure that controls as described in its
policy and procedures manuals are applied as they are meant to be applied?
2. Do the policy and procedures manuals document all important policies and
procedures? Are these policies and procedures reviewed and updated on a regular
basis? If so, by whom?
Monitoring
On the strategic processes for risk, control and governance, how do we know:
1. That the risk management culture is appropriate?
2. That there is a comprehensive process for identifying and evaluating risk, and for
deciding what levels of risk are tolerable?
3. That the Risk Register is an appropriate reflection of the risks facing the organisation?
4. That appropriate ownership of risk is in place?
5. That management has an appropriate view of how effective internal control is?
6. That risk management is carried out in a way that really benefits the organisation or is
it treated as a box ticking exercise?
7. That the organisation as a whole is aware of the importance of risk management and of
the organisation’s risk priorities?
8. That the system of internal control will provide indicators of things going wrong?
9. That the Statement on Internal Control is meaningful, and what evidence underpins it?
10. That the Statement on Internal Control appropriately discloses action to deal with
material problems?
11. That the Board of Directors is appropriately considering the results of the
effectiveness review underpinning the Statement on Internal Control?
On the planned activity and results of both internal and external audit, how do we
know:
1. That the Internal Audit strategy is appropriate for delivery of a positive reasonable
assurance on the whole of risk, control and governance?
2. That the periodic audit plan will achieve the objectives of the Internal Audit strategy,
and in particular is it adequate to facilitate a positive, reasonable assurance?
3. That Internal Audit has appropriate resources, including skills, to deliver its
objectives?
4. That Internal Audit recommendations agreed by management are actually
implemented?
Audit Committee Handbook Page 38
5. That any issues arising from line management not accepting Internal Audit
recommendations are appropriately escalated for consideration?
6. That the quality of Internal Audit work is adequate? / What does application of the
Internal Audit Quality Assessment Framework tell us about the quality of the Internal
Audit Department?
7. That there is appropriate co-operation between Internal Audit and the External
Auditor?
On the accounting policies, the accounts, and the annual report of the organisation, how
do we know:
1. That the accounting policies in place comply with relevant requirements, particularly
the Financial Reporting Manual?
2. That there has been due process in preparing the accounts and annual report and is that
process robust?
3. That the accounts and annual report have been subjected to sufficient review by
management and by the Managing Director and the Board of Directors?
4. That when new accounting issues arise, appropriate advice on accounting treatment is
obtained?
5. That there is an appropriate anti-fraud policy in place and that losses are suitably
recorded?
6. That suitable processes are in place to ensure accurate financial records are kept? That
suitable processes are in place to ensure fraud is guarded against and regularity and
propriety is achieved?
7. That financial control, including the structure of delegations, enables the organisation
to achieve its objectives with good value for money?
8. If there are any issues likely to lead to qualification of the accounts?
9. If the accounts have been qualified, that appropriate action is being taken to deal with
the reason for qualification?
10. That issues raised by the External Auditor are given appropriate attention?
All members of the Audit Committee shall have, or acquire as soon as possible after
appointment:
• Understanding of the objectives of the organisation and current significant issues for
the organisation;
• Understanding of the organisation’s structure, including key relationships;
• Understanding of the organisation’s culture;
• Understanding of any relevant law or other rules governing the organisation;
• Broad understanding of the organisation’s environment, particularly accountability
structures and current major initiatives.
1. Does the Audit Committee have written terms of reference that adequately and
realistically define the Audit Committee’s role?
2. Have the terms of reference been adopted by the Board of Directors?
3. Are the terms of reference reviewed annually to take into account governance
developments (including integrated governance principles) and the remit of other
Committees within the organisation?
4. Has the Audit Committee established a plan for the conduct of its own work across the
year?
5. Has the Audit Committee been provided with sufficient membership, authority and
resources to perform its role effectively and independently?
6. Are changes to the Audit Committee’s current and future workload discussed and
approved at Board of Directors level?
7. Are Audit Committee members independent of the management team?
8. Does the Audit Committee report regularly to the Board of Directors?
9. Are members, particularly those new to the Audit Committee, provided with training?
10. Does the Board ensure that members have sufficient knowledge of the organisation to
identify key risk areas and to challenge both line management and the External
Auditor on critical and sensitive matters?
11. Does at least one Committee member have a financial background?
12. Does the Audit Committee prepare an annual report on its work and performance in
the preceding year for consideration by the Board of Directors?
1. Does the Audit Committee have a mechanism to keep it aware of topical, legal and
regulatory issues?
1. Has the Audit Committee formally considered how it integrates with other
Committees that are reviewing risk e.g. risk management?
2. Has the Audit Committee formally considered how its work integrates with wider
performance management and standards compliance?
3. Has the Audit Committee been briefed on its assurance responsibilities with regard to
internal control and risk management, particularly with regard to the Statement on
Internal Control, the Assurance Framework and the Chief Audit Executive’s opinion?
Internal Audit
External Audit
1. Do the External Auditor present their audit plans and strategy to the Audit Committee
for approval?
2. Has the Audit Committee satisfied itself that work not relating to the financial
statements work is adequate and appropriate?
3. Does the Audit Committee receive and monitor actions taken in respect of prior years’
reviews?
4. Does the Audit Committee review the External Auditor's annual audit letter?
5. Does the Audit Committee hold periodic private discussions with the External
Auditor?
