The Audit Cotnmittee Oversight Process

Transcription

The Audit Cotnmittee Oversight Process*
MARK S. BEASLEY, North Carolina State University
JOSEPH V. CARCELLO, University of Tennessee
DANA R. HERMANSON, Kennesaw State University
TERRY L. NEAL, University of Tennessee
1. Introduction
No one really understands how limited an audit committee is in its work. In
big companies it is virtually impossible to know what is going on without relying on management, the internal auditor, and the external auditor.
NYSE audit committee chair
Audit committees are increasingly responsible for the quality of financial reporting
and oversight of the audit processes in U.S. public companies (e.g.. Blue Ribbon
Committee [BRC] 1999; New York Stock Exchange [NYSE] 2004; SarbanesOxley Act [SOX] 2002), but as noted in the quote above, it is often challenging to
provide effective oversight, especially in large, complex organizations. The intense
focus on greater audit committee responsibility has led to a number of studies on
audit committee performance (for reviews of the academic literature on audit committees, see Cohen, Krishnamoorthy, and Wright 2004; DeZoort, Hermanson,
Archambeault, and Reed 2002; and Turley and Zaman 2004). Much of this
Accepted by Michel Magnan. An earlier version of this paper was presented at the 2007 Contemporary Accounting Research Conference, generously supported by the Canadian Institute of
Chartered Accountants. We thank Peter Gleason, Chuck ReCorr, and Hal Shear from the
National Association of Corporate Directors, Ellen Richstone from Financial Executives International, Warren Neel from the University of Tennessee's Corporate Governance Center, and Chris
Rossie and Patrick Taylor from Oversight Systems, Inc. for their help in arranging many of our
interviews. In addition, we appreciate suggestions on the paper and/or interview design from
Larry Abbott, Joe Brazel, Rich Clune, Jeff Cohen, Todd DeZoort, Yves Gendron, Rich Houston,
Lisa Koonce, Paul Lapides, Michel Magnan (editor), John McAllister, John Olson, Gary Peters,
Steve Salterio, Hal Shear, James Tompkins, Amie Wright, two anonymous reviewers, and participants at the 2007 Contemporary Accounting Research Conference. We also thank Doug Carmichael, Tom Ray, and other members of the Office of the Chief Auditor at the Public Company
Accounting Oversight Board for their feedback on the interview questions. We thank Scott Bronson, Jon Hansen, Katherine Hansen, Beverly Hudler, Shelly Kane, Stacy Mastrolia, Fred
Muchunu, Hazel Ryon, and Beth Swang for their assistance in transcribing, tabulating, and coding the interview data. Finally, we thank KPMG's Audit Committee Institute for sponsoring this
study, and Scott Reed and Mark Terrell of KPMG for their unwavering support and encouragement during the process. Most of all, we thank the audit committee members who were extremely
generous with their time in talking with us.
Contemporary Accounting Research Vol. 26 No. 1 (Spring 2009) pp. 65-122 © CAAA
doi:10.1506/car.26.1.3
66
Contemporary Accounting Research
research examines the relation between audit committee inputs (e.g., characteristics such as audit committee member independence, expertise, and diligence) and
financial reporting outputs (e.g., restatements, fraud, and auditor going-concem
reporting).
Although audit committee inputs and their relation to various outputs are
important, the extant literature largely fails to examine the process used by audit
committees as a whole or by individual audit committee members when fulfilling
their oversight responsibilities (Cohen et al. 2004; Gendron, Bédard, and Gosselin
2004; Turley and Zaman 2004, 2007). Turley and Zaman (2004, 324) state, "While
there is some evidence of a correlation between financial reporting characteristics
and govemance arrangements, further research is needed to establish issues relating
to the processes and impact unique to [audit committees]." The authors specifically
call for audit committee research using the interview method to better understand
audit committees' activities. Cooper and Morgan (2008) note that case study
approaches are especially well suited to examining complex behavioral processes
and addressing questions of how and why, and Ahrens and Chapman (2006) discuss
the potential for qualitative research to contribute to theory. Through interviews of
audit committee members, our study directiy responds to such calls for qualitative
audit committee research and offers the advantage of gathering more detailed
information than typically is collected in quantitative research (Patton 1990). I
To enhance our understanding of audit committee oversight, this paper provides extensive information about the audit committee process obtained through
in-depth interviews of 42 individuals actively serving on U.S. public company
audit committees. Our evaluation of the interview results is framed in part by the
tension between the agency theory (e.g.. Fama and Jensen 1983; Jensen and Meekling 1976) view of the audit committee as an independent monitor of management
versus the institutional theory view that audit committees may often be primarily
ceremonial in nature, with a focus on providing symbolic legitimacy but not necessarily vigilant monitoring (Cohen, Krishnamoorthy, and Wright 2007b; Spira
2002). This study addresses these often competing theories by examining the question "Do audit committees appear to provide substantive oversight of financial
reporting, or do they appear to be primarily ceremonial bodies designed to create
legitimacy?"
We find that many audit committee members strive to provide effective monitoring of financial reporting and seek to avoid serving on ceremonial audit committees.
However, within six specific audit committee process areas we find evidence of
both substantive monitoring and ceremonial action, such that neither agency theory
nor institutional theory fully explains our results. We also find that many responses
vary with personal and company characteristics, with particularly notable differences related to audit committee members' accounting expertise and time of
appointment to the audit committee (pre-SOX versus post-SOX).
This paper is organized as follows. The next section provides background
information and the motivation for the present study. We describe our research
method in section 3. Section 4 presents our overall findings, and section 5 describes
the supplemental analyses. In section 6 we provide discussion and conclusions.
CAR Vol. 26 No. 1 (Spring 2009)
The Audit Committee Oversight Process
67
2. Background and motivation
The role of the audit committee
The Sarbanes-Oxley Act (SOX 2002, section 2) defines an audit committee as "a
committee (or equivalent body) established by and amongst the board of directors
of an issuer for the purpose of overseeing the accounting and financial reporting
processes of the issuer and audits of the financial statements of the issuer". A competent, committed, independent, and tough-minded audit committee has been
described as "one of the most reliable guardians of the public interest" (Levitt
2000, 5).
Expectations related to audit committees continued to expand throughout the
1990s and early 2000s as financial reporting scandals unfolded. Many believe
those expectations have sky-rocketed as a result of SOX 2002 and through subsequent changes in audit committee regulations (e.g., NYSE 2004). KPMG's Audit
Committee Institute (2003a, 2) states:
Today, as never before, the role, responsibility, and accountability of the audit
committee continue to be the focus of lawmakers, regulators, and shareholders.
The audit committee's role in overseeing a company'sfinancialreporting process, including the audits (and auditors) of thefinancialstatements, is more
visible and demanding.
The importance ofprocess: The Hollinger case
Because we seek to provide insight into the audit committee process, an important
question is, "Does the audit committee process truly matter?" We believe that the
recent corporate governance disaster at Hollinger International Inc. provides compelling anecdotal support for the importance of the audit committee process.
Hollinger's audit committee had three financially literate members, each with significant public company director experience and impressive professional credentials.
The members included a former governor/law firm chairman, a former ambassador/
investment banking and consulting firm chairman, and a senior fellow of an institute.
According to recent trial testimony {United States v. Conrad Black, John Boultbee,
Peter Atkinson, and Mark Kipnis [Hollinger case] 2007), each of the audit committee
members was considered "independent", and the audit committee met several times
each year (typically at least four times in person, with ¡additional meetings by phone).
Despite the impressive audit committee membership and meeting schedule, trial
testimony {Hollinger case) and the Hollinger board's special investigation report
(Paris, Savage, and Seitz [Paris report] 2004) reveal apparent deficiencies in the audit
committee's oversight process. These deficiencies allowed key executives to "line
their pockets at the expense of Hollinger almost every day, in almost every way they
could devise" (Pads report 2004, 2). The Paris report (2004, 4) asserts that two key
executives stole essentially all of the company's profits over a seven-year period.
The trial testimony and the Paris report reveal numerous apparent concerns
regarding the audit committee process that are relevant to certain audit committee
process areas examined in the present study (see section 3, "Method"):
CA/f Vol. 26 No. 1 (Spring 2009)
68
1. Acceptance and continuance of due diligence processes: According to trial testimony, the Hollinger chief executive officer (CEO) "bumped into" an individual
he knew on a New York City street and invited him to the join the Hollinger
board. That person joined the board and audit committee. As part of the subsequent Hollinger trial, that audit committee member testified that before joining
the board, he did "not really" receive any information about what his board
duties would entail. The Paris report (2004, 28) asserts that the board was
selected by the CEO and "functioned more like a social club or public policy
association".
*
2. Selection of audit committee nominees: According to trial testimony, although
all three audit committee members were financially literate, no committee
member was considered to be an audit committee financial expert.
3. Audit committee meeting processes: According to trial testimony, (a) in one
instance, the portion of an audit committee meeting devoted to complex
related-party transactions lasted for only a few minutes, and the committee
members had no comments or questions whatsoever; (b) audit committee meeting agendas were not always prepared, and if they were, they were prepared by
a member of management; (c) one audit committee member testified that the
committee did not always receive niaterials before an audit committee meeting; and (d) the audit committee relied on management to bring related party
transactions to the committee's attention. The audit committee chair relied
heavily on management, testifying that he relied "on the members of management who dealt with the Audit Committee to advise us of anything that should
be brought to our attention" (Thompson testimony. May 1, 2007, 30). Another
member testified, "we would really rely to a great deal on management in discussing [public filings] with management to point out important elements of
those disclosures to us" (Burt testimony, April 24, 2007, 9). The audit committee chair testified that he reviewed draft financial filings by "skimming" them
and admitted that he should have read the filings. Similarly, the Paris report
(2004, 14-5) asserts that the audit committee approved management fees without understanding the effect on top executives' compensation, yet the audit
committee failed to demand the information necessary to evaluate the situation.
The audit committee failed to ask questions, failed to be skeptical, and failed
to gather independent information (Paris report 2004, 33-4).
4. Audit committee oversight of the financial reporting process: The audit committee chair testified that he "trusted" management. Another member testified,
"It never occurred to me to check [the truthfulness of management's statements] ... I always assumed ... that management was giving us a full and
complete description of the affairs of the company" (Burt testimony, April 24,
2007, 10). The Paris report (2004, 36) asserts that the audit committee put too
much faith in management's integrity and did not "Trust, but verify". The audit
committee continued to rely on management's assertions even after there was
evidence of questionable management integrity (Paris report 2004,505).
69
On the basis of the information above, it appears that the Hollinger audit committee, despite its impressive membership and meeting schedule, had a deficient
process in place. Specifically, there are fundamental concerns with the selection of
audit committee members (the role of the CEO, the lack of accounting expertise),
the audit committee meeting process (time spent on important issues, agenda setting, information now, reliance on management, and review of information), and
the propensity to trust management. We believe that such process characteristics
can contribute to corporate disasters, and each of these process elements is
addressed in our interviews with audit committee members.
Theoretical foundations
There are several, often competing but sometimes complementary, theories with
regard to corporate governance and audit committees (e.g., Cohen, Krishnamoorthy, and Wright 2002, 2007b; Kalbers and Fogarty 1998). The finance (agency)
view (e.g.. Fama and Jensen 1983; Jensen and Meckling 1976) holds that the board
and audit committee are in place to monitor management, who otherwise may act
in their personal best interest and not in the interests of the principal (e.g., shareholders). Thus, the board and audit committee's independent members monitor
management to prevent opportunistic behavior by management. This perspective is
the predominant view of the role of corporate governance in the academic accounting literature.
Alternatively, an institutional theory (e.g., Scott 1987) view of governance in
the academic accounting literature considers changes in organizational processes
over time (Cohen et al. 2002, 2007b) and how governance structures "fulfill ritualistic roles that help legitimize the interactions among the various actors within the
corporate governance mosaic" (Cohen et al. 2007b, 11). Under this view of governance, audit committee processes may become more similar over time (Barreto
and Baden-Fuller 2006; Dacin 1997; DiMaggio and Powell 1983), as organizations
are coerced to become similar through regulation (such as SOX), by following
"best practices", or by mimicking other organizations to enhance their legitimacy
(Cohen et al. 2007b).
Kalbers and Fogarty (1998, 131) state that under this view, "organizational
structures ... become symbolic displays of conformity and social accountability"
(also see Spira 1999 and DiMaggio and Powell 1983). In other words, some governance activities and structures may be primarily driven by a desire to foster
legitimacy; therefore, the activities and structures are primarily ceremonial and
serve as symbols of effective oversight. Cohen et al. (2007b) note that the auditor
bears great responsibility for reliable financial reporting when the audit committee's role is primarily ceremonial, although the committee's symbolic efforts can
lead to effective questioning of management.
Ceremonial efforts may not be closely related to how a given task is actually
accomplished (e.g., to the extent that true monitoring and oversight take place,
these activities may not occur during the ceremonial meetings) — that is, there is
only a "loose coupling" between the ceremonial actions and claims of audit committee effectiveness (see Fogarty and Rogers 2005). Scheid-Cook (1990, 189)
70
states, "Loose coupling in organizations implies that structure and process are
loosely connected with organizational goals." Scheid-Cook (1990, 190) also states
in her study of ritual conformity in community mental health centers, "any controls
over the output of [community mental health centers] that do exist are largely ritual.
That is, existing output controls serve to legitimate the [community mental health
center's] use of [outpatient commitment], but have little or no bearing on organizational effectiveness." In other words, the formal control structures of the community mental health center are only loosely coupled with its technical activities.
Returning to the audit committee setting, under the institutional theory view, audit
committee activities may be only loosely coupled with claims of audit committee
effectiveness, such that the formal audit committee activities are primarily
ceremonial/ritualistic and designed to create legitimacy outside the organization.
A third view of governance, resource dependence, asserts that the board's
primary role is to assist management with strategy and resource acquisition
(Cohen et al. 2007b; Nicholson and Kiel 2007). The board's role is that of helper or
partner, rather than monitor of management. Cohen, Krishnamoorthy, and Wright
(2007c) find that auditors consider both traditional agency variables and resource
dependence variables when evaluating corporate governance for the purpose of
audit planning.
Fourth, stewardship theory presumes that managers are honest, capable stewards of the company's resources (Nicholson and Kiel 2007). Accordingly, the focus
is on inside directors' ability to promote shareholder value through their superior
knowledge of the company.
Finally, the managerial hegemony theory asserts that management simply
chooses friends to serve as passive directors who derive all of their information
from management (Cohen et al. 2007b). The board then becomes purely symbolic
and consistently supportive of management, even when the members appear to be
independent directors. Under such a view, the audit committee is completely under
management's control and offers virtually no monitoring at all.
To summarize, agency theory emphasizes directors as independent, vigilant
monitors of management; institutional theory emphasizes the symbolic/ceremonial
