<<

. 49
( 82 .)



>>

reliable.17

2003 Annual Proxy Statement
Audit Committee Report
Wal-Mart™s management is responsible for Wal-Mart™s internal controls and financial
reporting, including the preparation of Wal-Mart™s consolidated financial statements.
Wal-Mart™s independent auditors are responsible for auditing Wal-Mart™s annual
consolidated financial statements in accordance with generally accepted auditing
standards and ensuring that the financial statements fairly present Wal-Mart™s results
of operations and financial position. The independent auditors also are responsible
for issuing a report on those financial statements. The Audit Committee annually rec-
ommends to the Board for its approval an independent accounting firm to be Wal-
Mart™s independent auditors. Beginning with the June 6, 2003 shareholders™ meeting,
ratification of the Board™s approval of the independent auditors is being sought.
Ernst & Young LLP is Wal-Mart™s current independent auditor.18
4. Review and discuss quarterly reports from the Outside Auditor on:
(c) The internal controls adhered to by the Company, management, and the
Company™s financial, accounting and internal auditing personnel, and the
impact of each on the quality and reliability of the Company™s financial
reporting; and
6. Review and discuss with management, the Internal Auditors and the Outside
Auditor:
(e) Significant changes in accounting principles, financial reporting policies
and internal controls implemented by the Company;
9. Discuss with the Outside Auditor the matters required to be discussed by
Statement on Auditing Standards (“SAS”) No 61 relating to the conduct of the
audit. In particular, discuss:
(a) The adoption of, or changes to, the Company™s significant internal audit-
ing and accounting principles and practices as suggested by the Outside
Auditor, Internal Auditors or management; and




17
Wal-Mart Stores, Inc., 2003 Annual Report, p. 52.
18
Wal-Mart Stores, Inc., 2003 Notice of Annual Meeting of Shareholders and Proxy Statement, pp. 5“6
246 Monitoring the System of Internal Control


(b) The management letter provided by the Outside Auditor and the Com-
pany™s response to that letter.

Oversight of the Company™s Internal Audit Function
24. Communicate with management and the Internal Auditors to obtain infor-
mation concerning internal audits, accounting principles adopted by the
Company, internal controls of the Company, management, and the Com-
pany™s financial and accounting personnel, and review the impact of each on
the quality and reliability of the Company™s financial statements.
25. Evaluate the internal auditing department and its impact on the accounting
practices, internal controls and financial reporting of the Company.

Compliance Oversight Responsibilities
28. Obtain reports from management, the Company™s senior internal auditing ex-
ecutive and the Outside Auditor concerning whether the Company and its
subsidiary/foreign affiliated entities are in compliance with applicable legal
requirements and the Statement of Ethics. Obtain and review reports and dis-
closures of insider and affiliated party transactions. Advise the Board with re-
spect to the Company™s policies and procedures regarding compliance with
applicable laws and regulations and the Statement of Ethics.19

Accordingly, the audit committee should give consideration to these points:

1. Has management devised and implemented a plan of action in order to demon-
strate its compliance with applicable legislative action, such as the Foreign
Corrupt Practices Act (FCPA); the Federal Deposit Insurance Corporation Im-
provement Act (FDICIA), the Sarbanes-Oxley Act, including the SEC final
rules and the self-regulatory listing standards? (See Appendixes E and F on the
book™s website).
a. Does management understand the accounting control provisions of the
acts? Is such an understanding documented?
b. Has management documented (e.g., accounting policies and procedures
manual) the present system of internal control in view of the COSO report
and SEC final rule and Section 404 of the Sarbanes-Oxley Act?
2. Based on the independent auditor™s management letter, has management im-
plemented its recommendations for improving the system of internal control?
(For example, the chief audit executive may submit a summary report on the
follow-up action taken by management.)
3. Have the independent auditors discussed with legal counsel any reportable
conditions that are a violation of the acts? (The committee should discuss the
lawyer™s letter and the client™s letter of management representations with the
independent auditor.)
4. Has the chief audit executive supplied the necessary special reports regarding
the scope of study and evaluation of administrative controls?