6. Does the Audit Committee assess the performance of the External Auditor?
Annual Accounts
1. Is the Audit Committee's role in the approval of the annual accounts clearly defined?
2. Is a Committee meeting scheduled to discuss proposed adjustments to the accounts
and issues arising from the audit?
3. Does the Audit Committee annually review the accounting policies of the
organisation?
Administrative Arrangements
1. Does the Audit Committee have a plan of matters to be dealt with over the coming
year?
2. Are papers circulated in good time and are minutes received as soon as possible after
the meetings?
3. Does the Audit Committee meet the appropriate number of times to deal with planned
matters?
4. Are Committee papers distributed in sufficient time for members to give them due
consideration?
5. Are Committee meetings scheduled prior to important decisions being made?
6. Is the timing of Committee meetings discussed with all the parties involved?
Other Issues
Audit Committee members, when carrying out their assessment of the effectiveness of the
organisation’s corporate governance arrangements, may wish to consider (in addition to
reviewing reports from both Internal Audit and the External Auditor) the following questions
and any assurances they might deem appropriate.
The questions are included for guidance only. They are not intended to be exhaustive and will
need to be tailored to the particular circumstances of the organisation.
1. Has the Board of Directors taken steps to ensure that it is of sufficient size such that
the balance of skills and experience is appropriate for the organisation, yet not so large
as to become unwieldy?
2. Do the independent members of the Board of Directors form a majority for voting
purposes?
3. Has the Board of Directors taken steps to ensure that power and information are not
concentrated in one individual?
4. Does the Board of Directors meet regularly and are meetings well attended?
5. Has the Board of Directors defined its quorum requirements and what happens if it is
not quorate at the outset of a meeting?
1. Does the Board of Directors recognise its collective responsibility and accountability
for the success of the organisation?
2. Does the Board of Directors recognise its collective responsibility for risk
management, internal control and the governance of the organisation?
3. Is there a formal schedule of matters specifically reserved for decision by the Board of
Directors?
4. Has the Board of Directors developed formal financial and operational procedures to
regulate the organisation?
5. Are the roles of Chairperson of the Board of Directors clearly established, set out in
writing and agreed by the Board of Directors?
6. Are there clearly defined roles and responsibilities for members of the Board of
Directors and senior staff?
7. Is there a formal and transparent structure of delegated powers and authorities?
1. Has the Board of Directors established appropriate procedures to ensure that all
applicable laws and regulations are complied with?
2. Has the Board of Directors established procedures to ensure that funds are: properly
safeguarded; used economically, efficiently and effectively; and used for the purpose
they were intended?
3. Has the Board of Directors taken steps to ensure that its members conduct themselves
in accordance with high standards of personal behaviour? Is there a formal definition
of the standards of behaviour expected of members of the Board of Directors and
senior staff?
4. Has the Board of Directors established procedures to identify, record and monitor
conflicts of interest?
5. Is there an agenda item at the beginning of each Board of Directors meeting that
requires members attending to declare any interest that any of them may have in the
business of that meeting?
1. Is there a formal, rigorous and transparent procedure for appointing new members to
the Board of Directors and its Committees?
2. Has the Board of Directors appointed a nominations Committee, with a majority of
independent members, to develop recommendations?
3. Are appointments to the Board of Directors made on merit and against objective
criteria?
4. Does the Board of Directors have plans in place for the orderly succession of members
of the Board of Directors and senior management, so as to maintain an appropriate
balance of skills and experience within the organisation?
5. Are members of the Board of Directors and key Committees required to submit
themselves for re-election at regular intervals, subject to continued satisfactory
performance?
6. Are the duties, terms of office and remuneration (if any) of the members of the Board
of Directors clearly defined?
1. Has the Board of Directors taken steps to ensure that it and its Committees are
supplied in a timely manner with information in a form and of a quality appropriate to
enable it to discharge its duties?
2. Does the Board of Directors take steps to ensure that its members, and any individuals
co-opted to its Committees, receive an appropriate induction on joining the Board of
Directors and its Committees?
Performance Evaluation
1. Does the Board of Directors undertake a formal and rigorous regular evaluation of its
own performance and that of its Committees and individual members of those bodies?
The Audit Committee is required to prepare an annual report for submission to the Board of
Directors. The Audit Committee annual report should be supported by the Internal Audit
annual report, which would therefore normally accompany it. The annual report should be
prepared as early as possible after the end of each financial year, with the aim of it being
available before the annual financial statements are signed. The report should be signed and
dated by the Chairperson of the Audit Committee. This model indicates what could be
included in the annual report.
Title
Full name of organisation, Audit Committee Annual Report, financial year. Addressed to
Board of Directors.
Introduction
Period covered; this should relate specifically to the Audit Committee’s work on the relevant
financial year. However, any additional issues should be covered where appropriate,
particularly if they affect the opinion (for example, where the previous year’s annual report
could not include something because of timing, or issues have arisen since the year end).
Membership
Names; details of changes and dates thereof; terms of office; identity of Chairperson; also
separately give details of the Secretary to the Audit Committee.
Meetings
Dates of meetings, note of members attending, and a general statement about who else is
normally in attendance.
Terms of Reference
If applicable, details of changes and their effect on the work of the Audit Committee.
Internal Audit
1. Name of provider; details of any changes made or due; fee basis; Audit Committee’s
assessment of performance for the year (including the use of performance measures
and obtaining the views of the External Auditor).