role of governance structures where legitimacy is paramount and formal processes
are only loosely coupled with true monitoring; resource dependence theory focuses
on the board's efforts to assist management with strategy and resources; stewardship theory presumes that managers are honest; and managerial hegemony asserts
that the audit committee will be weak and under management's control. Consistent
with Kalbers and Fogarty 1998, of primary interest as we consider the interview
results below, are agency theory (the audit committee as a strong, substantive, active
monitor) and institutional theory (the audit committee as a ceremonial entity with
less substantive monitoring). Given the nature of the audit committee's oversight
role (SOX 2002), we expect the audit committee to be most heavily focused on
actual monitoring (agency theory) or on creating legitimacy by engaging in appropriate ceremony and ritual (institutional theory, Spira 2002).'
71
Research on audit committees
Much of the research on audit committees examines the relation between audit
committee inputs (e.g., independence, expertise, or diligence) and financial reporting outputs (e.g., abnormal accruals) (Klein 2002; Bédard, Chtourou, and Courteau
2004); restatements (Abbott, Parker, and Peters 2004; Agrawal and Chadha 2005);
fraudulent financial reporting (Beasley, Carcello, Hermanson, and Lapides 2000);
going-concern reports (Carcello and Neal 2000); auditor changes (Carcello and
Neal 2003); and stock price reaction (DeFond, Hann, and Hu 2005)). These studies
generally find that a more independent, expert, and diligent audit committee is
associated with higher quality financial reporting and auditing. However, because
these studies examine publicly available measures of audit committee inputs
(mainly through corporate proxy statements) and outputs (available in published
financial statements. Securities and Exchange Commission [SEC] filings and
enforcement actions, or quoted stock prices), the process by which the audit committee contributes to improvements in financial reporting and auditing has been
largely unexamined.
To the best of our knowledge, the only studies that examine audit committee
processes for overseeing financial reporting are Gendron et al. 2004; Gendron and
Bédard 2006; Spira 1999, 2002; Turley and Zaman 2007; and Cohen, Krishnamoorthy, and Wright 2002, 2007a. Gendron et al. (2004) examine the activities in
audit committee meetings for three Canadian public companies by interviewing
nine audit committee members and 13 other individuals in 2000 and 2001 (e.g.,
CEO, chief financial officer [CFO], intemal auditor, external auditor). They find
that audit committee members place significant attention during their meetings on
financial statement accuracy and appropriate wording, intemal controls, and audit
quality. They also conclude that a key role of the audit committee is to ask challenging questions of management and auditors.
Gendron and Bédard (2006) explore the process by which audit committee
members develop a definition of "audit committee effectiveness". The authors supplement the data from Gendron et al. 2004 with interviews of three audit committee
chairs in 2004. Gendron and Bédard (2006) find that audit committee members'
notions of effectiveness come from their reflecting on audit committee processes
and results, with variation across individuals in the definition of effectiveness and
in the confidence that effectiveness is being achieved in a certain area. The authors
also find that post-SOX, the "chairpersons' sense of audit committee effectiveness
was not fundamentally fractured" (2006, 235).
Spira (1999, 2002) interviews 21 individuals, including audit committee
chairs, finance directors, and auditors, in the United Kingdom during 1994-96.
She focuses particular attention on the ceremonial nature of audit committee activities and on the audit committee as a seeker and provider of comfort regarding
financial reporting. Comfort is obtained from various parties, such as the finance
director and auditors, and comfort is provided to financial statement users.
Turley and Zaman (2007) use a case study approach, interviewing nine individuals at one U.K. company, including the audit committee chair, intemal and
extemal auditors, and management. They find that tbe audit committee's greatest
. 26 No. 1 (Spring 2009)
72
impact comes through informal processes and the committee's effect on power
relationships among other governance participants. For example, this particular
audit committee tends not to ask difficult, probing questions during committee
meetings, but it infiuences governance outcomes through informal meetings with
auditors and through serving as an ally to the auditors.
Cohen et al. (2002) interview 36 auditors regarding the influence of corporate
governance on the audit process, including the role played by the audit committee.
They find that auditors perceive management to be "the primary driver of corporate
governance" (573). Many of the auditors view audit committees as weak and ineffective.2 Cohen et al. (2007a) update their 2002 study by interviewing 38 auditors
in the post-SOX period. They find that auditors perceive audit committees to be
more diligent, active, expert, and powerful post-SOX.
MotiviUion
Spira (2002) and Turley and Zaman (2004, 2007) specifically call for additional
qualitative research on the audit committee process to increase our understanding
of the linkages between audit committee inputs and outcomes, particularly those
related to financial reporting and internal control. Patton (1990,14) states that relative to large-sample quantitative research, "[Q]ualitative methods typically produce a wealth of detailed information about a much smaller number of people and
cases. This increases understanding of the cases and situations studied."
Gendron et al. (2004), Gendron and Bédard (2006), Spira (1999, 2002), and
Turley and Zaman (2007) offer important insights into the audit committee process
(and Cohen et al. (2002, 2007a) examine auditor perceptions of audit committees),
and many of these studies are based on pre-SOX data from Canadian or U.K. companies. Our paper is based on interviews with 42 U.S. public company audit committee
members in the post-SOX environment. DeZoort, Hermanson, and Houston (2008)
indicate that certain audit committee members in the post-SOX period are more
conservative (more supportive of the auditor in auditor-management disagreements) and more concerned about financial reporting accuracy than in the pre-SOX
period. In addition, Cohen et al. (2007a) find that auditors believe that audit cornmittee members are more diligent, active, expert, and powerful post-SOX. As a result,
the nature of audit committee oversight may be different post-SOX than pre-SOX.
3. Method
The goal of our study is to provide detailed insights into the audit committee process. We use the interview method to gather such insights, because this method
allows us to explore issues that are difficult to examine using archival methods. For
example, archival research provides insights into obvious threats to audit committee
member objectivity, such as those revealed by the member's employment history.
However, the interview method can reveal more subtle threats to objectivity, such
as those arising from personal friendships with management that may not be identified through archival methods.
We organized our interviews around six audit committee process areas (see the
appendix for the six areas and for the specific research questions). These process
73
areas are consistent with several elements of the KPMG Audit Committee Institute's Building a Framework for Effective Audit Committee Oversight 2003b.3 We
explore audit committee member responses to specific questions surrounding the
six audit committee process areas. We used several sources of information to
design our questions, including (a) our prior experiences working with auditors
and audit committees, (b) the professional literature (e.g., auditing standards, SOX,
SEC rules), (c) the academic literature (e.g., DeZoort et al. 2002), (d) discussions
with two sitting members of one or more public company audit committees, and
(e) discussions with standard-setters and regulators.'*
Following the approach used in Graham, Harvey, and Rajgopal 2005, we
solicited feedback on our interview questions from several academic researchers
and current audit committee members. We pilot tested the questions and our interview approach on three sitting audit committee members. We modified the
research instrument and our interview approach on the basis of feedback from our
pre-test and our pilot testing.
Our study is based on interviews with 42 individuals currently serving on at least
one public company audit committee.^ Several individuals were identified through
the assistance of the KPMG Audit Committee Institute, the National Association of
Corporate Directors, and the Boston chapter of Financial Executives International
(sometimes through emailed solicitations to their members). Others were identified
through our personal and university-related contacts.^
Interviewees are located in cities across the United States. As a result, 20 of
the interviews were conducted in person, while 22 interviews were conducted by
telephone.^ We used a standardized interview script to guide all of the interviews:
this script was designed so that questions were asked in relatively short parts, thus
making it easy to record the details of the responses. There were no differences in
interview questions for those conducted in person versus those conducted by
telephone.
In performing the interviews, we drew heavily from the approaches used by
Hirst and Koonce 1996 and Cohen et al. 2002. Generally, one member of our
author team made the inquiries and took detailed notes of responses, while a second
author or graduate student created a separate set of detailed notes (Nicholson and
Kiel 2007).^ The audit committee members were told that their responses would be
held in strict confidence. In order to encourage candid responses and to fully protect
the anonymity of the interviewees, we did not tape record the interviews (consistent
with Nicholson and Kiel 2007), nor did we record the names of the audit committee
members or the companies they serve in our data set. We believe that these measures
were necessary to allow us access to public company audit committee members in
the immediate post-SOX period, a time of great focus on audit committees and significant concerns about audit committee member liability. All of the interviewees
provided their informed consent. Given the specificity of many of the responses we
received, we believe that the audit committee members were candid in their
responses.
Despite the use of a script to guide our interviews, the interview approach was
semi-structured — that is, "when questions took us down an important path, we
CA/? Vol. 26 No. 1 (Spring 2009)
74
pursued them before returning to the planned interview materials" (Hirst and
Koonce 1996, 460). We began by collecting demographic data and then proceeded
with questions related to our six process areas. Our first set of questions addressed
due diligence processes performed by individuals before they agreed to join or
stand for reelection to a board, given that board and audit committee service are
interconnected. The second set of interview questions was specific to a particular
audit committee and addressed the other five areas of audit committee process
examined in this study. For this set of research questions, we generally asked the
audit committee members to base their responses on the largest public company audit
committee on which they currently serve (and had served for at least one year).
The interviews were conducted from February 2004 through February 2005
and lasted approximately 90 minutes on average, with the shortest interview being
45 minutes and the longest 180 minutes. After each interview, one of the authors
transcribed (typed) our notes. The other author present at the interview checked the
transcription of the notes and compared them with the other set of notes (see Salterio and Denham 1997).9
We borrowed heavily from parts of Gibbins, Richardson, and Waterhouse
1990 (139-40) in developing a coding scheme to categorize and summarize the
information gathered during the interviews. We analyzed the interview transcripts
to create a vocabulary for discussing audit committee activities and processes.
More specifically, we (a) selected one of the typed transcripts as the first case to be
analyzed, (b) highlighted significant words or phrases in the transcript,'" (c) sorted
the highlighted words or phrases into categories on the basis of similarity, and
(d) iterated through the accumulated categories to identify more general categories
permitting us to combine certain initially identified categories. Using this coding
scheme (which was influenced by the nature of the responses we received), we developed 438 unique categories that captured the audit committee members' responses.
Two different graduate students assigned the audit committee members' responses to
these categories, each working independently. The mean intercoder agreement for
these 438 items is 94 percent, and the mean Kappa statistic is 0.78 {p < 0.01).'•
4. Findings
Table 1 presents background information on the interviewees, who have extensive
financial and public company audit committee (AC) experience. The interviewees
serve on audit committees across a broad range of company sizes (median revenues
are $1.5 billion) and industries.'2
To provide an initial overview of the results. Table 2 presents information on
the range of responses within each of the six process areas. Within each of the
areas, we find responses reflecting activities that range from substantive, meaningful oversight to less substantive, ceremonial action that is only loosely coupled
with claims of audit committee effectiveness.
The remainder of this section provides detailed analyses of audit committee
responses to our interview questions related to the six key audit committee process
areas. The amount of data we obtained through these interviews is quite extensive.
As a result, we describe key findings related to each of the six process areas, and
75
we encourage readers to carefully examine the tables. Where possible, we supplement the results with insights from individual audit committee members, relate our
findings to previous research, and assess whether the results are consistent with
agency theory (substantive audit committee monitoring) or institutional theory (the
audit committee as a ceremonial entity whose activities are loosely coupled with
claims of audit committee effectiveness).
TABLE 1
Background infonnation on interviewees*
Percent
Panel A: Percentages
Gender
Male
Female
31
11
74
26
15
36
19
19
8
4
4
4
45
45
19
10
10
10
Professional certification
Certified public accountant
Professional experience in finance or accounting
Chief financial officer
Public accounting experience
General management
Accounting professor
Controller
Regulator
Panel B: Means
Age
Cumulative governance experience
Years of corporate audit conMiiittee experience
Corporate audit committees served in career
Current service on public company audit
committees (ACs)
Number of public company audit committees
now served
Number of audit committees where they are a
financial expert
Number of audit committees where they are
the chair
Number of years serving as the AC chair
(n = 27)
Revenues (in millions) of audit committee
company (n = 41)
Mean
Minimum
. Maximum
58.5
48
73
8.2
3.2
1
1
20
9
1.8
1
5
1.5
0
5
1.1
0
4
4.4
1
18
$6,688
$15
$130,000
(The table is continued on the next page.)
76
TABLE 1 (Continued)
Panel C: Industry distribution
Packaging, logistics, and transportation
Retail
Technology
Financial services
Media and telecommunications
Health care
Manufacturing
Other
Total
.
6
,ß
.g
4
4
;3
;3
10
^
Note:
The statistics in this table are based on the full group of 42 interviewees, unless
otherwise noted.
AC process area 1 : Acceptance and continuance due diligence processes
\
Given the legal risk (Veasey 2005) and reputational risk (Srinivasan 2005) faced by
board and audit committee members in the current environment, we examine due
diligence processes performed by potential audit committee members in evaluating
their decision to serve on a board. As shown in panel A of Table 3, we find that
audit committee members generally perform significant due diligence before
accepting a board/audit committee position. Audit committee members often
review documents, conduct interviews, and carefully assess management integrity
and their personal comfort level:'3
"
i
Always do some form of due diligence. I first want to determine if I have the
knowledge necessary to serve on that particular company's board (e.g., industry) and whether I have the capacity (time) to be able to serve effectively.
Often my involvement starts because of some relationship I have with a large
investor or senior executive — that is often what initiates contact with me. I
want to be knowledgeable about senior management — want to know who
they are and what they are like. I want to gain some sense of management's
ethical makeup. I also examine recent public filings of the company and talk to
one or two other directors currently serving — to gain a sense for the company
and management style as well as how the board actually operates. I also try to
talk with large investors.
NASDAQ audit committee chair
I am constantly going through the due diligence process — every meeting, filing,
and transaction is a learning process. I ask: (1) Is this a company that I want to i
be associated with?, (2) Am I adding value and serving the shareholders well? :
and (3) Do I want to continue my association with this company?
1
¡
77
These perspectives are consistent with Spira's 2002 (156) notion of audit committee members' "continuing preoccupation with the provision and maintenance of
comfort". In addition, regarding integrity, a NYSE audit committee member told
us that a prospective board member "better have faith in management's integrity,
especially that of the CEO. Otherwise, the liability risk is just too great."
TABLE 2
Summary of substantive versus ceremonial activities
Process area 1 : Acceptance and continuance due diligence processes
• Substantive: extensive due diligence before joining the board and audit committee
