. 6
( 82 .)


they devote to discussions of internal control with management and both the internal
and external auditors. Specifically, audit committees should:
• Obtain a written report from management on the effectiveness of internal control
over financial reporting (ordinarily using the criteria in the 1992 report of the
Committee of Sponsoring Organizations of the Treadway Commission [COSO]).
Annual reporting by management on internal control to the audit committee is
necessary for the effective discharge of the audit committee™s responsibilities and
will serve as a catalyst for its more substantive involvement in the area of inter-
nal control and a more meaningful dialogue with the internal and external audi-
tors about controls. It also should provide a basis for discussions about the degree
of the external auditor™s involvement with internal control during the financial
statement audit.
• Establish specific expectations with management and the internal and external
auditors about the qualitative information needs of the committee related to in-
ternal control. Particular emphasis should be given to understanding manage-
ment™s and the auditors™ views on (1) the control environment and (2) the controls
(or lack thereof) over financial reporting, with particular attention to controls in
higher-risk areas of the company™s information systems. In addition, these dis-
cussions should include the effects of technology on current and future informa-
tion systems. [pp. 32“33]
2.164 The Panel recommends that audit committees evaluate the nature of entities™
reserves and review activity in them with both management and the auditors. [p. 55]
2.219 The Panel recommends that audit committees:
• Specify in their charters and reflect in their actions, as recommended by the Blue
Ribbon Committee, “that the outside auditor is ultimately accountable to the
board of directors and the audit committee, as representatives of the shareholders,
and that these shareholder representatives have the ultimate authority and re-
sponsibility to select, evaluate, and where appropriate, replace the outside audi-
tors (or to nominate the outside auditors to be proposed for shareholder approval
in any proxy statement).”
• Develop a formal calendar of activities related to those areas of responsibility pre-
scribed in the committee charter, including a meeting plan that is reviewed and
agreed to by the entire board. The meeting plan should include communications
between the committee chair or full committee and the auditor before the release
of interim or year-end financial data. In addition, the Panel recommends a mini-
mum of two face-to-face meetings during the year with the external auditor and
at least one executive session with the internal and external auditors without man-
agement™s presence.
• Take charge of their agenda and ensure, in particular, that it focuses on, among
other matters, risks directly affecting the financial statements, key controls, in-
terim financial information, policies and practices for management™s communi-
cations with analysts, and the qualitative aspects of financial reporting.
Recent Developments in Corporate Accountability 21

• Inquire about time pressures on the auditor, including pressures on the timing of
audit procedures; the degree of management™s cooperation with the auditor; and
their potential effects on audit effectiveness.
• Review the internal and external auditors™ performance on an annual basis; exercise
responsibility, as the external auditor™s primary client, to assess the auditor™s re-
sponsiveness to the committee™s and board of directors™ expections; and be satisfied
that the auditor is appropriately compensated for performing a thorough audit.
• Require the auditor and management to advise the committee of the entity™s plans
to hire any of the audit firm™s personnel into high-level positions, and the actions,
if any, that the auditor and management intend to take to ensure that the auditor
maintains independence. [pp. 68“69]
3.54 The Panel recommends that audit committees:
• Request management to report on the control environment within the entity and
how that environment and the entity™s policies and procedures (including man-
agement™s monitoring activities) serve to prevent and detect financial statement
fraud. Such reporting should acknowledge, in explicit terms, that fraud preven-
tion and detection are primarily the responsibility of management. It also should
help audit committees assess the strength of management™s commitment to a cul-
ture of intolerance for improper conduct. Furthermore, audit committees should
seek the views of auditors on their assessment of the risks of financial statement
fraud and their understanding of the controls designed to mitigate such risks.
• Accept responsibility for ascertaining that the auditors receive the necessary co-
operation from management to carry out their duties in accordance with the
strengthened auditing standards to be developed by the ASB [Accouting Stan-
dards Board]. [p. 94]
5.30 The Panel recommends that audit committees pre-approve non-audit services
that exceed a threshold determined by the committee. This recommendation is con-
sistent with the recommendations of the Blue Ribbon Committee on Improving the
Effectiveness of Corporate Audit Committees regarding auditors™ services. The
threshold should be at a level that ensures that significant services are pre-approved,
but not so low that the committee assumes a management function.
When audit committees determine whether to approve specific non-audit services,
the Panel recommends that they consider the same guiding principle and the factors
suggested above for use by the ISB. [p. 117]18
In addition to the panel™s recommendations, Arthur Levitt issued a letter to the
chairmen of audit committees of the top 5,000 corporations. The letter is shown in
Exhibit 1.4.
In May 2002, the Business Roundtable issued a white paper, Principles of Cor-
porate Governance, with respect to how boards of directors perform their over-
sight function through the audit committee. The Business Roundtable provides
these guidelines:

• Every publicly owned corporation should have an audit committee comprised
solely of independent directors.

Panel on Audit Effectiveness, Panel on Audit Effectiveness Report and Recommendations (Stanford,
CT: POB, 2000).
22 Corporate Accountability: The New Environment

Exhibit 1.4 Chairman Arthur Levitt™s Letter to Audit Committees

Washington, DC, January 5, 2001”Securities and Exchange Commission Chairman
Arthur Levitt today sent the following letter to the audit committee chairmen of the top
5,000 public companies.