2. Review of appointment; when market testing is due for consideration.
3. Review of Chief Audit Executive annual report (which may be attached to the Audit
Committee annual report); achievement of planned work; consideration of and
External Audit
1. Name of provider; details of any changes made or due; fee basis; Audit Committee’s
assessment of performance for the year (for example, audit planning, timetable set and
met); confirmation to the Board of Directors of recommendation of annual re-
appointment (or deferral to next meeting); when market testing is due for
consideration.
2. Details of any non-audit services provided.
3. Review of the External Auditor’s management letter (draft and final versions where
appropriate); significant points arising; Audit Committee’s view of management
responses to the findings and recommendations.
4. Confirmation that the Audit Committee has held a closed meeting with the External
Auditor following completion of the external audit.
1. Where undertaken, review of specific parts of the annual accounts (preferably between
Finance Committee and Board of Directors), including members’ responsibility and
Statement on Internal Control, any relevant issue raised in Management Letter, and the
External Auditor’s formal annual opinion.
2. Review of assurances received from management and other significant assurance
providers.
3. Review of the organisation’s risk management strategy.
4. Other work, including reports, letters and other requirements (such as review or
changes to codes of audit practice); special reports or investigations not dealt with
elsewhere (e.g. on major fraud or irregularity); significant changes to the
organisation’s risk management, internal control and governance systems, other formal
certificates or returns seen; review of financial regulations, including amendments,
communication or recommendations made; issues arising on, joint ventures, subsidiary
or associated companies. Recommendations made not dealt with elsewhere.
1. Issues not relevant to the reporting year, such as forthcoming events and issues
relating to prior years.
Opinion
Introduction
All employees are encouraged to raise genuine concerns about possible improprieties in
accounting, auditing or other matters, and other malpractices, at the earliest opportunity and in
an appropriate way.
• Ensure that staff can raise concerns without fear of suffering retribution.
The policy not only covers possible improprieties in matters of financial reporting, but also:
• Fraud.
• Corruption, bribery or blackmail.
• Criminal offences.
• Failure to comply with a legal or regulatory obligation.
• Failure to properly safeguard assets.
• Miscarriage of justice.
• Endangering the health and safety of an individual.
• Concealment of any of the above.
Principles
If any employee believes reasonably and in good faith that malpractice exists in the
workplace, then they should report this immediately to their Head of Department. However, if
for any reason they are reluctant to do so, they should report their concerns to the Director of
Human Resources.
If these channels have been followed and employees still have concerns, or feel that the
matter is so serious that it cannot be discussed with any of the above, they should contact the
Chairperson of the Audit Committee on (tel).
Individuals who raise concerns internally will be informed of who is handling the matter, how
they can make contact with them, and if any further assistance is required. We will give as
much feedback as we can without any infringement of a duty of confidence owed by us to
someone else.
An individual’s identity will not be disclosed without prior consent. Where concerns are
unable to be resolved without revealing the identity of the person raising the concern (e.g. if
that person’s evidence is required in court), we will enter into a dialogue with the individual
concerned as to whether and how we can proceed.
This document sets out the policy for the appointment and remuneration of the External
Auditor for any work undertaken on behalf of the organisation. It outlines the control
processes that will be put in place to ensure compliance with the policy.
Statutory Audit
The Chief Financial Officer will recommend the overall fee for statutory audit to the Audit
Committee. It is the responsibility of the Audit Committee to review the proposed audit fee
and recommend it to the Board of Directors for approval.
The Audit Committee will review the independence and effectiveness of the External Auditor
on an annual basis.
While it is difficult to be precise about the definition of other work the External Auditor may
undertake as Auditor, it includes the following:
• Any other review of the accounts for regulatory purposes;
• Assurance work related to compliance and corporate governance, including high-level
controls;
• Regulatory reviews commissioned by the Audit Committee;
• Accounting advice and reviews of accounting standards.
The Chief Financial Officer must clear the appointment of the External Auditor for any such
work in advance with the Chairperson of the Audit Committee.
The Audit Committee will receive a quarterly report analysing fees paid for non-audit
services, with additional commentary on assignments agreed during the quarter.
The External Auditor may provide tax advisory services, including tax planning and
compliance, provided such advice does not conflict with the External Auditor’s statutory
responsibilities and ethical guidance.
The Audit Committee will determine whether the appointment of the External Auditor for any
tax work would conflict with the External Auditor’s statutory duties. Any tax assignment in
excess of (€x) requires the approval of the Chief Financial Officer, who will consult with the
Chairperson of the Audit Committee in respect of any assignment over (€y). The Audit
Committee will receive a quarterly report on the tax advisory services provided by the
External Auditor.
There may be occasions when the External Auditor is best placed to undertake other
accounting, investigatory, advisory and consultancy work on behalf of the organisation,
because of the External Auditor’s in-depth knowledge of the organisation. However, the
following are specifically prohibited:
• Work related to accounting records and financial statements that will ultimately be
subject to external audit;
• Management of, or significant involvement in, Internal Audit;
• Secondments to management positions that involve any decision-making;
• Any work where a mutuality of interest is created that could compromise the
independence of the External Auditor;
• Any other work which is prohibited by ethical guidance.
Any assignment in excess of (€x) can only be awarded to the External Auditor after
competitive tender. The inclusion of the External Auditor on a tender list requires the prior
approval of the Chief Financial Officer. The Chief Financial Officer will consult with the
Chairperson of the Audit Committee regarding any tender for work in excess of (€y). Details
of all such work and fees paid will be reported quarterly to the Audit Committee.
The Audit Committee has adopted the following policy regarding the employment of former
employees of the organisation’s External Auditor.