• Ceremonial (5%*): very little due diligence before joining the board and audit
committee
Process area 2: Selection of audit committee nominees
• Substantive: chosen for audit committee due to accounting expertise and belief that
person would be outspoken
• Ceremonial (19%): chosen for board/audit committee due to personal relationship
with management
Process area 3: Audit committee meeting processes
• Substantive: risk-driven agendas set by audit committee chair, heavy audit committee
involvement in information packet development, information packet received well in
advance of each meeting, frequent interaction between meetings
• Ceremonial (43%): agendas driven by management, little audit committee
involvement in information packet development, information packet received just
prior to each meeting, little interaction between meetings
Process area 4: Audit committee oversight of the financial reporting process
• Substantive: heavy audit committee involvement in accounting policy choice and
accounting alternatives, extensive audit committee analysis of estimates and
judgments, audit committee responsible for fraud risk assessment, active audit
committee assessment of fraud risk and management integrity
• Ceremonial (31%): minimal audit committee involvement in accounting policy choice
and accounting alternatives, no audit committee analysis of estimates and judgments,
audit committee not responsible for fraud risk assessment, audit committee complete
reliance on auditors for assessment of fraud risk
Process area 5: Oversight of the internal and external audit processes
• Substantive: audit committee truly oversees the internal audit function and has
extensive formal and informal contact with internal audit, audit committee has
extensive contact with and oversight of external audit, including gathering significant
information to evaluate auditor performance
• Ceremonial (31%): internal audit really reports to management and has little or no
contact with the audit committee outside of audit committee meetings, audit
committee has limited contact with and oversight of external audit and gathers no
information to evaluate auditor performance
l. 26 No. 1 (Spring 2009)
78
TABLE 2 (Continued)
Process area 6: Other audit committee activities
;
• Substantive: audit committee formally benchmarks against leading practices, audit
committee is heavily involved in the code of conduct, audit committee does not get
too comfortable
'.
• Ceremonial (19%): audit committee does not benchmark against leading practices,
audit committee is not involved in the code of conduct, audit committee is too
comfortable with management •
Note:
The ñ-equency information for ceremonial activity is based on the percentage of •
participants indicating a ceremonial approach to at least one of the listed activities
within a process area. Within process areas 4 and 5, some questions were not
asked of all participants (see Tables 6 and 7).
;
A number of audit committee members indicated that some companies are
looking for independent directors in name only. The executives want to be able to
point to their independent directors, but they do not really want vigilant monitoring
of their actions:
'
The big question is are there any integrity issues? Any baggage? Do they want
to do things right? Will management and the board be stable? I want to avoid
show and tell meetings. Avoid cases where they want your name, but no
substance.
This audit committee member is trying to avoid situations where management wants
the audit committee to be merely ceremonial. As a NYSE audit committee chair
said, "I will only go on the board if the CEO and CFO take governance seriously."
We also asked why a prospective board member would decline to serve on a
board or would resign from a board where he or she was already serving. Our findings are presented in panel B of Table 3. Management integrity issues dominate,
followed by time constraints, inability to contribute, and concerns about management's commitment to sound governance. A NASDAQ audit committee chair
stated:
i
If management's attitude toward the role of the board and the attitude of other
board members regarding the board's responsibility are not acceptable, I
would decline or leave. I don't want to be the Lone Ranger on the board. ...
I left a board due to not feeling like other board members felt like their responsibility was as serious as I felt it should be — they appeared too self-serving. I
also left because I didn't think I made a good match for the board. I have
declined several invitations. For some, I felt I wasn't qualified. For others, I
declined because I felt like management didn't get what board responsibilities
'
i
'
'¡
79
TABLE 3
AC process area 1: Acceptance and continuance due diligence processes*
Panel A: Acceptance and continuance
«
Steps taken before agreeing to join the board or audit committee
Meet with or talk to the following people
Existing board members
CFO
Extemal auditor
CEO
Unspecified senior management
In-house counsel
Read/review the following documents
SEC filings (including financial statements)
Directors' and officers' insurance
Litigation
Company websites
Take the following actions
Talk to colleagues, including assessing reputation of
company and management
Understand the company's business and industry
Analyze financial health of the company
Analyze long-term strategic plan of the company
Assess composition and reputation of the current board
Make sure board service poses no conflict with employer
Make the following assessments
Can he or she make a contribution to the board?
Are there any integrity issues with management or the
board?
Steps taken when agreeing to continue on the board or audit
committee
Make the following assessments
Are there any integrity issues with management or the .
board?
Does he or she still have a good comfort level?
Is he or she still making a contribution to the board?
How has management handled board suggestions/advice?
How effective is the board and its committees?
Is the time commitment required still acceptable given his
or her schedule?
No specific actions taken
How often does he or she make this evaluation regarding continued
service (n = 37)?
Continuously
Periodically (e.g., when up for reelection)
As needed (e.g., when an issue arises)
Percent
23
17
17
16.
16
11
55
40
40
38
38
26
26
10
8
6
62
24
19
14
16
10
4
4
4
4
38
24
10
10
10
10
•
12
29
10
24
14
11
11
7
6
33
26
.26
17
14
5
7
12
. 17
29
6
2
78
16
5
CARVol 26 No. 1 (Spring 2009)
80
TABLE 3 (Continued)
Panel B: Declining or leaving
—
n
Percent
„ ^
I
Reasons he or she would decline to serve or leave a position on
the board or AC
.
Management issues
Concerns about management credibility and/or integrity or
witnessed fraud, illegal acts, or unethical conduct
Lack of open/honest communication between management
and the board
Independent directors are not desired and the corporate
governance system is not taken seriously
Top management is not supportive of financial reporting or
conu-ols
Individual director issues
Excessive time and/or travel demands
Inability to contribute
Lack of business and industry knowledge
;
i
i
I
24
57
7
17
i
i
6
i;4
5
12
13
10
7
3'l
2'4
17
¡
15
3'6
11
26
4
3
2
36
27
18
Number of directors who have declined an invitation to serve
on a board
Number of directors who have resigned from a board
Reasons given for why they resigned from a board (n = 11)
Time demands
Board is not effective
Lack of compatibility with the CEO
Note:
~
"
^
\
The statistics in this table are based on the full group of 42 interviewees, unless i
otherwise noted.
.
i
I
really were — they didn't take board responsibility seriously. I also have |
declined when I felt like management's attitude for what they were looking for I
in a board member was primarily driven by their desire for form over substance, i
Overall, the interviewees appear quite committed to due diligence efforts so
that they can avoid being associated with a problem company. It appears to us that
many prospective audit committee members approach a board invitation with a
default response of "no" and must be convinced to say "yes". Thus, most of the
audit committee members we interviewed apparently favor an agency view of
the audit committee, where they are engaged to provide monitoring of management, as opposed to serving only in a ceremonial role reflective of institutional
theory. (Similarly, Spira (2002, 69) notes that participants in her interviews "did
not want audit committee meetings to be described as ceremonial".) Howevej-, it
appears that the audit committee members we interviewed have encountered m'anagement teams with a loosely coupled view of governance (ceremonial boards and
audit committees), and they try to avoid such managers.
i
*
'.
81
AC process area 2: Selection of audit committee nominees
Because we are interested in learning about company-specific audit committee
processes, we generally asked the interviewees to describe processes related to the
largest public company audit committee where the interviewee had served for at
least one year. Tbe remainder of this paper addresses the interviewees' experiences
with one public company audit committee.
Table 4 presents information on how the audit committee member was identified
for board service and why he or she was asked to serve on the audit committee.
Many audit committee members were identified for audit committee service
because of their previous contact with management or other directors.'"* Consider
the following perspectives that raise questions about the degree of arms-length
monitoring that may take place:
I was friendly with the CEO of the company. Our kids were in the same
schools, and our wives were friends. The previous CEO perpetrated a major
fraud in this company. My friend became the new CEO, and he had to rebuild
the board. I was asked to join the board.
NYSE audit committee member (joined board pre-SOX)
The CFO suggested that I join the board. The CFO is a personal friend. Long
ago I served on the company's audit engagement (35 years ago). The CFO
wanted myfinancialexpertise.
NASDAQ audit committee chair (joined board post-SQX)
In some cases, tbe selection of directors is consistent with managerial hegemony
(get friends on tbe board) or institutional theory (have independent directors for
legitimacy, but tbe directors' true objectivity is suspect).
Thus, there is an interesting contrast in the first two process areas. Audit committee members appear to want to engage in meaningful monitoring (tbey want tbe
company to take govemance seriously); however, many of them were selected for
board service due to previous relationships that may call their objectivity into question. In addition, some prospective board members gain comfort from knowing
current board members. A NASDAQ audit committee chair stated, "If you don't
know people on the board, it is not possible to do enough due diligence."
By far the most common reason for being asked to serve on the audit committee is the interviewees' financial or accounting expertise.'^ This is consistent with
Gendron and Bédard's 2006 finding that financial and accounting backgrounds are
considered critical to audit committee effectiveness (also see Spira 2002). Also,
some interviewees were appointed to the audit committee because of their industry
background or expertise. The following perspectives elaborate:
My background as a CFO and auditor led to my audit committee service. In
addition, no other board member wanted to serve on the audit committee.
82
'•
I was the only person on the board with financial experience and with experi- i
ence in the industry. I was operationally stronger in finance and with industry i
knowledge. Knowledge of the industry was a big plus.
•
NASDAQ audit committee chair '
AC process area 3: Audit committee meeting processes
'
Audit committee meeting number and length
\
Panel A of Table 5 presents information about the number and length of typical
audit committee meetings. Meeting frequency now averages approximately 10
meetings per year.'6 One audit committee member stated:
\
TABLE 4
AC process area 2: Selection of audit committee nominees
I
n
Did the nominee have significant previous contact with executive
management before being approached to serve on the board?
No
Yes
Did the nominee have any personal ties to management or
board members?
No
Yes
Identified to serve on the board because of financial expertise
Identified to serve on the board because of industry expertise
How was the nominee identified to serve on the board?
Previous interaction with management of the company
Management (including the CEO) knew the nominee
Chair of the board knew the nominee
Founder of the company knew the nominee
Previous experience with other board members
Some of the other board members knew the nominee
Served on another board with members of this board
Identified by the governance committee or by an outside
•
group
•
.
!
!
25
17
Factors that led to being appointed to the audit committee
Financial or accounting background/expertise
Industry background/expertise
60
40
1
28
14
67
33
6
14
5
12
1
i
9
3
25
3
• •
Identified by an executive search
firm
•
•
Representing a large investor in the company or a creditor's
committee
'
.
.
Recommended by an accounting firm and/or law
firm
Percent
2'l
7
5
¡
12
7
I
, '
5 •
4
3
12
'
lo
7
28
6
i
67
l4
83
We meet 12 times in total plus two or three miscellaneous calls. Four times a
year we hold conference calls with CEO, CFO, external auditor. General
Counsel, and full audit committee. The primary purpose of these calls is to go
over the press release before it is released. We usually get a draft of the press
release in advance of the call. Four times a year we meet face-to-face or via
teleconference to review the 10-Q and 10-K prior to their issuance. Four times
a year we meet as an audit committee in conjunction with a full board meeting
generally in the aftemoon or evening preceding the full board meeting. Generally the external auditor is always a part of these meetings.
A number of audit committee members told us tbat meering length has
increased dramatically post-SOX. For example, one NYSE audit committee member
indicated that the meetings used to last for 90 minutes; however, recently the meetings have lasted for approximately five hours, an experience the committee member
described as "awful" (apparently due to the extreme length of the meetings). Some
audit committee members told us that they hold their meetings the night before
board meetings so that no artificial limits are placed on the length of the committee's meeting (consistent with Spira 2002), and many audit committees often meet
without management present.
Given that we did not attend audit committee meetings, we cannot assess the
substance of the meetings. However, it appears to us that many of the audit committee members are committed to meaningful, substantive meetings, consistent
with an agency perspective. Similarly, Gendron et al. (2004, 168) conclude, "audit
committee meetings are not mere rituals devoid of interest to managers and auditors"
(also see Gendron and Bédard 2006).
Audit committee meeting agenda setting
Most proponents of audit committee reform argue that effective boards and audit
committees sbould set their own agendas and determine the types of information
that they want to review before meetings (National Association of Corporate Directors [NACD] 1996). In fact, some have noted that the usurpation of these responsibilities by senior management at Enron and WoridCom contributed to the financial
frauds at those entities (Batson 2003; Breeden 2003). A similar concem was noted
at Hollinger International Inc. (Paris report 2004), and Gendron and Bédard (2006)
and Spira (2002) note that management can influence the agenda or information
fiow to its advantage. We asked a series of questions to learn more about the
agenda-setting processes for audit committee meetings (see panel B of Table 5).
Agendas typically are set well in advance of the meeting, and the audit committee chair often sets the agenda, with input from the CFO and other committee
members, consistent with Spira's 2002 finding that the agenda is driven by the
finance director and audit committee chair. Three individuals described this process
as follows:
CA/? Vol. 26 No. 1 (Spring 2009)
84
TABLE 5
AC process area 3: Audit coinmittee meeting processes*
Panel A: Number and length
Number of audit committee meetings each year
Face-to-face meetings
Telephone meetings
Length of typical audit committee meeting
(in minutes)
Normal face-to-face meetings
Special face-to-face meetings (n = 6)
Telephone meetings (n = 21)
Mean
10.1
5.1
5.0
Minimum
Maximum
4
3
0
30
11
20
1
1
j
197.5
177.5
85.0
How often does the audit committee meet
without management present (n = 41)?
Every AC meeting
Every face-to-face AC meeting
4 - 6 times per year
Less than 4 times per year
90
90
30
420
360
n
16
19
Percent
5
1
Panel B: Agenda
no
j
3?
46
•
1
12Í
Percent
Setting the agenda for audit committee meetings
When is the agenda set? {n = 27)
5-7 days before the meeting
8-14 days hefore the meeting
1 year in advance of the meeting
Individual with primary responsibility for putting the agenda
together (n = 40)
Audit committee chair
CEO or CFO
Other individuals with input on the agenda
CFO
Other audit committee members
Intemal auditor
General counsel
Extemal auditor
CAO/controUer
CEO
Method used to put the agenda together
A detailed calendar of what is covered at each committee
meeting
A matrix that maps audit committee responsibilities to
specific committee meetings per the charter
4
10
8
5
15
h
30
19
i
32
5
80
1
26
10
9
8
7
7
62
60
24
2'l
19
17
17
12
29
25
1
10
85
TABLE 5 (Continued)
Panel C: Infonnation packet
Type of information received in advance of AC meetings
Draft regulatory filings, including financial statements
Reports and other forms of communication from the external
auditor
Reports from internal audit
Draft press releases
Reports from counsel and other attorneys
When is the information packet received (n = 41)?
4 - 7 days before the meeting
1 - 2 weeks before the meeting
Varies depending on the type of infonnation received
Role of the AC in determining type of information included in
the packet (« = 39)
Infonnation is jointly determined by AC and another party
(typically management)
Infonnation is primarily determined by the AC
Infonnation is primarily determined by others (i.e., hot hy '
the AC)
'