19
Wal-Mart Stores, Inc., Audit Committee Charter, www.walmartstores.com. pp. 3“7.
Sources and Suggested Readings 247


In retrospect, the Public Oversight Board issued these recommendations on re-
porting on internal control:

Recommendation V-12
The SEC should require registrants to include in a document containing the annual
financial statements: (a) a report by management on the effectiveness of the entity™s
internal control system relating to financial reporting; and (b) a report by the regis-
trant™s independent accountant on the entity™s internal control system relating to fi-
nancial reporting.
Recommendation V-13
The Auditing Standards Board should establish standards that require clear commu-
nication of the limits of the assurances being provided to third parties when auditors
report on the adequacy of client internal control systems.20



SOURCES AND SUGGESTED READINGS
American Institute of Certified Public Accountants, Considerations of the Internal Control
Structure in a Computer Environment: A Case Study (New York: AICPA, 1991).
American Institute of Certified Public Accountants, Audit Guide for Consideration of the
Internal Control Structure in a Financial Statement Audit (New York: AICPA, 1996).
American Institute of Certified Public Accountants, U.S. Auditing Standards/Attestation
Standards, Vol. 1 (New York: AICPA, 2003).
Biegler, John C., “Rebuilding Public Trust in Business.” Financial Executive 45, No. 6
(June 1977), pp. 28“31.
Committee of Sponsoring Organizations of the Treadway Commission, Internal Control”
Integrated Framework (New York: AICPA, 1992).
Committee of Sponsoring Organizations of the Treadway Commission, Addendum to “Re-
porting to External Parties” (New York: AICPA, 1994).
DeZoort, F. Todd, “An Analysis of Experience Effects on Audit Committee Members™
Oversight Judgments.” Accounting, Organizations and Society 23, No. 1 (January 1998),
pp. 1“21.
Kelley, Thomas P., “The COSO Report: Challenge and Counterchallenge.” Journal of
Accountancy 175, No. 2 (February 1993), pp. 10“18.
Maher, Michael W., David W. Wright, and William R. Kinney, Jr., “Assertions-Based Stan-
dards for Integrated Internal Control.” Accounting Horizons 4, No. 4 (December 1990), pp.
1“8.
National Commission on Fraudulent Financial Reporting, Report of the National Commis-
sion on Fraudulent Financial Reporting (Washington, DC: NCFFR, 1987).



20
Public Oversight Board, A Special Report by the Public Oversight Board of the SEC Practice Sec-
tion, AICPA (Stamford, CT: POB, 1993), p. 54. As previously mentioned, the Auditing Standards
Board has issued two attestation standards that address the Public Oversight Board™s recommendation.
For an interesting discussion on the audit committee™s experience with respect to internal controls
oversight tasks, see F. Todd Dezoort, “An Analysis of Experience Effects on Audit Committee Mem-
bers™ Oversight Judgments,” Accounting, Organizations and Society 23, No. 1 (January 1998), pp. 1“21.
248 Monitoring the System of Internal Control


Public Oversight Board, A Special Report by the Public Oversight Board of the SEC Prac-
tice Section, AICPA (Stamford, CT: POB, 1993).
Sarbanes-Oxley Act of 2002, H.R. Rep. No. 107-610 (2002).
Securities and Exchange Commission, Release No. 33-8238 (Washington, DC: SEC, June
5, 2003, www.sec.gov/rules/final/33-82.htm.)
Securities and Exchange Commission, Release No. 34-47672 (Washington, DC: SEC, April
11, 2003, www.sec.gov/rules/sro/34-47672.htm), Section 303A(7)(d)(viii).
Statement on Auditing Standards No. 60, “Communication of Internal Control Structure Re-
lated Matters Noted in an Audit” (New York: AICPA, 1988).
Statement on Auditing Standards No. 78, “Consideration of Internal Control in a Financial
Statement Audit: An Amendment to SAS No. 55” (New York: AICPA, 1995).
Statement on Standards for Attestation Engagements No. 2, “Reporting on an Entity™s
Internal Control Structure Over Financial Reporting” (New York: AICPA, 1993).
Statement on Standards for Attestation Engagements No. 3, “Compliance Attestation” (New
York: AICPA, 1993).
Takacs, Joseph, “Attestation Engagements on Internal Control Structure over Financial
Reporting.” CPA Journal 63, No. 8 (August 1993), pp. 48“53.
Wallace, Wanda, A., Handbook of Internal Accounting Controls, 2nd ed. (Englewood Cliffs,
NJ: Prentice Hall, 1991).
Wal-Mart Stores, Inc., 2003 Annual Report.
Wal-Mart Stores, Inc., 2003 Notice of Annual Meeting of Shareholders and Proxy
Statement.
Wal-Mart Stores, Inc., Audit Committee Charter, www.walmartstores.com.
Chapter 9
Monitoring the Internal
Audit Function

Although references have been made to the internal audit function in the preced-
ing chapters, the major objective of this chapter is to provide guidance for the audit
committee™s ongoing appraisal of the effectiveness of the entity™s corporate audit-
ing staff. In this chapter, the audit committee will examine such matters as the
structure and organization of the auditing staff, their organizational independence,
logistical staff matters, and the quality of personnel and training. In addition, a re-
capitulation of the salient points concerning the committee™s review of this func-
tion is provided. Also, the reader should visit the Institute of Internal Auditors at
www.theiia.org for further information regarding the professional standards and
ethics of the internal auditors as well as practice advisories.