For the purposes of this policy, the “External Auditor” means any partner, director, manager,
staff, reviewing actuary or reviewing tax professional associated with the organisation’s
External Auditor who works on any aspect of the annual audit of the organisation’s financial
statements.
For the purposes of this policy, “employee of the organisation’s External Auditor” includes
any person regularly providing professional services on behalf of the External Auditor,
regardless of whether that person is legally an employee of the firm. For example, if the
External Auditor is a partnership, a partner would be deemed an “employee of the
organisation’s External Auditor”. For the purposes of these guidelines, ‘organisation’ includes
ABC Company and its subsidiaries.
No employee of the External Auditor can be hired to a financial reporting oversight role
within two years of their association with the audit. A financial oversight role is any position
that has direct responsibility for overseeing those who prepare the organisation’s financial
statements.
No former employee of the organisation’s External Auditor may join the senior executive
team without the approval of the Director of Human Resources and the Chairperson of the
Audit Committee.
Each year, the Director of Human Resources shall inform the Audit Committee of any former
employees of the External Auditor employed by the organisation in the preceding year.
The following is a suggested checklist framework for the Audit Committee to carry out a
formal review of the effectiveness and efficiency of the External Auditor.
It provides the Audit Committee with a disciplined approach to keeping the External Auditor’s
performance under review.
It will also help to ensure that the External Auditor remains alert to the organisation’s needs
and to maintaining an appropriate relationship with the executive management, the Audit
Committee and the Board of Directors as a whole.
This is not an exhaustive list of questions. The Audit Committee should tailor and adapt the
questions to the specific circumstances.
In carrying out its assessment, the Audit Committee should also consider the views of other
parties who come into contact with the external audit team, such as the Chief Financial
Officer and Internal Audit.
1. What is the reputation of the External Auditor? Are there recent or current litigation
cases against the firm?
2. What is the reputation and presence of the External Auditor in the organisation’s
sector?
3. Does the External Auditor have the required resources to audit the organisation?
Quality Processes
1. What quality control processes does the External Auditor operate? (Factors to be
considered include the level and nature of review procedures, the approach to audit
judgements and issues, independent quality control reviews and the External Auditor’s
approach to risk.)?
2. How are partners and key members of the engagement team rewarded? Do these
compensation arrangements threaten the External Auditor’s independence?
3. What is the External Auditor’s process for internal review of accounting judgements,
including an understanding of the key issues?
4. What relevant specialists does the External Auditor employ and how are these
deployed to the audit process?
Audit Team
1. Do the individuals assigned to the external audit team have the requisite expertise
regarding the higher education sector?
2. Are sufficient resources allocated to the audit?
1. Is the scope of external audit adequate to address all of the financial reporting risks
facing the organisation?
2. Does the External Auditor agree the audit scope and plan with the Audit Committee?
3. Is specialist input to the external audit in areas such as taxation and pensions at an
appropriate level?
4. Are all the organisation’s key subsidiaries and business ventures covered by the
external audit?
5. What is the External Auditor’s approach to seeking and assessing management
representations?
6. Does the External Auditor have an effective working relationship with Internal Audit?
Audit Fee
1. Is the external audit fee reasonable given the scope of the external audit, and how does
it compare with that for other similarly sized organisations?
2. How are differences between actual and budgeted fees handled? Are overruns
reasonable and explained to the Audit Committee?
3. Is the quantum of non-audit fees likely to have an impact on audit objectivity?
Audit Communications
1. Does the External Auditor advise the Audit Committee on a timely basis about
significant issues and new developments regarding risk management, corporate
governance, financial accounting and related risks and controls?
2. Does the External Auditor discuss the critical accounting policies and whether the
accounting treatment is conservative or aggressive?
3. Does the External Auditor contribute positively in Audit Committee meetings (and
private sessions)? Are the External Auditor’s papers and oral communications clear,
concise, open, focused and robust?
4. Does the External Auditor resolve accounting issues in a timely manner and keep
management and the Audit Committee apprised of progress as appropriate?
5. Does the External Auditor seek feedback on the quality and effectiveness of the
service it provides? Does it listen and take appropriate action to remedy any issues?
1. Does the External Auditor employ open lines of communication/reporting with the
Audit Committee?
2. Are unadjusted audit differences and significant weaknesses in internal controls
clearly communicated on a timely basis?
3. Do the individuals assigned to the audit demonstrate a high degree of integrity in their
dealings with the Audit Committee?
4. Does the External Auditor discuss with the Audit Committee its internal process for
ensuring independence?
5. Does management hold the External Auditor in high regard? Does it consider the audit
process to be objective and challenging?
(The Board of Directors should be notified of any material difference between this model
letter and the External Auditor’s letter.)
1.As appointed Auditor of (organisation) we agree to the following basis on which we shall
perform our duties.
2.We understand that the Board of Directors (this will require modification where the Board
of Directors does not appoint the Auditor) will assess the Auditor’ work in each year and
undertake a detailed review of the appointment at least every three years. Remuneration will
be fixed by the Board of Directors on the advice of the Audit Committee.
3.We confirm that we are qualified as Auditor in accordance with relevant legislation.
4.We recognise that the Board of Directors is responsible on behalf of the organisation for:
Standards of Audit
5.We will undertake the audit of the organisation’s financial statements and such other matters
as the Board of Directors requires in accordance with Generally Accepted Auditing Standards,
having regard to applicable auditing guidelines and auditing standards issued by the relevant
authorities.
a.We as Auditor, are responsible for making a report to the Board of Directors on the
financial statements which are to be laid before the Board of Directors during our tenure
of office.