What the AC member does when he or she receives (reviews) the
packet
Assesses whether disclosures are full, complete, and accurate
Reviews external auditor comments/audit plans/management
letters
Compares financial results with the past
Reviews special risk areas
Reviews management's analysis of the financial statements
Reviews presentations for upcoming meeting to develop
questions and comments
Reads draft of eamings release and other outside
communications
What the AC member looks for when he or she receives (reviews)
the packet
Unusual things/trends, including the reasonableness of
explanations
Reasonableness of margins, other F/S indicators, and financial
metrics
Consistency of actual performance vs. expectations
Status of litigation involving the entity
Status of the 404 compliance project
n
Percent
32
76
21
19
12
7
50
45
29
17
3
16
19
3
7
39
46
7
16
14
41
36
9
23
8
19
7
5
5
4
17
12
12
10
4
,
10
3
7
18
43
13
5
5
5
31
12
12
12
86.
Conteniporary Accounting Research
TABLE 5 (Continued)
Communications received between AC meetings
Frequency of communications (n = 34)
Daily
Weekly
Semi-monthly
Monthly
Parties from whom oral communication is received
CFO
CEO
Intemal audit
Unspecified management
Extemal audit partner
Nature of written communication received
Monthly financial statements
Research reports (e.g., anialysts) ,.
Press releases
. Press coverage
Updates on changes in the regulatory environment
n
Percent
3
7
2
.22
9
21
6
65
00.
Panel D: Between meetings
19
14
, 6
6
4
3
.
1¡4
10
7
17 .
8
6
'.
.
•
5 ,
' 4
40
.19
14
.12
10
Note:
The statistics in this table are based on thé full group of 42 interviewees, unless ' ' '
otherwise noted.
We redid the charter in 2002 — it now drives the audit committee agenda (we
want to be sure that we cover what we said we'd do). We alsc) hit additional
risk areas — litigation, patents, et cetera. We keep a matrix of three years of
subjects down the left side and time'across the top. Each topic is hit at least
once every 24 months, although sbme topics are addressed at'every audit committee meeting.
•'
• ••
NASDAQ audit coihmittee'chair'
The agenda is set weeks in advance by the independent audit committee chair-'
man. There are no restrictions on adding items before the meeting or during it.
Often an item discussed at meeting #1 is put on the agenda for follow-up at
meeting #2.
NASDAQ audit committee liriembèr
The audit committee builds a calendar at the beginning of the year to serve as
its agenda for the committee meetings appended to the board meeting. The '
audit committee together identifies a "top 10" list of issues. This toplO list
helps the audit committee focus on gaining a better understanding of the
CA/f Vol. 26. No. 1 (Spring 2009)
The Audit Comtnittee Oversight Process
87
business and underlying accounting issues. The top 10 list also includes a list
of compliance issues to be covered each year by the audit committee. Compliance issues include evaluating auditor independence, the audit committee
charter, proxy disclosures, and identification of thefinancialexpert of the audit
committee.
This focus on agenda formality is consistent with Gendron and Bédard 2006,
who find a strong emphasis on consistent, mechanistic agenda setting (also see
Turley and Zaman 2007). Without access to audit committee meetings, it is difficult to determine whether the audit committee agenda-setting process results in
substantive monitoring or is simply ceremonial. It is clear that many audit committees devote significant effort to ensuring that the agenda is responsive to the audit
committee charter and to company risks. In other cases, however, it appears that
management still drives the agenda.
Pre-meeting flow of information to the audit committee
As shown in panel C of Table 5, the audit committee members described pre-meeting
information packets that typically contain draft filings and various audit reports
and include a substantial amount of information (Gendron et al. 2004; Spira 2002).
One interviewee described the information packet:
The audit committee receives a spiral-bound notebook. The notebook contains
all reports prepared by internal audit since the last meeting (10-15 reports).
The audit committee also receives internal audit's plan and a status report on
its progress in meeting that plan. In addition, the audit committee receives
reports from the external auditor and a separate internal compliance group.
The audit committee also gets press releases.
American Stock Exchange [AMEX] audit committee chair
The packets typically are received at least four days before the meeting, but
information timeliness can be a significant issue and may reduce the audit committee
to a ceremonial role:
We get the packet in advance, but not as far as we'd like — usually 5-6 days
ahead of a meeting. This is a major improvement — used to be one day before.
The new Corporate Secretary has done a super job on this.
We get the packet about two days in advance. It turns into panic reading.
Contrary to the more passive audit committee in Turley and Zaman 2007,
many of these audit committees appear to drive much of the content of the information packet:
CARWol 26 No. 1 (Spring 2009)
88
Guidelines of what the audit committee wanted were given to management.
Management gave the audit committee content following those guidelines, j
The audit committee often asks for changes, and management then makes the '
changes. Management exhibits a good deal of flexibility and responsiveness.
;
Mutual fund audit committee chair
Over time the content of the information in the packet has evolved. It used to
be determined by the various service providers (counsel, external auditor,
investment advisor).
NYSE audit committee member
I
|
We also inquired about the nature of the audit committee member's review of
the packet and what the audit committee member looks for when he or she reviews
the information packet. Some audit committee members assess the adequacy of
financial disclosures, while others review external auditor comments, audit plans,
and management letters. However, each of the reported percentages is low (all
under 20 percent), reflecting a lack of consensus on how to review the information
packet. Such a lack of consensus could be positive because different audit committee members may approach issues in nonoverlapping ways.
Many committee members look for unusual results or unexpected trends, and
they evaluate the explanations provided by management for these unusual items.
Many evaluate the reasonableness of reported margins, other financial statement
indicators, and financial metrics. Several audit committee members described thieir
process:
, .
I read the entire packet carefully. I look for things to concentrate on — what's
most important? There is a lot of boilerplate external auditor communications,
and I ask them [the external auditor] to highlight things that are important.
There is lots of external auditor butt-covering now (trying to reduce liability). I
compare across my three audit committees to identify things to focus on and to
benchmark company practices — there are great spillover benefits of serving
on three audit committees.
Look for certain things in the financial statements (e.g., inventory by location,
bank borrowings). Look at margins, income elements. Selling, General &
Administrative expenses (a dozen or so indicators). Look at internal audit
reports for failures that have been "glossed over". Look at litigation issues.
Must be careful to not become complacent when looking at the same stuff each
time! The questions and answers can become similar and boring. What could
happen that we need to ask about? Better to find it now than later.
I.don't necessarily look at "management's answer". Rather, I try to evaluate
whether there is an ongoing disciplined process that management is doing to
!
¡
i
•
'
i
The Audit Coinmittee Oversight Process
89
do its job. I don't think our role is to solve the problem. Instead, our role is
to determine if there is a process in place that we are comfortable with. We
might occasionally get involved in a specific litigation issue to ensure it maps
correctly to the footnote disclosure.
I particularly look at estimates, judgments, follow-up items, anything from
prior discussions — anything that revolves around management's judgments
and how well it was disclosed to determine if that disclosure is robust enough.
I assess information we are given and information we are putting out (e.g., in
the 10-K) to be sure it fairly reflects the situation.
I am looking for surprises from anything. Looking for inconsistencies and for
information about future risks. Looking for things we need to take action on.
Assessing whether information is telling you what you expect or whether you
are surprised by it.
NASDAQ audit committee chair'
It appears that most of the audit committee members quoted above attempt to
engage in rigorous, meaningful analysis of the information provided to them, consistent with the "smell test" highlighted by Gendron et al. 2004 and with an agency
theory view of an audit committee's responsibility. However, these efforts are limited
by the timeliness and quality of the information packet. In cases where the information packet arrives just prior to the meeting or does not contain useful information,
the audit committee may be reduced to a ceremonial role.^^
Communications between meetings
Gendron and Bédard (2006), Spira (2002), and Turley and Zaman (2007) find that
a great deal of audit committee activity occurs outside of formal meetings. Similarly, our interviewees describe frequent, ongoing substantive communications
with management, internal auditors, and external auditors between scheduled
meetings (see panel D of Table 5; also see text under the heading "AC Process
Area 5: Oversight of the Intemal and Extemal Audit Processes", below, regarding
interactions with auditors). However, there are notable differences in information
flow between meetings:
Every month I get a sales report, and every 4-6 weeks I get market information
(what the market is saying about us). I have lots of contact with management
and others — CFO (twice per month). Controller (once per month). Chief
Audit Executive (twice per month), external audit partner (once per quarter),
and counsel (once per month).
I don't get information that frequently. As audit committee chairman, I occasionally call the CFO and chat about recent events or issues. I'm trying to
90
determine if there are new issues that have arisen that require the audit committee's involvement. We do not receive monthly financial statements or budgetto-actual comparisons.
It's becoming almost excessive. We get press releases almost weekly to review.
It's becoming a burden on my email at home. Earnings releases, litigation
information, and acquisition information — something seems to always be
coming my way.
It depends. The external auditor sends stuff. We give the auditor two standards:
(1) you need to have read it yourself, and (2) you need to have thought about
and summarized the application of the infonnation to this company. This is a
very good discipline to follow. We get other stuff sent to the full board — analyst reports, governance reports, monthly financial statements, public relations
information, clippings, et cetera.
Assuming meaningful interactions and review of information, such extensive
contact and information flow between meetings may be consistent with substantive
audit committee monitoring, although perhaps in an informal manner (Turley and
Zaman 2007). In many cases, we see evidence of such contact; however, in other
cases, it appears that the audit committee's efforts are almost exclusively centered
around formal meetings and, therefore, may be more ceremonial.
AC process area 4: Audit committee oversight of the financial reporting
process
Review of financial reporting risk areas
In terms of specific risk areas, one clearly stands out in panel A of Table 6: revenue
recognition, which is specifically reviewed by almost half of the audit committees
(some of those who did not list revenue recognition as a risk area felt compelled to
explain why not). Several audit committee members described their efforts regarding revenues, all of which signal fairly vigilant monitoring by the audit committee,
consistent with agency theory:
!
Revenue recognition is the biggest, since it's software. We go through deal-bydeal [sale-by-sale each quarter], and the external auditor shares their view
(using the deal documents) on revenue recognition.
!
!
There is a heavy focus on revenue recognition given the company sells a software product plus services. There are lots of issues that can be affected by the
sales staff that might dictate revenue recognition terms. We also discuss issues
related to materiality.
NASDAQ audit committee member
!
The Audit Cotnmittee Oversight Process
91
Revenue recognition is very hard in the medical device industry. It's very difficult to predict demand, and it's very difficult to establish the revenue cut-off.
Hospitals are bad at documenting when things (e.g., surgery) happen. That makes
it difficult to establish revenue cutoff — in essence our products are at hospitals
on consignment until pulled from shelf to be inserted inside a patient (because
of the way contracts are written). The company is trying to work better with
hospital partners to do a better job of this — building in contract incentives to
improve information reliability. The audit committee's primary concem is based
on management's confidence in the quarterly numbers. As we sense management is more confident about its numbers and cutoff, the more confident we are.
The company uses an outside firm to do our intemal audit work. This outside
firm reviews revenue recognition at every subsidiary (and every type of contract) and reports back to the audit committee chair on whether revenue is
being recognized correctly.
Other key risk areas examined include reserves, fixed assets (primarily related
to asset impairment), inventory (primarily related to the obsolescence reserve), and
receivables. For example, three audit committee members described financial
reporting risks and monitoring efforts:
I want to understand how we've done and apply technical knowledge to make
sure we've done things correctly (e.g., new standards). I focus on proper
disclosure/communication to shareholders. In terms of specific areas, there is
a major focus on fraud (to never let it happen again in this company). I sometimes ask myself, "Would I have caught the fraud [that occurred before this
person's term on the board]?" The honest answer is probably not. It would
have required someone to step back from the details and understand that
ratios/analytics that appeared okay should not have appeared okay due to what
was happening in the industry.
Our company is merger and acquisition driven. We focus on revenue recognition
issues, tone at the top at acquired companies, and how acquired companies
treat contracts. I am very concemed about anything done to inflate earnings/
revenues. I review whether the company is in compliance with Emerging
Issues Task Force pronouncements on revenue recognition.
We focus on subjective areas of accounting that aifect income. I ask the audit
partner about the five most subjective areas of income determination. Examples
include warranty reserves, post-retirement benefits, income taxes, impairment
of long-lived assets, and joumal entries at period end.
CARVoX. 26 No. 1 (Spring 2009)
92
i
I
These perspectives all suggest substantive monitoring on the part of some
audit committees.
|
Review of accounting policies and estimates
|
Panel B of Table 6 provides information about processes performed by audit committees related to their review of accounting policies and estimates, which rahge
from extensive to minimal. Two audit committee members described their extensive
involvement with accounting policies; the second description may refiect a managerial role for the audit committee: .
.
;
TABLE 6
'
AC process area 4: Audit coiñmittee oversight of thefinancialreporting process*
Panel A: Financial reporting risks
j
j
Percent
Financial reporting risk areas reviewed by the audit committee
Revenue recognition
Reserves
Fixed assets, including asset impairment
Inventory, including obsolescence .
Receivables, including allowance for doubtful accounts
Critical accounting policies
Litigation
Management judgments/estimates
Mergers and acquisitions
Regulatory compliance concerns .
Taxes
Debt, including covenants
19
12
9
9
8
7
6
6
6
6
6
5
Panel B: Accounting policies and estimates
45,
29,
21!
21¡
19
17!
14
14
14'
14|
14
12'
Percent
Audit committee involvement in setting/reviewing specific
accounting policies (n = 37)
Reviews policies
Not currently involved, but would be if a major change
occurred
Minimal involvement
., :
Audit committee discussion of specific judgments/estimates/
assumptions involved in implementing an accounting policy
(n = 31)
Yes, involved
Involved to some extent
Audit committee review of accounts dependent on assumption/
estimates (n = 11)
Audit committee reviews assumptions/management judgments
Audit committee relies on the external auditor
28
76
7
2
19
5
24
7
77
23
9
2
82
18
93
Our review of accounting policies is extensive. We are trying to make sure that
the message gets through that the audit committee is not tolerant of GAAP
non-compliance due to immateriality. We are looking for the right tone in the
company and to set the right tone. We aim to set high expectations and we have
an aggressive attitude in setting this tone — no sloppiness.
Mutual fund audit committee chair
The audit committee actually sets the policies and reviews them annually. The
accounting practices and financial practices of the company are reviewed and
approved on an annual basis.
Two Others discussed their very limited role with accounting policies:
The audit committee has minimal involvement in setting and reviewing accounting policies. The audit committee relies on the external auditor to identify areas
where a change is needed. Also, the audit committee feels that they are only used
for oversight. We do not have active involvement in setting these policies.
TABLE 6 (Continued)
Panel C: Alternative accounting treatments
n
Audit committee discussion of alternative accounting
treatments available under GAAP (n = 30)
Always discuss
Sometimes discuss
Discussions have been held in the past
No discussion
20
5
2
3
67
17
7
10