PURPOSE AND NEED FOR MONITORING
THE INTERNAL AUDIT FUNCTION
General Matters
The Institute of Internal Auditors (IIA) defines internal auditing as:

an independent, objective assurance and consulting activity designed to add value
and improve an organization™s operations. It helps an organization accomplish its ob-
jectives by bringing a systematic, disciplined approach to evaluate and improve the
effectiveness of risk management, control, and governance processes.1

As discussed in Chapter 2, the audit committee and the internal auditing group
have a logical interface, since both groups have common goals. For example, the
audit committee members are a service to the board of directors, and the internal
auditors are a service to the operating management. Both groups are engaged in an
independent assessment of the internal control, as discussed in Chapter 8 as well as
risk management and internal governance. Implicit in their ongoing appraisal of the
system of internal control is the audit committee™s monitoring of the internal audit
function. This monitoring is extremely beneficial to the board and its operating
management for the following reasons. First, the committee™s review of the inter-
nal auditing staff not only enhances the staff™s independence but also strengthens its

1
Institute of Internal Auditors, The Professional Practices Framework (Altamonte Springs, FL: IIA,
2002), p. 3.


249
250 Monitoring the Internal Audit Function


image in the corporate structure. Second, through the committee™s review of the or-
ganizational structure and scope of the entity™s internal audit function, the external
auditing fees can be minimized since the coordination of both auditing activities re-
duces the potential of either groups to be counterproductive. Third, an effective in-
ternal auditing group assists the audit committee in discharging its responsibilities
because of its limited time and oversight capacity. Thus it is evident that the com-
mittee™s oversight responsibility for the internal auditing function is within its
province to ensure that such a corporate resource is used effectively and efficiently.
Moreover, the National Commission on Fraudulent Financial Reporting has
strongly endorsed the concept of internal auditing to reduce the incidence of fraud-
ulent financial reporting:
All public companies must have an effective and objective internal audit function.
The internal auditor™s qualifications, staff, status within the company, reporting lines,
and relationship with the audit committee of the board of directors must be adequate
to ensure the internal audit function™s effectiveness and objectivity. The internal au-
ditor should consider his audit findings in the context of the company™s financial
statements and should, to the extent appropriate, coordinate his activities with the ac-
tivities of the independent public accountant.2

As the Auditing Standards Board notes:

Monitoring is a process that assesses the quality of internal control performance over
time. It involves assessing the design and operation of controls on a timely basis and
taking necessary corrective actions. This process is accomplished through ongoing ac-
tivities, separate evaluations, or by various combinations of the two. In many entities,
internal auditors or personnel performing similar functions contribute to the monitor-
ing of an entity™s activities. Monitoring activities may include using information from
communications from external parties such as customer complaints and regulator
comments that may indicate problems or highlight areas in need of improvement.
The auditor should obtain sufficient knowledge of the major types of activities the
entity uses to monitor internal control over financial reporting, including how those
activities are used to initiate corrective actions. When obtaining an understanding of
the internal audit function, the auditor should follow the guidance in paragraphs 4
through 8 of SAS No. 65, The Auditor™s Consideration of the Internal Audit Function
in an Audit of Financial Statements.3

As Curtis C. Verschoor and Joseph P. Liotta conclude:

Internal auditors should place a high priority on an in-depth review of their relation-
ships with the board of their organization. Internal auditors must not only evaluate
whether or not they are in full compliance with the recommendations of SIAS No. 7;
they should also consider ways of enhancing the quality of their relationships with
the board. Copies of SIAS No. 7 should be furnished to senior management, members


2
Report of the National Commission on Fraudulent Financial Reporting (Washington, DC: NCFFR,
1987), pp. 11“12. For further discussion of the internal audit function and chief internal auditor, see
pp. 37“39 of the Commission™s report.
3
Statement on Auditing Standards No. 78, “Consideration of Internal Control in a Financial Statement
Audit: An Amendment to SAS No. 55” (New York: AICPA, 1995), pars. 38, 39.
Purpose and Need for Monitoring the Internal Audit Function 251


of the board, and external auditors, to inform them of the new IIA reporting guide-

<<

. 49
( 82 .)



>>