6.Our report will state whether in our opinion the financial statements show a true and fair
view of the organisation’s affairs at 31 December, and of the cash flow and income and
expenditure for the year then ended.
7.In arriving at our opinion we are required to consider the following matters and to report on
any aspect where we are not satisfied, namely whether:
• Proper records are being kept by the organisation;
• The financial statements agree with the accounting records;
• We have obtained all the information and explanations we think are necessary
for the purpose of our audit;
• The financial statements comply with all legislative or regulatory
requirements.
8.We will also report to the Board of Directors as to whether, in all material respects, monies
expended from whatever source, administered by the organisation for specific purposes, have
been properly applied to those purposes and, if appropriate, managed in compliance with any
relevant legislation.
9.We agreed with the organisation the wording of an unqualified audit report at the time of
our appointment. Any subsequent modifications or qualifications will be based on our
professional judgement, but will comply with Generally Accepted Auditing Standards.
10.We undertake to report to the Board of Directors any significant matters arising from the
audit which might lead to material errors or have an impact on future audits. This could
include areas where economies might be made or resources could be used more effectively,
with advice for improvement. The management letter could include:
• Weaknesses in the structure of accounting systems and internal control;
• Deficiencies in the operation of accounting systems and internal control,
including Internal Audit;
That the work of Internal Audit has been assessed, and the extent to which
reliance can be placed on the work of Internal Audit in support of external
audit work;
• Inappropriate accounting practices and regulations;
• Non-compliance with legislation, accounting standards, Board of Directors
requirements or other regulations.
12.We will report in writing to the Board of Directors any serious weaknesses, fraud,
irregularities or accounting breakdowns we come across in the normal course of our duties.
Other Work
13.We may be asked from time to time to provide additional services beyond the scope of the
audit described above. This could involve investigation work and value for money reviews.
Precise requirements will be agreed between the Board of Directors and ourselves in a
separate engagement letter before any work is undertaken. Any systems development or
consultancy work will be the responsibility of separate staff.
Access
14.We shall have rights of access at all times to the books, accounts and vouchers of the
organisation and to such information and explanations as we think necessary to perform our
duties. We also expect to have access to Internal Audit files and working papers. We, in turn,
agree to comply with any requests from Internal Audit and the Board of Directors for access
to any information, files or working papers obtained or prepared during our audit which they
need to discharge their responsibilities. Where necessary, the Board of Directors will
exchange letters dealing with confidentiality and the terms under which access is given with
both parties.
15.We shall have the right of access to the Chairperson of the Audit Committee, the right to
ask the Chairperson to convene a meeting of the Audit Committee if necessary, and the right
to attend Audit Committee meetings where relevant business is to be discussed.
Annual Meetings
16.We will be entitled to attend the meeting of the Board of Directors to which the
organisation’s annual reports and financial statements of accounts are presented. We will also
be entitled to receive all notices of and other communications relating to that meeting which
any member of the Board of Directors is entitled to receive, and to be heard at any such
meeting on any part of the business which concerns us as External Auditor.
Termination of Appointment
17.We understand that if there are serious shortcomings on our part the Board of Directors
may pass a resolution to remove us before the expiry of our term of office, notwithstanding
any agreement between us and the organisation.
18.(A paragraph setting out the External Auditor’s terms for charging and collecting fees
should be included.)
Other Terms
19.(The External Auditor may include certain additional paragraphs for internal purposes, for
example on confidentiality, conflicts of interest, quality of service, complaints procedure and
legal jurisdiction.)
Agreement of Terms
20.If the contents of this letter are not in accordance with your understanding of the
arrangements made, we shall be pleased to receive your observations and give you any further
information you require. Otherwise we shall be grateful if you would confirm in writing your
agreement to the terms of this letter by signing the enclosed copy and returning it to us. Once
agreed, this letter will remain effective from one audit appointment to another until it is
replaced.
Yours Sincerely
On behalf of the Board of Directors of (organisation), I confirm that the above terms are
satisfactory.
Signed
Position
Date
The Internal Audit function is a key mechanism in the internal control structure, so careful
efforts must be taken in hiring the right Chief Audit Executive (CAE), one that fits the needs
of the organisation with the necessary technical expertise, but also one that meets other
requirements (industry experience, temperament, integrity, management and human
relationship skills, etc.).
A critical activity of the Audit Committee is to be involved in the hiring of the CAE of the
organisation. The CAE will have a high degree of interaction with the Audit Committee, so
the Audit Committee should be comfortable working with this person. In many companies,
the CAE will report functionally to the Audit Committee and administratively to a senior
executive of the company.
CAE Qualifications
The following questions are ones the Audit Committee should consider asking candidates that
have passed the initial employment screening by either the organisation’s human resources
department or an outside recruiting firm. Note that some sample questions may not be
appropriate for your organisation or the candidate.
The Internal Audit Department is responsible for evaluating and reporting to the
organisation’s Audit Committee and Board of Directors, thereby providing them with
assurance on the arrangements for risk management, control and governance. It remains the
duty of management, not Internal Audit, to operate these arrangements.
Scope
The entire organisation’s activities fall within the remit of the Internal Audit Department. The
Internal Audit Department will consider the adequacy of controls necessary to secure
propriety, economy, efficiency and effectiveness in all areas. It will seek to confirm that
management has taken the necessary steps to achieve these objectives and manage the
associated risks.