Does the AC ask the external auditor which treatment they
would use (n = 27)?
Yes
No
24
3
89
11
Form of external auditor's communication regarding alternative
treatments (n = 30)
Oral
Both oral and written
Written
18
11
1
60
37
3
10
9
33
30
11
37
Is management present for the discussion of alternative
accounting treatments (n = 30)?
Sometimes
Yes
Yes, followed by a separate executive session without
management
• Percent
94
TABLE 6 (Continued)
Panel D: Fraud risks
n
Audit committee involvement in assessing financial statement
fraud risks
Audit committee's own actions
Reliance on the extemal auditor
Reliance on the intemal auditors
Little involvement
i
!
Audit committee's own actions in assessing financial statement
fraud risks
Closely analyze reserves and other financial statement areas
where fraud could occur
Assess character of management
Regular interaction with management
Actively promote the company's hotline
Actively search for fraud risks
•
Review officers' expenses (annually)
Assessing and monitoring management's integrity
How does the audit committee assess management's integrity?
Evaluate management's body language
Observe management's transparency/openness, especially
with the board and the audit committee
Observe how management reacts in pressure situations
Observe if management is defensive
Other means of assessing management's integrity
. Whistleblower hotline
Percent
32
16
14
2
76
38
33
5
6
4
4
3
3
3
j
!
¡
14
10
10
7
7
7
6
4
4
',
'
17
j
14
10
10
4
!
10
7
.
.
I
Note:
*
,
. •
I
The statistics in this table are based on the full group of 42 interviewees, unless' !
otherwise noted.
The audit committee's involvement in setting policies is close to zero. Management will discuss a policy and get the concurrence of the audit committee.
!
'
I
I
Overall, there is some lack of consensus on the audit committee's role in this
area. Many audit committees approach accounting policies with the goal of providing
vigorous monitoring, while others appear to do very little, serving more of a ceremonial role by simply relying on the auditors with minimal audit committee analysis of the issues (also see Pomeroy 2007 for post-SOX evidence on auclit
committee members' evaluation of accounting decisions).
!
The audit committee's involvement in reviewing management estimates, judgments, and assumptions often is quite extensive. All of the audit cotnmittee members
I
I
'
95
who were asked about this indicated that they review (at least to some extent) the
estimates, judgments, and assumptions involved in implementing an accounting
policy. For those asked about reviewing specific accounts dependent on management assumptions and estimates, most indicated that this review is performed (see
Gendron et al. 2004 for discussion of how audit committee members evaluate loan
loss reserves by considering the mathematical formulas underlying the reserves).
. Several audit committee members described their intense efforts to monitor
management estimates, judgments, and assumptions:
The audit committee is absolutely involved. We focus on any prior year
restructuring reserves, particularly focusing on where we put the reversal of
any reserves. We focus on the allowance for doubtful accounts, inventory
reserves, and income/deferred income estimates. We also look at impairment
of intangibles.
We absolutely review them, but we resist temptation to think we're smarter
than management. We ask the auditor, "Do you agree? Are we too aggressive?"
The audit committee gets into lots of depth on this issue. The committee asked
me [the audit committee chair] to talk with others in the company (President,
CFO, Head of Sales, Real Estate) — I even visited some stores to get a sense
[of] what was really going on there.
It's somewhat ad hoc. I ask for different things at different times. I like to
assess the response I get — for example, did the document exist before I asked
for it? I like to see the rigor with which the original source documents were
prepared. As another example, I ask to see original journal entries that have
been made in the reserve accounts.
Other audit committee members described a more limited, ceremonial
approach in this area (an approach that centers around audit committee reliance on
others, as opposed to audit committee evaluation of the issues):
We only discuss this if the external auditor raises this as an issue. The audit
committee has a real dependence on the quality of the external auditor and
more dependence on the internal auditor.
We are heavily reliant on management for several estimates. We have significant estimates related to litigation, patent settlements, product liability, ... and
inventory obsolescence.
96
If it's material the audit committee does discuss management assumptions. '
They are usually pretty short discussions, though.
•
, :
Involvement in reviewing altemative accounting treatments available under GAAP
As shown in panel C of Table 6, the audit committee's involvement in reviewing
altemative accounting treatments available under generally accepted accounting
principles (GAAP) appears to be mixed. Most of the audit committee members
always discuss with the extemal auditor altemative accounting treatments available
under GAAP, but others do not.'^ When the audit committee discusses with the
extemal auditor altemative accounting treatments available under GAAP, in most
cases the audit committee asks the extemal auditor what accounting treatment it
would have used. The auditor's responses generally are made orally, with management present for these discussions.
Audit committee members described substantive efforts in this area as follows:
Recently we had huge discussions about FASB Interpretation (FIN) No. 46.
Alternatives are discussed with management, the external auditor, and the
intemal auditor. The audit committee determines whether everyone is comfortable with the choices being made. We would see one or two altematives as part
of any discussion.
We ask the auditor what range of treatments is appropriate under GAAP, what
is recommended by the extemal auditor, and why there might be a different
view. We strive to get management and the extemal auditor into agreement.
The audit committee serves as referee.
I look for differences between the auditor and management (this can be signaled by nuances in body language). I ask the auditor where the company
stands relative to the conservatism or aggressiveness of other clients. This discussion is driven by changes in extemal regulation. I want to know about the
discussion between management and auditors. What were the points of contention? These questions are asked when management and the auditor are both
present, and then separately when each group is alone with the audit committee.
Another audit committee member described a more ceremonial role for the audit
committee:
The audit committee has had very limited discussions with the extemal auditor
regarding altemative accounting treatments. One example dealt with classification of Income Statement items (i.e., recurring vs. non-recurring). The auditor
initiated this discussion.
97
Review of the risk of fraudulent flnancial reporting
Although many of the audit committee members consider assessing the risk of
fraudulent financial reporting to be a primary audit committee responsibility, a
number of committee members clearly are very uncomfortable with this role (see
panel D of Table 6).^^ A NYSE audit committee chair stated, "That's why we have
auditors," to indicate that the audit committee is not responsible for fraud detection. Conversely, an AMEX audit committee member stated, "This is so hard. The
audit committee is supposed to be finding fraud." Gendron and Bédard (2006) also
note that audit cominittee chairs seem to lack confidence about their ability to
detect fraud.
Several audit committee members expressed frustration with being expected
to find fraud, consistent with Spira's 2002 (79) finding that many view audit committees as "powerless to prevent calculated fraud":
This is asking a hell of a lot of the audit committee. It is totally beyond the
competency of any audit committee member to be able to sniff out fraud. So
much of this risk relates to the people, thus you must rely on your judgment
regarding management's integrity. Management knows that the audit committee is watching ^— for'example. Hook at the cars in the company's parking lot.
The moment you see a Ferrari you start to worry. The guys with the big cars
are the ones who get you in trouble.
AH board and audit Committee members are against fraud, but the audit cOmmittee is not a bunch of Sherlock Holmes. Ultimately, the audit committee has
to have some level of reliance on management. The audit committee tries to
help instill à cliniate offcomplianceand disclosure within the company.
AMEX audit committee member
The audit committee tries to stay mindful of this risk. We look at the financial
statements, and we talk tO the auditors. However, it is impossible to assess
fraud risk-We rely on management to some extent. We do look for telltale
signs of problems (e.g., management abusing its privileges).
There is very little that the audit committee can do in the fraud area unless it is
absolutely glaring.
Fraud risks are not explicitly considered. The audit committee relies on the
external auditor to do that. They are more familiar and independent.
Conversely, other audit committee members accepted responsibility for fraud
detection:
CARWol 26 No. 1 (Spring 2009)
98
Under SOX, now the biggest issue is fraud. We are asking all sorts of questions >
of internal audit and external auditors to look for certain things. The audit j
committee looks at expense reports, loans to individuals, related party transactions, contracts, and agreements, particularly those related to compensation
and pensions.
NYSE audit committee member :
I don't know if internal and extemal audit think it's their job to detect fraud.
The job of the audit committee is to do the qualitative things to assess fraud ',
risk. The audit committee tries to detect fraud through a reasonable due diligence process. The audit committee assesses the environment and directs
resources to those areas of greatest
risk.
'•
The audit committee has heavy involvement in assessing the reliability of the
financial statements. The audit committee is always assessing the integrity of
the firm and its management. If you don't have.faith in the CEO,,the audit
committee has a problem.
.
.
:
•
NASPAQ audit committee member
'
Other audit committee members did not perceive fraud risk as a significant
issue:
The audit committee is very familiar with the company, so the risk of fraud is
very low (less than 5 percent). A bigger risk is whether the estimates and judg- '•
ments.made by management are correct.
NYSE audit conraiittee member
The audit committee has to assess the character of the people and determine ,
the tone at the top of the organization. This is not an agenda item, but it is discussed periodically in audit committee meetings. We try to read management.
For example, when the audit committee asks a certain question, and there is a
surprise that is revealed. The audit committee does not believe this is a large
issue for this company.
In assessing the risk of fraudulent financial reporting, most of the audit comniittee members rely, at least partly, on their own efforts to assess the risk of fraudulent
financial reporting, although there was no consensus activity that audit committees
use in this regard. In addition, many of the committee members rely heavily on the
extemal and internal auditors. Overall, it appears that many audit committee members simply do not want to be responsible for detecting fraud, much as extemal
auditors have attempted to avoid this responsibility for decades. Many audit committee members may want to serve as vigilant monitors of management, but within
certain limits. Fraud detection is. however, beyond the limit for many.
99
Finally, we asked how audit committee members assess management's integrity
(i.e., the tone at the top), an area of focus for audit committee chairs in Gendron
and Bédard 2006. There is no consensus method used. Many audit committee
members described their approaches to assessing integrity, along with expressing
some reservations about whether their efforts were effective:
It is important to look at the second line of management. The audit committee
has frequent opportunities to interact with these people. If something were
going on, would these people speak up? You're never comfortable about this,
though. At some point, you must believe people are honest.
The board and audit committee are very strict in monitoring and enforcing
company policies. I know all members of management and their wives. All
members of management live modest lives, and they are all on their first wife.
You can tell a lot about people by the way they behave. I watch how management behaves in different settings. A lot of this, though, is instinct.
Look for telltale signs that may be popping up. Spend time in executive session talking about this with both intemal and extemal auditors. Ask if they've
been asked to do anything that they're uncomfortable with. Also ask this question of the CFO, Controller, et cetera.
There are some companies that want aggressive/risk taking/push the envelope
type people. Skilling and Fastow weren't wolves in sheep's clothing, but were
wolves in wolves' clothing.... I am constantly vigilant. You can't let yourself
assume that people will always do the right things. Vigilance for me is observing how management acts in different settings. I sit in on company meetings to
see how senior management acts.
"Trust, but verify" is the motto of the audit committee. We focus on two
aspects: quantitative and qualitative. As for quantitative, we focus on the financial results — are we seeing weird things with the numbers? As for qualitative,
we're focusing on a litmus test — how they act, how they conduct themselves.
For example, we look at how they travel on business — do they always stay at
the Four Seasons, or do they stay at a reasonable hotel? We also track any
financial activities between the company and personal business. We focus on
how they generally conduct themselves — how they act. We also question the
auditor about anything they see along these lines.
Others emphasized the importance of helping to set the ethical tone in the
company:
100
I put a lot of pressure on the principal financial guys to operate with integrity. I
tell them, "If you lose your integrity and you're lucky, you'll be driving a taxi.
If you're not lucky, you'll be in jail."
See how people react over time and under pressure. Let people know how you
as a board feel about integrity. With my kids, "It's better to fail than cheat."
With management, "It's better to miss the numbers than to do something we
regret." We have an element in the CEO evaluation — ethical environment.
Í
I
:
•
Overall, the approach to assessing management integrity often appears consistent with the agency theory view that the audit committee members are trying to
provide.effective monitoring; however, in other cases the audit committee's role in
this area is extremely limited. It is also clear that many audit committee members
are uncertain about the effectiveness of their efforts to assess integrity.
AC process area 5: Oversight of the internal and extemal audit processes
Audit committee interaction with internal audit
As shown in panel A of Table 7, audit committees frequently are involved in internal
audit hiring, compensation, and budget decisions. The audit committee typically
meets frequently with internal audit. It appears that audit committee interaction
with internal audit has increased from pre-SOX periods (see Carcello, Hermanson,
and Neal 2002; Cohen et al. 2007a), but is still very limited in some cases.
In many cases, the oversight of internal audit is shared between the audit committee and management in a fairly informal, sometimes contentious manner (see
Gendron and Bédard 2006). A NASDAQ audit committee chair described internal
audit's solid-line reporting to the controller and dotted-line reporting to the audit
committee and concluded, "I'm not 100 percent happy with this." Others stated:
The audit committee hired the Chief Audit Executive from three candidates
suggested by the CFO (mutual decision, although the audit committee didn't
pick the CFO's first choice). Firing is probably by mutual decision ("we're
hooked at the hip and no surprises"). The audit committee reviews internal
audit's budget, but not in detail (within scope approval that leads to headcount). The audit committee does not review internal audit compensation
except that there was discussion with the CFO to ensure that the Chief Audit
Executive gets paid about what the Controller gets.
'.
:
;
!
\
This is in transition. Up until recently, internal audit was a function of management, performing mostly operational audits. Over the last two years the audit
committee has become more involved in determining the scope of internal
audit activities.
'
'
101
The relationship with intemal audit is positive — intemal audit feels comfortable reporting to the audit committee. However, the audit committee would
prefer a more structured agenda approach to intemal audit's report. Currently,
it revolves more around the question of "Anything you want to tell us?" That
usually leads to a lot of talking about not much. Often that isn't very informative.
The director of internal audit "technically" reports to the audit committee
chair. In reality, he reports to the CEO.
TABLE 7
AC process area 5: Oversight of the intemal and extemal audit processes*
Panel A: Intemal audit
n
AC involvement in hiring the intemal auditor (n = 21)
Not involved
Involved in decision/joint responsibility with management
Requires audit committee approval
Audit committee has hiring authority
AC involvement in firing (if needed) the intemal auditor (n = 20)
Not involved
Involved in decision/joint responsibility with management
Requires audit committee approval
Audit committee has fidng authority
AC involvement in determining compensation/budget of intemal
audit (n = 23)
Not involved
.
Involved in decision
AC sets the compensation/budget
Frequency of audit committee meetings with intemal audit {n = 36)
Semi-annually
Quarterly
More than quarterly
Every face-to-face meeting (excludes conference calls)
Every meeting
AC meets privately with intemal audit each face-to-face meeting
(n = 36)
