|
 |
|||||||
|
|
|
|
|||||||||||||||||
|
|||||||||||||||||||
|
|
|||
|
Reader
Profile
Editor's note: Each month, we ask a Directors & Boards reader to comment on critical issues facing directors today. If you'd like to participate in this section in the future, please email Scott Chase. What different challenges do audit committees face in small/medium companies vs. larger organizations? Larger companies typically have access to a wider array of resources to handle complex areas of accounting and financial reporting than do smaller companies. Consequently, audit committees of smaller companies have to be a little bit more diligent in making sure that their companies have a good handle on the related issues. They should be on the lookout for areas where management may need to hire or engage additional resources. In addition, smaller companies often rely heavily on direct oversight by senior management to mitigate financial reporting risks. As these companies grow there is often a point at which the management team needs to delegate responsibility and implement some additional controls. This point is often hard to see until after it has gone by. Audit committees of smaller companies should continually monitor the financial reporting risks that management feels like they control by “being on the ground,” and evaluate the potential need for additional resources commensurate with the level of growth. How has the role of the board and audit committee changed since Sarbanes-Oxley? Boards and audit committees are now setting a more healthy distance between themselves and management. It has been said that the days of board meetings being about shaking hands, smoking cigars and playing golf are over. While that is clearly an overgeneralization of the past, we are clearly seeing boards and audit committees exercise what we call a “healthy skepticism” regarding management’s activities. I stress the word “healthy” because the last thing you want is a board that approaches its duties from an adversarial position without just cause to do so. A good board and a good audit committee will give the average management team the benefit of the doubt, while at the same time being willing to ask some tough questions when necessary. What are an audit committee member's most important responsibilities? There are three things that I think make an excellent audit committee member. One is the ability to understand the accounting and financial reporting issues in the company’s industry. They don’t all have to be financial experts or former auditors, but they should have a firm grasp of the subject matter. Second, they should be able to devote a meaningful amount of time to the audit committee member role. An audit committee member I respect a great deal told me that she sets aside eight hours to prepare for each audit committee meeting, and she devotes two-to-four hours per week to each audit committee she sits on (she sits on three) reviewing financial information and brushing up on accounting and financial reporting matters in their industries. The key is to treat the role like a job and be diligent about carving out the time to be effective. Finally, I think the best audit committee members are the ones who are willing to ask the tough questions and press towards accurate and acceptable answers. I place this one last because it is entirely dependent on the first two—an educated audit committee member who devotes meaningful time to the role and is willing to press management, the internal auditors and the external auditors on tough issues will undoubtedly add value and decrease financial reporting risk in the long run. How has the relationship between the company and the external auditor changed since Sarbanes-Oxley? In the immediate aftermath of SOX the auditor-client relationship in many organizations turned sour. Auditor independence became one of several hot-button issues, and many auditors stopped communicating with their clients out of fear that they would violate the new independence requirements. At Grant Thornton, we have continually encouraged our audit partners to have open and robust dialogue with our clients regarding accounting and internal control related issues, all within the intended spirit of the independence requirements. For example, it would not be appropriate for an auditor to tell their client what debits and credits to book in order to record an acquisition. It would be appropriate, however, for management to make a good honest effort at documenting how they believe an acquisition should be accounted for, and then ask the auditor to review the material. The former would have the auditor performing bookkeeping for the client, which is wrong; but the latter is a demonstration of the client owning the accounting and the auditor adding value to the process through effective, yet independent discussion. Where do you see the governance landscape in five years? Prior to SOX we had some good information regarding what good corporate governance might look like at a high level. That guidance was present in the form of the COSO Framework, the U.K.’s Combined Code and other international governance frameworks. What we realized shortly after the passage of SOX, however, was that we actually had very little guidance about how to apply those frameworks in real life, especially in smaller organizations. As a consequence, companies and auditors gravitated towards very conservative assumptions regarding what was necessary, with little variability between companies regardless of size, industry or geography. We are now beginning to see some fruit from that effort now in the form of better guidance on what good internal controls look like in practice, rather than in theory. We have more information now than we have ever had in history regarding what works and what does not work in corporate governance. Of course we need to continue to develop that guidance, and we will. If we continue on this present course, in five years I suspect that the dust will have settled on the application of SOX 404. The cost will come down to a manageable level, and the companies who are subject to SOX will have more efficient and more reliable financial reporting processes than they do today. If that happens, the natural risk premium in the cost of capital will fall accordingly. Outside of SOX, I see boards and audit committees generally more involved in their roles today than ever before. I believe this will translate over time into better