The scope of Internal Audit work should cover all operational and management controls, and
should not be restricted to the audit of systems and controls necessary to form an opinion on
the financial statements. This does not imply that all systems will be subject to review, but
rather that all will be included in the audit risk assessment and hence considered for review
following the assessment of risk.
It is not within the remit of the Internal Audit Department to question the appropriateness of
policy decisions. However, Internal Audit is required to examine the arrangements by which
such decisions are made, monitored and reviewed, and related risks identified and managed.
The Internal Audit Department may also conduct any special reviews requested by the Board
of Directors, Audit Committee or Management, provided such reviews do not compromise its
objectivity or independence, or achievement of the approved audit plan.
Responsibilities
The Chief Audit Executive is required to give an annual opinion to the Board of Directors,
through the Audit Committee, on the adequacy and effectiveness of the arrangements for risk
management, control and governance and for economy, efficiency and effectiveness (value for
money) within the organisation, and the extent to which the Board of Directors can rely on
these. The Chief Audit Executive should also comment on other activities for which the Board
of Directors is responsible, and to which the Internal Audit Department has access.
To provide the required assurance, the Internal Audit Department will undertake a programme
of work, based on a strategy authorised by the Board of Directors or the Audit Committee.
The Internal Audit Department’s work will be performed with due professional care, in
accordance with Generally Accepted Auditing Standards.
In achieving its objectives, the Internal Audit Department will develop and implement an
audit strategy that assesses the organisation’s arrangements for risk management, control and
governance and for achieving value for money.
The Chief Audit Executive will implement measures to monitor the effectiveness of the
Department and compliance with standards. The Audit Committee will consider and approve
these performance measures and may also ask the External Auditor to provide an independent
assessment of Internal Audit’s effectiveness.
Independence
The Internal Audit Department has no executive role, nor does it have any responsibility for
the development, implementation or operation of systems. However, it may provide
independent and objective advice on risk management, control and governance, value for
money and related matters, subject to resource constraints.
Within the organisation, responsibility for risk management, control and governance
arrangements and the achievement of value for money rests with the Board of Directors and
the Management, who should ensure that appropriate and adequate arrangements exist
without reliance on the organisation’s Internal Audit Department. Where there are differences
of opinion between Internal Audit and the Management, the Board of Directors (on the advice
of the Audit Committee) should ultimately determine whether or not to accept audit
recommendations, recognise and accept the risks of not taking action, and instruct
management to implement recommendations.
Access
The Internal Audit Department has rights of access to all the organisation’s records,
information and assets which it considers necessary to fulfil its responsibilities. The Chief
Audit Executive has a right of direct access to the Chairperson of the Board of Directors and
the Chairperson of the Audit Committee. In turn, the Internal Audit Department agrees to
comply with any requests from the External Auditor for access to any information, files or
Reporting
The Chief Audit Executive must submit an annual report to the Board of Directors through the
Audit Committee. This report must relate to the organisation’s financial year, and include any
significant issues affecting the opinion up to the date of preparing the report.
The report should give an opinion on the adequacy and effectiveness of the organisation’s
arrangements for:
• Risk management, control and governance;
• Economy, efficiency and effectiveness; and
• The extent to which the Board of Directors can rely on them.
The Chief Audit Executive should also prepare, before the beginning of the year, an audit risk
assessment and audit plan supported by an assessment of resource needs. These should be
submitted to the Board of Directors for approval following consultation with relevant
managers, and after consideration by the Audit Committee.
The Chief Audit Executive is accountable to the Board of Directors through the Audit
Committee for the performance of the service. The Chief Audit Executive should also report
audit findings to relevant managers and draw the attention of the Audit Committee to key
issues and recommendations. This may be done by providing the Audit Committee with
copies of all reports, or by reporting on an exception basis, or by providing a summary of key
issues.
The Internal Audit Department should usually produce its reports, in writing, within one
month of completing each audit, giving an opinion on the system reviewed and making
recommendations to improve systems where appropriate. Such reports should be copied to the
Audit Committee and to the External Auditor, entirely or in summary. Managers will be
required to respond to each audit report, usually within one month of issue, stating their
proposed action with a timetable for implementing agreed recommendations. Material
recommendations will usually be followed up within a defined timescale. In addition, the
Audit Committee will monitor the implementation of audit recommendations.
The Chief Audit Executive should report to the Management any serious weaknesses,
significant fraud or major accounting breakdown discovered during the normal course of audit
work. If the Management refuses to report the matter to the Chairperson of the Audit
Committee and to the Chairperson of the Board of Directors, then the Chief Audit Executive
must report to them directly.
Liaison
The Chief Audit Executive will liaise with the External Auditor to optimise the audit services
provided to the organisation.
Although the nature of every engagement will be different, the initial steps the Audit
Committee (or its designee) should undertake when engaging external resources include the
following:
1. Determine that the expert/adviser has the competence and experience to perform the
requested service. Check references with other clients of the service provider.
2. Determine whether the expert/adviser has a conflict of interest with respect to the
organisation. Such a conflict might arise if the expert/adviser has a relationship with
the External Auditor, or if they provide service to a competitor. Depending on the
nature of the service to be offered, a conflict could arise if the expert/adviser has a
relationship with a member of the Board of Directors, or a member of the
organisation’s management. Be aware of other potential conflicts of interest that may
distract, or undermine, the work to be done.
3. Determine if the expert/adviser has sufficient resources to perform the work in the
time frame specified by the Audit Committee.
4. Evaluate the scope of work to be performed and other issues, including the proposed
plan for payment of fees and expenses.