AC chair talks to intemal audit director no less frequently than
monthly (n = 36)
Percent
2
8
6
10
24
38
29
1
6
8
5
5
30
40
25
3
14
6
13
61
26
1
10
1
8
15
3
28
3
22
42
12
33
5
14
5
••
102
TABLE 7 (Continued)
Panel B: Extemal audit
n
Percent
Frequency of audit committee meetings with the extemal auditor
Semi-annually/quarterly
More than quarterly
Every face-to-face meeting (excludes conference calls)
Every meeting
4
3
13
22
JQ
7
31
52
14
33
5
12
13
43
8
27
7
23 •
6
4
20
13
4
J3
4
13
Other aspects of communication between the AC and the extemal
auditor
AC meets privately with extemal auditor at each face-to-face
meeting
AC chair talks to extemal auditor the day before board/AC
meetings (i.e., in a pre-meeting executive session)
Information gathered by the AC to evaluate audit firm quality
and effectiveness (n = 30)
Evaluates the quality of the members of the engagement team,
especially the partners
Evaluates how the extemal auditors respond to AC questions/
how they perform in the AC meetings
Gets input from the CEO, CFO, controller or other members
of management
Evaluates independence of the extemal auditor (i.e., are they
too close to management?)
Looks at the audit firm's industry expertise
Relies on the reputation of the extemal auditor/uses a
Big 4 auditor
Reviews copies of peer review reports, results of PCAOB
reviews, any regulatory action taken
Note:
The statistics in this table are based on the full group of 42 interviewees, unless
otherwise noted.
It is an uneasy alliance with neither side willing to cede authority to the other.
The audit committee has pushed management very hard to beef up the intemal
audit function. The audit committee wants a direct reporting relationship
between intemal audit and the audit committee. Management cannot fire the
Chief Audit Executive without the approval of the audit committee.
Overall, there was a substantial lack of clarity in internal audit's reporting
channels. Internal auditors and audit committees each can benefit from a strong
relationship with the other party (see Spira 2002; Turley and Zaman 2007), but
103
there is significant potential for intemal audit's loyalties to be divided as a result of
multiple reporting channels (i.e.. to the audit committee and management).
Meetings and other communications with extemal audit
As shown in panel B of Table 7, the extemal auditor is heavily involved in audit
committee meetings. In addition, there often is significant contact between the
audit committee chair and the auditor outside of meetings (see Spira 2002; Turley
and Zaman 2007). One audit committee chair discussed having breakfast or dinner
with the audit partner before each audit committee meeting. Another stated:
I have lunch with the audit partner once every two weeks during the audit —
so there are three tofivelunch meetings alone.
A NYSE audit committee member indicated, "The outside auditor should be
your best friend. They are the ones who are going to keep you out of trouble."
In evaluating the effectiveness of the extemal auditor, some audit committee
members assess the quality of the engagement team members — especially the
partners assigned to the engagement — while others gather little or no information
to assess auditor performance. Although 43 percent of the audit committee members evaluate the extemal auditor by assessing the quality of the personnel assigned
to the engagement, only 13 percent of the committee members rely on the reputation of the audit firm and 13 percent refer to the audit firm's industry expertise.
This finding is consistent with a growing body of empirical literature that finds that
audit quality is more a function of audit team characteristics than audit firm characteristics (e.g., Ferguson, Francis, and Stokes 2003; Francis. Reichelt, and Wang
2006). Gendron et al. (2004) find that auditor competence and candor are major
considerations in assessing quality:
I am not sure how much difference there is between firms, but there can be big
differences between partners. The audit committee looks at fees, we look at
firm publications, and I talk to my friends and colleagues who have interaction
with other firms.
The audit committee is dealing with a commodity, when talking about the Big
4. The variation among the partners within the firms is more important than the
variation across the firms. Partners must be abreast of recent developments,
and ahead of the curve on the difficult issues. The extemal auditor must be a
counterweight to management and be able to marshal the resources of the firm.
Others assess the quality of the extemal auditor by evaluating how the auditor
responds to questions from the audit committee and how representatives of the
auditor perform in audit committee meetings:
104
We developed 30 questions to ask ourselves about the extemal auditor. Audit
committee members think about the questions and discuss concerns with the
auditor (e.g., we wanted the auditor to spend more time with the CEO and this
has happened). The audit committee chair interviews management for évaluation of the auditor. The 30 questions include responsiveness, candor, quality of
people, attention to the company, suggestions to the company and audit committee, and are senior audit firm people too close to management?
;
'
|
1
Despite Cohen et al.'s 2007a finding that management is still the key driver'of
auditor selection, several interviewees indicated that the audit committee is quite
active in selecting the new engagement partner when a partner rotates off the
engagement. For example:
The audit committee meets with prospective new partners before they are
assigned. The audit committee looks at fees #1 ; experience #2; and staff that
will be working on the account #3. The audit team is more important than the
audit firm.
!
When partner switches/rotations occurred, the firm recommended the audit
partner, and the audit committee interviewed him and agreed he would be a
good partner.
!
!
We just had a change in partner (prior one got promoted). The audit committee
told the extemal audit firm what criteria we wanted in the new paruier — and
we got that kind of person. We wanted someone with industry experience
and who was responsive.
'
'•
'
We also asked about the purchase of nonaudit services ñ-om the extemal auditor.
Ninety percent of the participants indicated that the company purchases nonaudit
services from the auditor, although sometimes reluctantly. Tax services are by far
the most common nonaudit service purchased. However, there appears to be a
trend away from using the extemal auditor for any nonaudit services, even tax services, due to concems about the appearance of a lack of independence (see Gaynor,
McDaniel, and Neal 2006), which could undermine legitimacy (Spira 2002):
;
I don't think that non-audit services would actually impair the extemal auditor's
independence, but we have basically refrained from using the extemal auditor
for non-audit services due to concems about the perceptions of extemal users.
On certain issues you can get better quality work more cheaply from the extemal
auditor, but this is traded off against the risk that someone could come back
and second guess you.
.
'
i
i
105
Overall, audit committee members appear to rely quite heavily on the external
auditor, and the committee generally provides meaningful oversight of the extemal
auditor. Such oversight is consistent with the spirit of SOX section 301, which specifically calls for the audit committee to directly oversee the auditor.
AC process area 6: Other audit committee activities
Panels A - D of Table 8 present information on several other audit committee
activities:
• Most audit committees benchmark their processes either formally or informally against best practices (also see Gendron and Bédard 2006). Several
sources of information are used (see panel A), including seeking input from
the extemal auditor. Such efforts to adopt best practices are consistent with isomorphism, where audit committee practices become more similar over time as
companies imitate each other to seek legitimacy (DiMaggio and Powell 1983).
• Most audit committees have some involvement in reviewing compliance with
the company's code of conduct (see panel B), but some have no involvement
in this area.
• Audit committees largely accomplish their oversight role through their reliance
on others, primarily auditors and management (see panel C). A NASDAQ
audit committee chair provided this detailed description of how his committee
gets comfortable with understanding the key financial reporting risks, as well
as setting a strict tone with new hires to the accounting staff:
The thing that does the most good is the analysis of thefinancialstatements
(30-40 page package) — by country, budget vs. actual, actual vs. peer group,
analysis of reserves, et cetera. Visiting company sites and meeting with
employees helps. Also, I rely on questioning the extemal auditor, including the
discussion of critical accounting policies. Finally, the addition of several
former Big 4 managers to the controller's office has helped with GAAP issues.
I met with them and clearly explained that if anyone asked them to do anything
inappropriate, they'd better tell the audit committee immediately — or we'd
fry them in Hell.
In addition, there are contrasting perspectives on the notion of audit committees getting "comfortable" (Gendron et al. 2004; Spira 2002) with the position
that all risks have been identified and mitigated:
The audit committee is comfortable with employees and management, and
with the extemal auditor.
The audit committee must have some degree of faith that management is settting therighttone and degree of integrity. The internal audit director must have
106
enough intestinal fortitude. The extemal auditor must have enough intestinal
fortitude. The audit committee is uncomfortable on this dimension if there are
surprises that we were not told about ahead of time.
NYSE audit committee chair [
I don't want the audit committee to be comfortable. If we are comfortable, we
are in trouble.
AMEX audit committee chair
!
Are any audit committees comfortable these days? ... Stmcture and process is
not a substitute for talking to people face-to-face (do people look you in the
eye or do they look at their shoes?). You can never stop talking, listening, and
questioning.
;
The audit committee gets its comfort from the extemal auditor, outside counsel, management, and from the audit committee members' own experiences in
other companies.
'
;
AMEX audit committee member
•
The audit committee members clearly are dependent on both intemal and
external auditors in evaluating the effectiveness of intemal control over financial reporting (see panel D of Table 8) (Gendron et al. (2004) also find heavy
reliance on intemal audit in this regard). Although there has been much criticism
of SOX section 404, a number of the audit committee members are supportive of
the process. A NASDAQ audit committee chair stated:
404 stuff has been superb — lots of issues discovered through 404, despite
hearing from the extemal auditor that controls were fine before 404. With 404,
we now can identify, track, andfixintemal control problems. We keep a listing
of significant deficiencies — who is responsible, timetable for remediation,
and extemal auditor approval. It has been a great mechanism.
However, another NASDAQ audit committee chair stated:
404/SOX has changed everything. The good is that SOX has created a different tone at the top (this accounts for 90 percent of the benefit of SOX and only
5 percent of the effort). The bad is that 404 provides some benefit, but the cost
is way too much. We could have eliminated 80 percent of the pain and still gotten 90 percent of the benefit.
.
;
'
i
As we concluded each interview, we asked the interviewees about the most
important thing that an audit committee can do to fulfill its responsibilities (not
tabulated). Consistent with insights from previous research (Gendron et al. 2004;
Gendron and Bédard 2006; Krishnamoorthy, Wright, and Cohen 2003; Spira
107
2002), many committee members indicated that asking good questions is the single
most important thing that the audit comtnittee can do. One NASDAQ audit committee member said that committee members should "ask tough questions, many
times, of many people". Consistent with Kalbers and Fogarty's 1993 focus on the
importance of audit committee member willingness to act and challenge management, a NASDAQ audit committee chair said:
TABLE 8
AC process area 6: Other audit committee activities*
Panel A: Benchmarking
n
Does the audit committee benchmark its practices against best
practices (n = 36)?
Yes, a formal process is in place
Yes, but not a formal process
No
Just starting to do this
19
8
7
2
53
22
19
6
13
11
9
8
45
38
31
28
7
24
5
17
How the audit committee benchmarks its practices against best
practices (n = 29)
Completes a self-evaluation
Seeks feedback from the extemal auditor
Compares AC practices to practices of other companies
Has AC members attend seminars
Seeks feedback from management, outside counsel, and
intemal audit
Compares AC charter against charters of other companies in
that industry
Percent
Percent
Panel B: Code of conduct
The audit committee and the code of conduct
Involvement of the AC in reviewing compliance with the code
of conduct
Some
Heavy
Board or other committee responsibility
None
Examples of AC's involvement in reviewing the code of
conduct
AC reviews code of conduct, including how it is
communicated
AC is either directly involved in receiving hotline calls or is
provided with a summary of such calls
AC chair reviews log of any violations of the code of
conduct
22
11
8
1
52
26
19
2
23
55
19
12
108
TABLE 8 (Continued)
Panel C: Overall AC comfort
How does the audit committee get comfortable that it understands
the entity's key financial reporting risks?
Talk with/rely on the extemal auditor
Talk with/rely on operating management, outside counsel
Talk with/rely on intemal audit
AC follows effective processes (e.g., probing questions, active
oversight, etc.)
AC understanding of the business
Percent
19
15
12
45
36
29
8
5
i
19
12
Panel D: Intemal controls
How does the audit committee evaluate the entity's strength of
intemal control over financial reporting?
Rely on extemal auditor
Rely on intemal audit
Rely on 404 work
Rely on management
Hire another accounting firm to assist in the process
Percent
22
21
16
12
6
Note:
52
50
38
29
14
;
The statistics in this table are based on the full group of 42 interviewees, unless '
otherwise noted.
!
Be prepared, diligent, well read. Constantly ask questions — be a devil's
advocate — have a jaundiced view. Don't get too comfortable with top management and the tone. Good communication between the board, audit committee, management, and outside advisors is key. A strong audit committee chair
is important.
¡
i
j
'
j
These results, while echoing Gendron et al.'s 2004 finding that effective questioning is critical, are in stark contrast to research (Cohen et al. 2002; Gibbins etial.
2001; Spira 1999, 2002; Turley and Zaman 2007) finding that audit committee
members often are not very effective or powerful questioners. However, Cohen
et al. (2007a) find that auditors perceive audit committee members to be asking
more probing and difficult questions post-SOX, and Turley and Zaman (2007) highlight the importance of informal audit committee processes in inñuencing outcomes.
Beyond the importance of asking good questions, a NYSE audit committee
member noted the inñuence of the audit committee on auditor-management disagreements:
I
The most important thing that the audit committee can do is to be responsible
for the intemal and extemal audit functions. The single most important benefit
of SOX is the fact that it makes the audit committee responsible for these
i
•
,
109
functions. As a result, the extemal auditor is not a loser in a battle with management. The auditors now have the ability to not cave in to management. This
is a powerful and inexpensive change.
We also asked the audit committee members about the most important individual attributes/characteristics that an audit committee member needs to possess.
Many committee members indicated that a willingness to ask probing questions is
the most important trait. A NASDAQ audit committee member said that committee
members should "regard dissension as an obligation". Another NASDAQ audit
committee member indicated that audit committee members should possess the
"ability to ask 'stupid' questions. Audit committees need people willing to ask
dumb questions in front of smart peers."
On balance, the interview results indicate a commitment to substantive monitoring, as well as many audit committee practices that appear to be quite substantive.
However, we did encounter a number of responses that reflect a more ceremonial
role for the audit committee.
5. Supplemental analyses
To provide additional insight, we analyze whether there are differences in the audit
committee members' responses or characteristics on the basis of six individual and
two company characteristics. In Table 9, we present selected, more notable differences found in these exploratory analyses.^O
There are several insights provided in Table 9. First, audit committee members
who are accounting experts are more likely to have joined the audit committee
post-SOX after conducting extensive due diligence procedures.^! These audit committee members also report that their audit committees are more actively involved
with the information packet content and with accounting alternatives and estimates.
In many cases, it appears that companies specifically searched for accounting
experts to serve on the audit committee post-SOX. Such accounting experts are
very careful about whose board they join and are quite active once on the audit
committee.
Second, audit committee chairs are more likely to be accounting experts (e.g.,
certified public accountants [CPAs] with public accounting experience), but also
are more likely to have had personal ties to directors or executives before joining
the board and are more recent entrants to the audit committee service realm. It
appears that in many organizations, the strategy for selecting an audit committee
chair is to approach an accounting expert who is well known by someone on the
board or in management. Interestingly, the audit committee chairs serve on committees that appear somewhat less focused on having the audit committee directly