run companies that make better strategic and operating decisions. We are clearly at the beginnings of an up-tick in the quality of corporate governance. We need to be careful that we don’t go too far in terms of accepting autocratic boards that are overly focused on certain risks; but I think the marketplace will prevent that from happening. What are the hot topics in corporate governance right now? Of course the hottest topic in corporate governance right now is the cost of evaluating internal control under SOX 404, especially for smaller companies. Draft legislation is floating around Capitol Hill that would make SOX 404 voluntary for many, if not most public companies. The SEC, the PCAOB and COSO are all working on projects to make the internal control evaluation process more efficient. The SEC is developing guidance for companies on how to perform their evaluations of internal control. The PCAOB is amending the primary auditing standard (Auditing Standard No. 2) to make the audit of internal control more efficient; and COSO has recently published its comprehensive guide on what good internal controls might look like in practice for smaller public companies. All three of these efforts will undoubtedly make the overall process more efficient. Executive compensation is another hot topic today—whether you are talking about the level of compensation in relation to company performance, or equity compensation issues such as the back dating of stock options, the compensation committee of the board is under a lot of scrutiny today. In fact the Certified Equity Professional Institute at Santa Clara University has recently undertaken a project to evaluate how companies can better manage their equity compensation processes. What are the latest governance challenges that companies are facing? I think the biggest governance challenge today is keeping all of these balls in the air at the same time. We are just beginning to reach the crest of the most significant changes to corporate governance since the Securities Exchange Acts were passed in 1933 and 1934. Business is faster and more complex than ever before, as are accounting and financial reporting. Everyone wants information better, faster and cheaper. A wise man once told me that you can have any two of those three you like, but you can’t have all three. We are now getting better information today, and we are getting it faster; but it is costing a lot. The financial reporting profession needs to get that cost down, and it will with a little more time. The quality and speed of information feeds into what I believe is another major challenge for corporate governors, and that is managing risk. Executives and board members have always performed risk management, albeit usually in a rather informal way. Today, however, the external and internal threats to an organization’s business objectives seem to come more frequently and with greater magnitude than in the past. Many companies are taking a serious look at more formal enterprise-risk-management models and processes to make sure they have all of their bases covered. What is the board's role in addressing corporate fraud? Management has the primary responsibility to deter and detect fraud. That is usually done most effectively when management undertakes a good fraud risk evaluation process, which involves brainstorming about ways fraud might be committed and ensuring appropriate preventive measures are taken to address the risk. The board has two responsibilities here. One is to make sure management is doing their job and is taking fraud risk seriously. The second is to consider how management itself might commit fraud, and identify ways that risk can be mitigated. In addition to the board’s overall responsibility, the audit committee of every U.S.-registered public company is required under Sarbanes-Oxley to establish and oversee an effective whistleblower program. The Association of Certified Fraud Examiners recently released their 2006 Report to the Nation, in which they indicate that tips from informants are the number one source of fraud identification, second only to discovering fraud purely by accident. Clearly, an effective whistleblower program is important to managing fraud risk. |
|||
| R.
Trent Gazzaway is the managing partner of corporate governance at Grant
Thornton LLP, the U.S. member firm of Grant Thornton International –
one of the six global accounting, tax and business advisory
organizations. Mr. Gazzaway’s experience includes auditing public and private companies, and assisting an array of companies in the improvement and documentation of effective systems of internal control. He has also assisted large public companies in the development and execution of plans to restate their financial statements in the wake of internal control failures. Most recently, Mr. Gazzaway served as a leader in developing Grant Thornton’s national methodology for addressing the control certification and assertion requirements of Sarbanes Oxley. In addition to managing the Firm’s corporate governance practice, Mr. Gazzaway serves as a key resource in training Grant Thornton personnel to audit internal controls over financial reporting in accordance with newly established auditing standards. He is also one of four steering committee chairmen assisting in the development of the Open Compliance and Ethics Group’s framework for integrating governance, compliance, risk management, and integrity into all business processes (www.oceg.org). Mr. Gazzaway is a frequent speaker at seminars, and has authored several nationally and internationally published articles related to Sarbanes Oxley and corporate governance, including publishing Grant Thornton’s award winning quarterly CorporateGovernor newsletter. Mr. Gazzaway holds a Bachelor of Science in Business Administration and a Masters of Accounting from the University of North Carolina at Chapel Hill. He is a Certified Public Accountant and a member of the American Institute of Certified Public Accountants, the North Carolina Association of Certified Public Accountants and the Institute of Internal Auditors. He was recognized by Treasury & Risk Management magazine in 2005 as one of the “100 most influential people in finance,” and by Business Finance magazine in 2006 as one of sixty “Influencers” in finance and accounting. Copyright © 2006 Directors & Boards, P.O. Box 41966 Philadelphia, PA 19101-1966. All rights reserved. Contact the webmaster. < Privacy Notice > |
||||