5. Make sure all parties (including management and the expert/adviser) understand that
the Audit Committee is the owner of the service relationship. Make sure that
management understands that the expert/adviser is working on behalf of the Audit
Committee and the Audit Committee expects management to be fully cooperative and
forthcoming with respect to any information that may be requested.
6. Determine the criteria that will be used to measure the expert’s/adviser’s work and
document those criteria in an agreement with the service provider.
Each audit plan will be different and tailored to the organisation’s needs. However, there are
common elements that the Audit Committee should expect to see when reviewing the audit
plan, albeit in practice these elements might be presented in many different ways. These
elements are as follows.
The Audit Committee should expect the audit planning document to set out that the audit plan
has been developed by:
• Taking account of the risks identified by the organisation in its risk register and other
documents;
• Using Internal Audit’s experience of the organisation and the sector more generally to
identify other areas of risk which may warrant attention;
• Discussing all identified risks and other relevant issues with the organisation’s
management to identify the potential scope of Internal Audit.
Where the organisation’s risk management policy allocates each risk a likelihood and impact
rating between ‘high’ and ‘low’, the audit plan might for example focus on ‘high’ and
‘medium’ priority risks over (say) a three-year period. However the Internal Audit is focused,
the Audit Committee should be fully informed of:
Other Reviews
The Internal Audit strategy may address some areas that do not feature as a high or medium
risk. These are nevertheless areas where the organisation would benefit from an Internal Audit
review, or they are being reviewed to provide assurance to the Audit Committee and to the
External Auditor regarding operation of the key financial and management information
systems. The audit days, fieldwork and reporting expectations for these areas should also be
identified in the audit plan.
Contingencies
Audit Committee Handbook Page 72
It is important to adopt a flexible approach in determining Internal Audit resources, in order to
accommodate any unforeseen audit needs. The audit plan should give an indication as to how
many ‘man days’ have been allowed for contingencies.
Follow-up
The Audit Committee should expect the Internal Audit plan to identify a number of audit days
relating to the following:
Where the Internal Audit is outsourced, the Audit Committee (and management) should
expect a brief introduction to the key individuals working on the audit. This might include
partners, managers and any specialist advisers.
Timing
The audit plan should set out the timing of the fieldwork and confirm the form and timeliness
of reports to management and to the Audit Committee. For example:
• A report for each area of work undertaken within X days of finishing the fieldwork;
• A progress report for each Audit Committee meeting;
• An annual report on Internal Audit coverage to the Audit Committee (reporting to fit
in with the Audit Committee meeting dates).
Internal Audit might propose a series of performance indicators against which management
and the Audit Committee can measure the audit’s performance.
Each audit report will be different and tailored to the organisation’s needs. However, there are
common elements that the Audit Committee should expect to see when reviewing the audit
reports, or a summary of those reports, albeit in practice these elements might be presented in
many different ways. These elements are as follows:
Background and introduction - Places the audit report within the context of the overall audit
plan.
Definitions - Defines any ‘priority’ or ‘risk’ terminology used in the report. For example:
• High - Inadequate systems and controls which if not addressed could expose the
organisation to significant financial, operational or reputational risk and adversely
impact on implementation of its strategic plan.
• Medium - Systems and controls which are not fully effective, and failure to improve
them could adversely affect operational plans at departmental level.
• Low - Good practice dictates that some enhancements to existing systems and controls
are desirable.
Observations and findings – Details of the control weaknesses identified during the audit,
together with any other observations.
Opinion - Sets out the Auditor’s opinion of the systems being audited.
Section A
This part of the checklist should be completed by the Audit Committee prior to feedback from
other areas of the organisation.
Understanding
2. Evaluate Internal Audit’s terms of reference in light of the organisation’s current and
future needs.
3. Are Internal Audit’s terms of reference visible to all appropriate people within the
organisation?
Skills and Experiences
1. How well does Internal Audit’s staffing reflect its roles and responsibilities?
Communication
1. Has Internal Audit attended all the Audit Committee meetings it was scheduled to
attend?
2. Has Internal Audit made itself available for consultation outside of Audit Committee
meetings?
3. Evaluate Internal Audit’s responsiveness to requests from the Audit Committee,
including requests for special investigations.
4. Evaluate Internal Audit’s frankness and candour with the Audit Committee.
5. Evaluate Internal Audit’s handling of difficult or contentious issues.
6. Does Internal Audit ensure that the Chairperson of the Audit Committee is fully
briefed on significant findings or developments prior to Audit Committee meetings?
7. Evaluate the usual level of preparation for Audit Committee meetings demonstrated by
Internal Audit.
8. Evaluate the quality, relevance and clarity of Internal Audit reports/papers tabled with
the Audit Committee.
9. Have reports been received from Internal Audit on a timely basis?
10. Does Internal Audit promptly advise the Audit Committee about significant issues and
developments, including on special projects such as fraud investigations?
11. Does Internal Audit promptly advise the Audit Committee about significant changes to
the Internal Audit plan?
12. Evaluate the strength of Internal Audit’s process for monitoring the status of open
matters / recommendations.
13. Has Internal Audit contributed to the Audit Committee’s understanding of the overall
assurance framework within the organisation and the role that Internal Audit plays in
this framework?
Performance
Section B
This part of the checklist should be completed by the Chief Financial Officer and/or other
senior managers and officers who have regular contact with Internal Audit.
Planning
1. Are Internal Audit’s terms of reference sufficiently visible to everyone within the
organisation?