involved in assessing the risk of fraudulent financial reporting.
Third, in the post-SOX environment, individuals joining audit committees are
more likely to be accounting experts (e.g., CPAs with public accounting experience) who conduct extensive due diligence procedures before joining the board and
who have turned down some board opportunities. These audit committee members
are diligent in that they are more likely to carefully read audit committee materials.
110
These results are consistent with the spirit of SOX. Most notably, SOX promotes
audit committee financial expertise by requiring disclosure of whether at least one
audit committee member is a financial expert, and we find that post-SOX appointments to the audit committee are more likely to be accounting experts than preSOX appointments.
Fourth, audit committees in high litigation risk industries hold more face-toface meetings, but engage in less contact between meetings. It is possible that this
greater focus on formal meeting processes is driven by concerns over legal liability,
TABLE 9
Variations in selected responses by personal and company characteristics*
;
Older audit committee members (above the median age of 57 years old; « = 20):
• are more likely to focus on the importance of audit committee interaction with the
extemal auditor
• are more likely to focus on the importance of audit committee diligence
• are less likely to have experience as a CFO
Audit committee members who are accounting experts (n = 28):
• are more likely to have joined the audit committee post-SOX
• are more likely to serve on a greater number of audit committees
• are more likely to have conducted numerous due diligence procedures before joining
the board
• are more likely to state that their audit committee drives the content of the information
packet; always discusses alternative accounting treatments under GAAP; and
discusses specific judgments, estimates, and assumptions involved in implementing a
new accounting policy
• are less likely to have many years of board, audit committee, or audit committee chair
experience
Audit committee members currently sitting on more than one audit committee (n = 24):
• are more likely to have public accounting experience and be accounting experts
• are less likely to carefully read audit committee materials
Audit committee members who had prior experience with management or the company
before joining the board (n = 20):
• are more likely to be attomeys
• are less likely to talk with board members before joining the board
Audit committee chairs (versus regular committee members) (n = 24):
• are more likely to be CPAs, have public accounting experience, and be accounting
experts
• are more likely to have personal ties to management or directors before joining the
board
• are less likely to have many years of board and audit committee experience
• are less likely to say that their audit committee relies partly on its own actions to
assess the risk of fraudulent financial reporting
111
TABLE 9 (Continued)
Audit committee members who joined the audit committee post-SOX (n = 16):
• are more likely to be CPAs, be accounting experts, and have public accounting
experience
• are more likely to have declined a board opportunity
• are more likely to have conducted numerous due diligence procedures before joining
the board and are more likely to continuously evaluate their ongoing service on the
audit committee
• are more likely to carefully read audit committee materials and are more likely to
emphasize the importance of asking good questions
• are less likely to have many years of board, audit committee, or audit committee chair
experience
Audit committee members serving companies in high litigation risk industries (financial
services, Pharmaceuticals, or technology) (n =12):
• are more likely to say that their audit committee has a greater number of face-to-face
meetings each year
• are less likely to communicate frequently between meetings
Audit committee members serving NYSE companies (« = 20):
• are more likely to state that their audit committee receives the pre-meeting packet
more than one week before meetings
• are more likely to state that their audit conunittee reviews management's assumptions
related to accounts that are dependent on assumptions or estimates (compared with
relying on the extemal auditor or having no involvement)
• are less likely to have conducted numerous due diligence procedures before joining
the board
• are less likely to be CPAs, be accounting experts, and have public accounting
experience
Note:
*
All differences reflect p-values S 0.10, two-tailed.
where the audit committee seeks to make the audit committee process as formal
and extemally legitimate as possible.
Finally, audit committee members serving NYSE companies (as opposed to
NASDAQ or AMEX companies) receive their information packets earlier and are
more involved in assessing management estimates and assumptions. These audit
committee members also are less focused on performing due diligence procedures
before joining the board (possibly due to the large, well-established companies
involved) and are less likely to be accounting experts (e.g., CPAs with public
accounting experience).
6. Discussion and conclusion
This study makes three main contributions to the academic literature. First, we provide detailed insights into audit conunittee processes at 42 U.S. public companies
CAR Vol 26 No. 1 (Spring 2009)
112
in the post-SOX environment. As a result, researchers can better understand what
happens in the boardroom in the post-SOX environment, and several opportunities
for future research are revealed (see below). Second, the study extends, and in some
cases confirms, previous research on the audit committee process (Cohen et al.
2002, 2007a; Gendron et al. 2004; Gendron and Bédard 2006; Spira 1999, 2002;
Turley and Zaman 2007). The confirmation of earlier research results is notable,
because previous researchers have often examined audit committee processes outside the United States (i.e., in Canada and the United Kingdom). Finally, from a
theoretical perspective, while most of the audit committee members we interviewed appeared committed to substantive monitoring of financial reporting, our
interviews reveal a wide range of audit committee practices and attitudes. Because
of the mix of substantive and ceremonial practices (which, overall, are weighted
more toward substantive oversight), it appears that neither agency theory nor institutional theory fully explains our results, as is the case in Kalbers and Fogarty 1998
and Nicholson and Kiel 2007. Accordingly, we believe that additional theoretical
work should further examine the role of the audit committee.
Our results can be viewed in the context of earlier governance frameworks.
First, Cohen et al. (2004) describe the central parties in the corporate governance
mosaic as the audit committee, intemal auditor, extemal auditor, management,; and
the board. In many cases, we find evidence of frequent, meaningful interactions
among these parties. Such interaction appears to be critical to effective audit committee oversight. In addition, DeZoort et al. (2002) assert that audit committee
effectiveness is a function of audit committee composition, authority, resources,
and diligence. Our interviews reveal that financial expertise (composition) is
receiving a great deal of attention in the post-SOX environment. In addition, some
of the interviews highlight the importance of the audit committee asserting its
authority (e.g., to tmly oversee the extemal or intemal auditor), having access to
key intemal and extemal parties (resources), and spending the.time to fully review
information (diligence). Overall, we believe that the substantive audit committee
processes presented in the paper fit into previous governance frameworks in the
academic literature quite well.
Our study is subject to certain limitations. First, our participant group is
convenience-based and may reflect more active and engaged audit committee
members than is typical. This limits the extent to which our results necessarily generalize to all U.S. public companies. Second, we cannot be certain that the audit
committee members were always candid in their responses. However, we believe
this risk is quite low. There is substantial variability among our respondents in all
six process areas, and the quotes included throughout the paper speak to the level
of candor that was evident throughout the interview process. Third, given the tense,
almost fearful, nature of the U.S. corporate govemance environment in the immediate post-SOX period, we deemed it infeasible to tape record the interviews (see
Nicholson and Kiel 2007 for a similar approach) and provide exact quotes from the
interviewees. However, we took extensive steps to ensure that we accurately captured, transcribed, coded, and analyzed the information received from the audit
committee members, and we did not find the note-taking process to be difficult. We
113
do not believe that the study's conclusions have been affected by our data collection method.
We encourage research on four broad issues related to audit committees. First,
Kalbers and Fogarty (1998) encourage efforts to combine elements of agency theory
and institutional theory to promote our understanding of the audit committee, and
we echo this recommendation. In our view, much of the tension between a substantive versus ceremonial role for the audit committee derives from management's
attitude about governance and monitoring. Many of our interviewees indicated that
they carefully assess management's commitment to governance as they evaluate
potential board opportunities. The audit committee members' goal is to avoid associating with managers who want the board and audit committee to be ceremonial.
If management and the other directors take governance seriously, then there is significant potential for the audit committee to function as an effective, independent
monitor through its formal and informal processes. Conversely, if management
does not take governance seriously, then it may be difficult to attract vigilant board
members, such that the audit committee's role is primarily ceremonial and built
around over-reliance on management. We encourage additional research and theory
development on the role of management's attitude toward governance in influencing the substance of governance processes.
Second, our study represents a positivist approach to the audit committee
process, in which we generalize results across contexts and attempt to identify the
prevailing reality and its correspondence to a particular theory. This approach is in
contrast to such studies as Gendron and Bédard 2006 (212) that use a social
constructivist approach, "predicated on the point of view that 'reality' is socially
constructed and that the main task of social scientists consists of analyzing the process by which perceptions of reality develop". We encourage additional research
and theory development using a variety of approaches.
Third, our results are consistent with previous studies highlighting the importance of informal interactions and communications in accomplishing the audit
committee's objectives (Gendron and Bédard 2006; Spira 2002; Turley and Zaman
2007). and we find significant variability in audit committee processes. We encourage additional researcb on the relation between audit committee formal and informal
processes and financial reporting and governance outcomes. Of particular importance is whether variations in process are associated with variations in financial
reporting and governance outcomes, above and beyond previously documented
relations between audit committee characteristics and financial reporting outcomes.
Finally, our study examines audit committee practices as of 2004-5, but we
cannot rigorously assess changes in audit committee processes over time. Longitudinal research on audit committee processes could provide important insights into
audit committee isomorphism, specifically to what extent audit committee processes are becoming more homogeneous over time, and if so, why this occurs.
Beyond research on these four broad issues, we encourage additional research
on certain audit committee process areas that we examine in this study. First, our
results suggest that some audit committee members look to intemal and extemal
auditors as having primary responsibility for fraud prevention and detection.
CAR Vol 26 No. 1 (Spring 2009)
114
Research may be needed to determine whether this view of delegated fraud oversight impacts audit committee effectiveness. Also, more research is needed to
understand what factors improve an audit committee's ability to identify and
respond to high-risk fraud conditions. Although prior research documents an
inverse association between the independence of audit committees and financial
reporting problems (e.g., Abbott et al. 2004), little is known about specific audit
committee procedures (e.g., brainstorming — American Institute of Certified Public Accountants [AICPA] 2005) that might help the audit committee to identify
high-fraud risk conditions.
'•
Second, more research is needed to identify whether there are behavioral characteristics observable by audit committees that might signal a lack of management
integrity. Research is needed to identify whether certain personal characteristics,
training, or backgrounds could increase an audit committee member's ability to
identify deficient management integrity.
Finally, our results highlight the often nebulous, informal nature of internal
audit oversight by the audit committee and management (i.e., intemal audit is overseen by two parties). Research is needed to examine the effects of various internal
audit oversight arrangements on the audit committee's effectiveness and access to
objective information about company risks and controls.
In addition to the research implications highlighted by our results, there; are
many aspects of the audit committee process that remain to be examined using
interview-based research. Among the research questions that could be addressed in
future studies are the following: (a) How broadly do audit committee members
define their financial reporting oversight responsibilities (e.g., with respect to eamings guidance and other communications with the investment community)?
(b) What processes do audit committee members use to evaluate intemal control
material weaknesses and related remediation efforts? (c) What steps do audit committee members take to resolve auditor-management accounting disagreements?
and (d) How do audit committee members evaluate the efforts (audit scope) of
extemal and intemal auditors?22
The role and responsibilities of the audit committee have expanded draniatically in this decade, and a small body of research is emerging that examines: the
processes audit committees use to monitor the financial reporting process. We hope
that our results will provide researchers with useful insights and will prompt additional research and theory development.
r
115
Appendix: Research questions in audit committee process areas
Process area 1: Acceptance and continuance due diligence processes
RQ #1
RQ #2
What steps do directors take before agreeing to join a company's board
and before agreeing to remain on a board?
Why would a director decline to serve on a board or leave an existing
board?
Process area 2: Selection of audit committee nominees
RQ #3
How are directors identified to serve on a corporate board, and why are
they asked to join the audit committee?
Process area 3: Audit committee meeting processes
RQ #4 How often do audit committees meet, for how long, and which groups
are included in meetings?
RQ #5 How, when, and by whom are the agendas for audit committee meetings
prepared?
RQ#6
Who determines the information included in the information packet
received before committee meetings, when is the information packet
received, what information is included in the packet, how do audit committee members review the information, and what are they looking for as
they review the infonnation?
RQ #7 What types of information do audit committee members receive between
meetings, from whom is this information received, and how often is
information received?
Process area 4: Audit committee oversight of the financial reporting process
RQ #8
RQ #9
What financial reporting risk areas are reviewed by the audit committee?
What is the nature of the audit committee's involvement in reviewing the
compatiy's accounting policies and accounting estimates/judgments/
assumptions?
RQ#10 What is the nature of the audit committee's involvement in reviewing
alternative accounting treatments available under GAAP?
RQ #11 How does the audit committee assess the risk of fraudulent financial
reporting, including how it assesses management's integrity and interacts with the internal and extemal auditors in making this assessment?
Process area 5: Oversight of the internal and external audit processes
RQ#12 What is the nature of the audit committee's interaction with internal
audit (hiring and firing authority, setting budgets and scope of work,
reporting relationships, and meeting frequency and type)?
RQ #13 What is the nature of meetings and other communications between the
audit committee and the extemal auditor?
RQ #14 What types of purchases of nonaudit services are approved by the audit
committee, what factors are considered by the committee before approving
116
the purchase of nonaudit services, and are there any allowable nonaudit
services that the audit committee would not purchase?
Process area 6: Other audit committee
RQ #15
RQ #16
RQ#17
RQ #18
RQ #19
RQ #20
activities
How, and to what extent, does the audit committee benchmark its practices
against "best practices"?
How, and to what extent, is the audit committee involved in reviewing
the company's code of conduct?
On an overall basis, how comfortable is the audit committee that it
understands the company's key financial reporting risks?
]
How do audit committee members evaluate the strength of intemal control?
What do audit committee members view as their most important task in
fulfilling their responsibilities?
What do audit committee members view as the most important personal
attribute/characteristic needed to be an effective audit committee member?
Endnotes
1. Resource dependence theory does not appear to be consistent with the audit
committee's monitoring role under SOX, and it is unlikely that stewardship theory is
consistent with audit committee skepticism. Also, in the post-SOX era, it is unlikely
that managerial hegemony is the prevailing view of audit committees, although this
theory is similar to institutional theory in some respects.
2. Similarly, Gibbins, Salterio, and Webb (2001) report that auditors perceive that audit
committee quality varies widely across companies.
3. KPMG (2003b) identifies the following elements of the audit committee process:
(a) audit committee organization and operation, (b) risk assessment, (c) intemal control
over financial reporting, (d) audit processes, (e) financial reporting, (f ) continuous'
improvement, and (g) audit committee reporting.
4. Some of our interview questions were suggested by Doug Carmichael and Tom Ray,
the former chief auditor and current chief auditor, respectively, of the Public Company
Accounting Oversight Board. These questions were added to our script in August 2004
and were asked of 31 of the interviewees.
5. One person had just retired from audit committee service prior to the interview, and
one interviewee served on the audit committee of a mutual fund, which is subject to
SEC regulation.
6. Given the method used to contact potential interviewees, it is not possible to detemiine
how many people were invited to participate, but chose not to do so. Eor example, two
chapters of professional organizations solicited volunteers from their membership, but
we do not know how many audit committee members were contacted (or exactly how
many audit committee members are in the chapters). In terms of one-on-one
invitations, the vast majority of individuals agreed to the interview. We do not have
close personal or business ties to any of the interviewees.
7. Although in-person interviews might be preferable, it was prohibitively costly to travel
to each city to interview every audit committee member. We believe that the nature of
the responses we received from the interviews conducted by phone was similar to that
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
117
of the responses received from the interviews conducted in person. Conducting
approximately 50 percent of our interviews by phone is consistent with the existing
literature. For example, Graham et al. (2005) conducted 70 percent of their interviews
with CFOs by phone.
Seven of our 42 interviews were conducted solely by one of the authors. This was
sometimes due to an earlier interview running much longer than expected, such that
only one author was available to start the next interview.
In cases where a graduate student was used to create our second set of interview notes,
the author present at the interview reread the typed notes to ensure that they were
consistent with the handwritten notes taken during the interview by the graduate
student.
Per Gibbins et al. 1990, a word or phrase is significant if it succinctly captures aspects
of audit committee processes, outcomes, or behaviors.
The Kappa statistic recognizes that some portion of the overall agreement percentage
could be due to chance. The Kappa statistic rescales the overall agreement
percentage to range from zero to one, such that the statistic equals zero when the
overall agreement percentage equals the expected agreement percentage (i.e., due to
chance), and the statistic equals one when the overall agreement percentage is 100
percent (Cohen 1960).
Our interviewee group is obviously>choice- (convenience-) based and may include a
self-selection of more engaged audit committee members. As a result, and given the
substantial expertise in accounting and finance possessed by the interviewees, our
responses may represent what some might view as "best practices" for audit committee
oversight of the financial reporting process. Studies using randomly selected audit
committee members may find fewer or less detailed activities being performed.
Throughout the paper, we present "quotations" from audit committee members. Given
our method (no tape-recording), these quotations are careful paraphrases of the
interviewees' exact words. Thirty-nine of the 42 interviewees are represented in the
quotations.
Access to corporate boards through personal relationships with senior members of firm
management has been common in the past (Lorsch and Maclver 1989). It is important
to note that 26 of the 42 interviewees were identified to serve on the audit committee
before the recent govemance reforms (e.g., SOX). Gendron and Bédard (2006) also
find concerns regarding audit committee members' true independence.
Of the 28 individuals in Table 4 who were appointed to the audit committee as a result
of their financial expertise, 26 (93 percent) joined the board and audit committee at the
same time. This suggests that these directors were specifically targeted for audit
committee service.
Cohen et al. (2007a) document a marked increase in audit committee meetings with the
auditor pre-SOX versus post-SOX.
We conduct exploratory analyses to examine the relation between (a) the extensiveness
of meeting packet review and (b) audit committee members' prior experience with
company management and other board members. The extensiveness of review is
measured as high (low) if the level of review performed by the audit committee
member of the pre-meeting information packet is above (below) the median (on the
CAR Wo\. 26 No. 1 (Spring 2009)
118
basis of the number of items the audit committee member does or looks for when
reviewing the packet). Results indicate that audit committee members who have prior
experience with company management are less likely to engage in extensive review
(p = 0.06), while those members with prior experience with other board members are
more likely to engage in extensive review (p < 0.01).
'
18. The extemal auditor is required to discuss with the audit committee alternative
accounting treatments available under GAAP that have been discussed with
;
management, including the ramifications of the use of such alternative treatments and
the treatment preferred by the accounting firm (SEC 2003). It is possible that the :
auditor did not discuss alternative accounting treatments available under GAAP with
management for most, if not all, of those companies where the audit committee did not
discuss this issue with the extemal auditor.
19. Beyond adhering to directors' fiduciary responsibilities, the audit committee's
regulatory duty to detect fraud is not well specified. SOX (2002) does not specifically
charge the audit committee with fraud detection, but audit committee members and
other directors can be sued or sanctioned by the SEC in cases of negligence (or more
serious departures from expected behavior).
20. In presenting these results, we are caufious when mixing personal traits and company
practices. For example, we find that older interviewees serve on audit committees that
set the meeting agenda earlier; however, we question whether this result is meaningful.
Thus, when analyzing variations based on personal characteristics, we tend to focus on
responses in process areas 1 and 2, as well as on demographic variables. When
analyzing differences based on company characteristics, we tend to focus on process
areas 3 through 6. Also, we caution the reader that the interviewees are classified into
groups based only on the one company that served as the basis for their responses.
Thus, there are cases, for example, in which an interviewee is classified as NYSE
(because the one company serving as the basis for the responses is NYSE), but the
person also serves on a NASDAQ audit committee.
21. Within the group of accounting experts, those with auditing expertise generally
provided similar responses to those without auditing expertise.
22. We thank Larry Abbott for these suggestions.
References
Abbott, L. J., S. Parker, and G. F. Peters. 2004. Audit committee characteristics and
restatements. Auditing: A Journal of Practice & Theory 23 (1): 69-87.
Agrawal, A., and S. Chadha. 2005. Corporate govemance and accounting scandals. Journal
of Law and Economics 48 (2): 371-406.
Ahrens, T., and C. S. Chapman. 2006. Doing qualitative field research in management.
accounting: Positioning data to contribute to theory. Accounting, Organizations and
Soc/eO'31 (8): 819-41.
American Institute of Certified Public Accountants (AICPA). 2005. Management override
of intemal controls: The Achilles' heel of fraud prevention. New York: AICPA.
Barreto, I., and C. Baden-Fuller. 2006. To conform or to perform? Mimetic behavior,
legitimacy-based groups and performance consequences. Journal of Management
Studies A3 (1): 1559-81.
119
Batson, N. 2003. Final report of Neal Batson, court-appointed examiner in re: Enron Corp.
(Chapter 11 case no. 01-16034) (November).
Beasley, M. S., J. V. Carcello, D. R. Hermanson, and P. D. Lapides. 2000. Fraudulent
financial reporting: Consideration of industry traits and corporate govemance
mechanisms. Accounting Horizons 14 (4): 441-54.
Bédard, J., S. M. Chtourou, and L. Courteau. 2004. The effect of audit committee expertise,
independence, and activity on aggressive eamings management. Auditing: A Journal of
Practice & Theory 23 (2): 13-35.
Blue Rihbon Committee (BRC). 1999. Report and recommendations of the Blue Ribbon
Committee on Improving the Effectiveness of Corporate Audit Committees. New York:
BRC.
Breeden, R. C. 2003. Restoring trust. Report to the Honorable Jed S. Rakoff — The United
States District Court for the Southern District of New York — on corporate govemance
for the future of MCI, Inc., August.
Carcello, J. V., D. R. Hermanson, and T. L. Neal. 2002. Disclosures in audit committee
charters and reports. Accounting Horizons 16 (4): 291-304.
Carcello, J. V., and T. L. Neal. 2000. Audit committee composition and auditor reporting.
The Accounting Review 75 (4): 453-67.
Carcello, J. V., and T. L. Neal. 2003. Audit committee characteristics and auditor dismissals
following "new" going-concem reports. The Accounting Review 1% (1): 95-117.
Cohen, J. 1960. A coefficient of agreement for nominal scales. Educational and
Psychological Measurement 20 (1): 37-46.
Cohen, J., G. Krishnamoorthy, and A. M. Wright. 2002. Corporate govemance and the audit
process. Contemporary Accounting Research 19 (4): 573-94.
Cohen, J., G. Krishamoorthy, and A. M. Wright. 2004. The corporate govemance mosaic
and financial reporting quality. Journal of Accounting Literature 23: 87-152.
Cohen, J., G. Krishnamoorthy, and A. M. Wright. 2007a. Corporate govemance and the
audit process in the post Sarbanes-Oxley era: Do auditors perceive substantive
changes? Working paper, Boston College.
Cohen, J., G. Krishnamoorthy, and A. M. Wright. 2007b. Form versus substance: The
implications for auditing practice and research of altemative perspectives on corporate
govemance. Working paper, Boston College.
Cohen, J., G. Krishnamoorthy, and A. M. Wright. 2007c. The impact of roles of the board on
auditors' risk assessments and program planning decisions. Auditing: A Journal of
Practice & Theory 26 (1): 91-112.
Cooper, D. J., and W. Morgan. 2008. Case study research in accounting. Accounting
Horizons 22 (2): 159-78.
Dacin, M. T. 1997. Isomorphism in context: The power and prescription of institutional
norms. Academy of Management Journal 40 (1): 46-81.
DeFond, M. L., R. N. Hann, and X. Hu. 2005. Does the market value financial expertise on
audit committees of boards of directors? Journal ofAccounting Research 43 (2): 153-93.
DeZoort, F. T, D. R. Hermanson, D. Archambeault, and S. Reed. 2002. Audit committee
effectiveness: A synthesis of the empirical audit committee literature. Journal of
Accounting Literature 21: 38-75.
CARYoX. 26 No. 1 (Spring 2009)
120
DeZoort, F. T., D. R. Hermanson, and R. W. Houston. 2008. Audit committee member
support for proposed audit adjustments: Pre-SOX versus post-SOX judgments.
Auditing: A Journal of Practice & Theory 27 (1): 85-104.
DiMaggio, P. J., and W. W. Powell. 1983. The iron cage revisited: Institutional isomorphism
and collective rationality in organizational fields. American Sociological Review
48 (2): 147-60.
Fama, E. F., and M. C. Jensen. 1983. Separation of ownership and control. Journal of Law
and Economics 26 (2): 301 -25.
Ferguson, A., J. R. Francis, and D. J. Stokes. 2003. The effects of firm-wide and office-level
industry expertise on audit pricing. The Accounting Review 78 (2): 429-48.
'
Fogarty, T. J., and R. K. Rogers. 2005. Financial analysts' reports: An extended institutional
theory perspective. Accounting, Organizations and Society 30 (4): 331 -56.
Francis, J. R., K. Reichelt, and D. Wang. 2006. National versus office-specific measures of
auditor industry expertise and effects on client eamings quality. Working paper, '
University of Missouri.
Gaynor, L. M., L. S. McDaniel, and T L. Neal. 2006. The effects of joint provision and
disclosure of non-audit services on audit committee members' decisions and investors'
preferences. The Accounting Review 81 (4): 873-96.
Gendron, Y., and J. Bédard. 2006. On the constitution of audit committee effectiveness.
Accounting, Organizations and Society 31 (3): 211-39.
Gendron, Y., J. Bédard, and M. Gosselin. 2004. Getting inside the black box: A field study
of practices in "effective" audit committees. Auditing: A Journal of Practice & Theory
23(1): 153-71.
Gibbins, M., A. Richardson, and J. Waterhouse. 1990. The management of corporate
financial disclosures: Opportunism, ritualism, policies, and processes. Journal of
Accounting Research 28 (1): 121-43.
Gibbins, M., S. Salterio, and A. Webb. 2001. Evidence about auditor-client management
negotiations concerning clients' financial reporting. Journal ofAccounting Research
39 (3): 535-63.
Graham, J. R., C. R. Harvey, and S. Rajgopal. 2005. The economic implications of
corporate financial reporting. Journal of Accounting and Economics 40 (1-3): 3-73.
Hirst, D. E., and L. Koonce. 1996. Audit analytical procedures: A field investigation.
Contemporary Accounting Research 13 (2): 457-86.
Jensen, M. C , and W. H. Meckling. 1976. Theory of the firm: Managerial behavior, agency
costs, and ownership structure. Journal of Einancial Economics 3 (4): 305-60.
Kalbers, L. P., and T. J. Fogarty. 1993. Audit committee effectiveness: An empirical
investigation of the contribution of power. Auditing: A Journal of Practice & Theory
12(1): 24-49.
Kalbers, L. P., and T. J. Fogarty. 1998. Organizational and economic explanations of audit
committee oversight. Journal of Managerial Issues 10 (2): 129-50.
Klein, A. 2002. Audit committee, board of director characteristics, and eamings
management. Journal ofAccounting and Economics 33 (3): 375-400.
KPMG Audit Committee Institute. 2003a. Audit Committee Quarterly (Fall). Montvale, NJ:
KPMG.
121
KPMG Audit Committee Institute. 2003b. Building a framework for effective audit
committee oversight. Montvale, NJ: KPMG.
Krishnamoorthy, G., A. Wright, and J. Cohen. 2003. Audit committee effectiveness and
financial reporting quality: Implications for auditor independence. Australian
Accounting Review 13 (29): 3-13. '
Levitt, A. 2000. Remarks before the conference on the rise and effectiveness of new
corporate govemance standards. Federal Reserve Bank of New York,
December 12.
Lorsch, J. W., and E. Maclver. 1989. Pawns or potentates: The reality of America's
corporate boards. Boston: Harvard Business School Press.
National Association of Corporate Directors (NACD). 1996. Report of the NACD Blue
Ribbon Commission on Director Professionalism. Washington, DC: NACD.
New York Stock Exchange (NYSE). 2004. NYSE corporate govemance rules (section
303A). New York: NYSE.
Nicholson, G. J., and G. C. Kiel. 2007. Can directors impact performance? A case-based test
of three theories of corporate govemance. Corporate Govemance: An Intemational
Review 15 (4): 585-608.
Paris, G. A., G. W. Savage, and R. G. H. Seitz. 2004. Report of the investigation by the
Special Committee of the Board of Directors of Hollinger Intemational Inc. (Paris
report) Greenwich, CT: Richard C. Breeden & Co.
Patton, M. W. 1990. Qualitative evaluation and research methods, 2nd ed. Newbury Park,
CA: Sage Publications.
Pomeroy, B. 2007. Audit committee member investigation of significant accounting
decisions. Working paper. University of Alberta.
Salterio, S. E., and R. A. Denham. 1997. Accounting consultation units: An organizational
memory analysis. Contemporary Accounting Research 14 (4): 669-91.
Sarbanes-Oxley Act (SOX) of 2002. 2002. Public L. no. 107-204, 116 Stat. 745.
Scheid-Cook, T. L. 1990. Ritual conformity and organizational control: Loose coupling or
professionalization? Joumal of Applied Behavioral Science 26 (2): 183-99.
Scott, W. R. 1987. The adolescence of institutional theory. Administrative Science Quarterly
32 (4): 493-511.
Securities and Exchange Commission (SEC). 2003. Final rule: Standards relating to listed
company audit committees. Release 33-8220.
Spira, L. F. 1999. Ceremonies of govemance: Perspectives on the role of the audit
committee. Joumal of Management and Govemance 3 (3): 231 -60.
Spira, L. F. 2002. The audit committee: Performing corporate govemance. London: Kluwer
Academic Publishers.
Srinivasan, S. 2005. Consequences of financial reporting failure for outside directors:
Evidence from accounting restatements and audit committee members. Joumal of
Accounting Research 43 (2): 291-334.
Turley, S., and M. Zaman. 2004. The corporate govemance effects of audit committees.
Joumal of Management and Govemance 8 (3): 305-32.
Turley, S., and M. Zaman. 2007. Audit committee effectiveness: Informal processes and
behavioral effects. Accounting, Auditing and Accountability Joumal 20 (5): 765-88.
eARVol 26 No. 1 (Spring 2009)
122
Contemporary Accounting Research..
i
United States v. Conrad Black, John Boultbee, Peter Atkinson, and Mark Kipnis {Hollinger
case). 2007. Case no. 05 CR 727 — 1, 2, 3, 5. United States District Court, Northern
District of Illinois.
.
.,
•
j
Veasey, E. N. 2005. A perspective on liability risks to directors in light of current events.
Insights: The Corporate & Securities Law Advisor 19 (2): 9-16.
|

The Audit Cotnmittee Oversight Process

Transcription

Similar documents

maryland division of financial regulation

Untitled - Caja Rural Granada

Z1000 LEAD AUDITOR 5 Days

4-D - Building an IA Function From The Ground-Up

AGM Report

How To Collate and Present Your Supporting Information

April 5, 2011 - Callaway

SBIR accounting system webinar

Business Standard Event

2015 Annual Report - Shell Employees` Credit Union