2. Has there been sufficient pre-planning and co-ordination by Internal Audit before the
start of each phase of the Internal Audit or special project?
3. Has Internal Audit discussed its approach and major areas of audit focus with you?
4. Have you raised any major areas of concern that have not been reviewed by the
Internal Audit team?
1. Do you consider that the Internal Audit team have sufficient expertise, professional
experience, project management ability, interpersonal skills and seniority to effectively
carry out the work required?
2. Assess the strength of Internal Audit’s understanding of the organisation and its risk
involvement.
3. How strongly have the members of the Internal Audit team demonstrated an
appreciation of the issues key to your role and responsibilities?
4. Have members of the Internal Audit team consistently demonstrated independence in
all their deliberations?
5. Have members of the Internal Audit team been adequately supervised?
Work Programme
1. Has effective co-operation been achieved between Internal Audit and your department,
including avoidance of undue disruption to normal activities?
Overall Performance
Section C
This checklist should be completed by the External Auditor.
Terms of Reference
1. Do you consider the Internal Audit team to have the professional experience,
technical skills, interpersonal skills and seniority to effectively carry out the
Work Programme
1. Are there regular discussions between internal and external audit on strategies
for internal and external audit, assessment of risks and the implications of audit
findings/audit work?
2. Has progress against the plan been monitored jointly by internal and external
audit regularly throughout the year?
3. Have you received copies of all Internal Audit reports issued by Internal Audit?
4. Have copies of Internal Audit reports been received on a timely basis?
5. Are Internal Audit reports of a standard comparable to best practice in other
organisations?
6. To the best of your knowledge, are there any major areas of risk or concern that
Internal Audit has not appeared to cover?
Section D
Where the organisation has its own in-house Internal Audit function, the Audit Committee
might ask the Chief Audit Executive to complete this checklist (i.e. self assessment).
Understanding
1. Assess the staff mix and competences of the Internal Audit team.
2. Evaluate Internal Audit’s independence from the activities it audits.
Communication
Performance
This self-assessment has been prepared for Audit Committee members. It is intended that each
Audit Committee member will complete it independently. The assessment exercise could be
carried out at a special meeting of the Audit Committee or at some form of away-day.
The Chairperson of the Audit Committee or an external facilitator should, after collating the
responses, lead a discussion on the key points arising from the questionnaire and feed back
any matters of interest, focusing on those areas which clearly need improvement or where
there is great variation in answers. When using a facilitator, care needs to be taken if this
person is in some way conflicted because of the closeness of his or her relationship with the
Audit Committee; for example, a degree of circularity is involved in using internal or External
Auditor, as the Audit Committee has a responsibility to review the Auditor’s performance.
The results of the self-assessment and any action plans arising should be reported to the Board
of Directors after discussion with the Chairperson of the Board of Directors.
The Chairperson of the Audit Committee may wish to tailor this checklist to the specific
circumstances of their organisation, giving more weight to some aspects of the self-
assessment than others. Appropriate weighting will be influenced by a number of factors
including, but not limited to:
• The Audit Committee’s terms of reference.
• The organisation’s strategies and risk assessments.
• The organisation’s risk and control environment.
• The outcomes of previous self-assessments.
• The stage of maturity of the Audit Committee.
• The views of stakeholders on the organisation’s corporate governance performance.
• Current and emerging trends and factors.
The Chairperson of the Audit Committee may wish to adapt the questionnaire such that the
full version is carried out on a cyclical basis, say every three to five years. In the intervening
years, they may choose to evaluate the Audit Committee’s effectiveness by means of a general
discussion around the Audit Committee table, or by using a curtailed form of the
questionnaire.
Professional Development
1. Is an induction programme provided for new Audit Committee members (e.g. the
Audit Committee’s role, terms of reference and expected time commitment by
members; overview of the organisation; and the main operational and financial
dynamics and risks)?
2. Do Audit Committee members receive appropriate and timely ongoing professional
development (e.g. regulatory matters, accounting and financial reporting, audit and
risk)?
• Ensure that the Board of Directors and the management conduct themselves in
accordance with high standards of behaviour?
• Ensure compliance with applicable regulation and best practice
recommendations?
• Ensure the appointment of appropriate individuals to the Board of Directors,
key Committees and senior management positions?
• Ensure appropriate communication with the organisation’s stakeholders,
including the Board of Directors?
• Clearly articulate the organisation’s risk appetite for each material category of
risk?
• Identify, evaluate and monitor key risks facing the organisation (including
financial, strategic and operational – such as failure to attract and retain high-
quality managers, maintaining excellence in management, and unpredictable
government policy – as well as reputational)?
• Enable it to understand how each material risk may impact on the
organisation’s operations and financial condition?
1. Does the External Auditor dedicate appropriately qualified and experienced staff and
resources to the organisation’s audit?
2. Does the external audit partner make appropriate use of their direct access to the Audit
Committee?
3. Are the independence and objectivity of the External Auditor compromised in any
way?
4. Are the nature and extent of non-audit services provided by the Auditor appropriate?
5. Does the external audit plan focus on the organisation’s key risks and controls?
6. Is the external audit plan reviewed and approved by the Audit Committee?
7. Does the Audit Committee have an appropriate dialogue with the External Auditor
regarding major issues arising during the course of the audit, the key accounting and
audit judgements and the levels of errors identified during the audit?
8. Does management respond to external audit recommendations in a timely and
appropriate manner?
9. Does the Audit Committee regularly review the effectiveness of the external audit?