Dear Members of the Audit Committee:
Almost a year ago, the Commission, our major markets and standard setters”building
on the work of the Blue Ribbon Committee on Audit Committee Effectiveness”adopted
rules that strengthen the audit committee™s independence, and give its members the tools
and the wherewithal to fulfill their duty to the investing public. In addition, the rules im-
prove communications, through greater disclosure, among the board, outside auditors and
When auditors and the board engage in frank and meaningful discussions about the sig-
nificant, but sometimes gray areas of accounting, both the company™s and its shareholders™
interests are served. In this way, the board, including the audit committee, manage-
ment, and outside auditors, form a “three-legged stool” of responsible disclosure and ac-
tive oversight.
In recent months, the Commission and the accounting profession have been engaged in
a discussion on the vital issue of auditor independence. Among other reasons, increased
economic pressures on the profession, coupled with greater competition and consolidation,
mandated that we modernize and further clarify independence requirements. This discus-
sion has led to a combination of rules and disclosures that establish clear guidelines on the
non-audit services an auditor may provide to an audit client, as well as the meaningful in-
volvement of the audit committee in consideration of consulting services that may impair
independence. More specifically, the Commission™s rules require companies to state in
their proxy statement whether the audit committee has considered whether the provision
of non-audit services is compatible with maintaining the auditor™s independence.
In August, the Panel on Audit Effectiveness issued its final report recommending that,
among other things, audit committees obtain annual reports from mangement assessing the
company™s internal controls, specify in their charters that the outside auditor is ultimately
accountable to the board of directors and audit committee, inquire about time pressures on
the auditor, and pre-approve non-audit services provided by the auditor.
The Panel, more specifically, provided guidance an audit committee can use to deter-
mine the appropriateness of a service. This guidance includes:
1. Whether the service is being performed principally for the audit committee.
2. The effects of the service, if any, on audit effectiveness or on the quality and timeli-
ness of the entity™s financial reporting process.
3. Whether the service would be performed by specialists (e.g., technology specialists)
who ordinarily also provide recurring audit support.
4. Whether the service would be performed by audit personnel, and if so, whether it will
enhance their knowledge of the entity™s business and operations.
5. Whether the role of those performing the service would be inconsistent with the au-
ditors™ role (e.g., a role where neutrality, impartiality, and auditor skepticism are
likely to be subverted).
6. Whether the audit firm personnel would be assuming a management role or creating
a mutual or conflicting interest with management.
7. Whether the auditors, in effect, would be “auditing their own numbers.”
8. Whether the project must be started and completed very quickly.
9. Whether the audit firm has unique expertise in the service.
10. The size of the fee(s) for the non-audit service(s).
Recent Developments in Corporate Accountability 23

I encourage your audit committee to discuss the Panel™s recommendations as well as
these ten factors and consider them in relevant discussions with your auditor. The Panel™s
report can be found at www.pobauditpanel.org/. I also encourage you to read the Com-
mission™s rule release at www.sec.gov.rules/final/33-7919.htm.
During my almost eight years at the Commission, I have come to believe that one of the
most reliable guardians of the public interest is a competent, committed, independent and
tough-minded audit committee. The audit committee stands to protect and preserve the in-
tegrity of America™s financial reporting process. I encourage your committee to take every
step possible to ensure that the integrity of the financial statements, and by extension, the
interest of shareholders, remains second to none.
Arthur Levitt

Source: www.sec.gov/news.htm.

• Audit committees typically consist of three to five members. The listing standards
of the major securities markets require audit committees and require that an audit
committee have at least three members and that all members of the audit com-
mittee qualify as independent under the applicable listing standards, subject to
limited exceptions.
• Audit committee members should meet minimum financial literacy standards,
and at least one of the committee members should have accounting or financial
management expertise, as required by the listing standards of the major securities
markets. However, more important than financial expertise is the ability of audit
committee members, as with all directors, to understand the corporation™s busi-
ness and risk profile and to apply their business experience and judgment to the
issues for which the committee is responsible with an independent and critical
• The audit committee is responsible for oversight of the corporation™s financial re-
porting process. The primary functions of the audit committee are the following:
• Risk profile. The audit committee should understand the corporation™s risk
profile and oversee the corporation™s risk assessment and management
• Outside auditor. The audit committee is responsible for supervising the cor-
poration™s relationship with its outside auditor, including recommending to the
full board the firm to be engaged as the outside auditor, evaluating the auditor™s
performance, and considering whether it would be appropriate to rotate senior
audit personnel or for the corporation periodically to change its outside audi-
tor. The selection of an outside auditor should involve an annual due diligence
process in which the audit committee reviews the qualifications, work product,
independence, and reputation of the proposed outside auditor. The audit com-
mittee should base its decisions about selecting and possibly changing the out-
side auditor on its assessment of what is likely to lead to more effective audits.
Based on its due diligence, the audit committee should make an annual rec-
ommendation to the full board about the selection of the outside auditor.
24 Corporate Accountability: The New Environment

• Auditor independence. The audit committee should consider the indepen-
dence of the outside auditor and should develop policies concerning the pro-
vision of nonaudit services by the outside auditor. The provision of some
types of audit-related and consulting services by the outside auditor may not
be inconsistent with independence or the attestation function. In considering
whether the outside auditor should provide certain types of nonaudit services,
the audit committee should consider the degree of review and oversight that
may be appropriate for new and existing services. When making indepen-
dence judgments, the audit committee should consider the nature and dollar
amount of all services provided by the outside auditor.
• Critical accounting policies, judgments, and estimates. The audit committee
should review and discuss with management and the outside auditor the cor-
poration™s critical accounting policies and the quality of accounting judg-
ments and estimates made by management.
• Internal controls. The audit committee should understand and be familiar
with the corporation™s system of internal controls and on a periodic basis
should review with both internal and outside auditors the adequacy of this
• Compliance. Unless the full board or another committee does so, the audit
committee should review the corporation™s procedures addressing compliance
with the law and important corporate policies, including the corporation™s
code of ethics or code of conduct.
• Financial statements. The audit committee should review and discuss the cor-
poration™s annual financial statements with management and the outside au-
ditor and, based on these discussions, recommend that the board approve the
financial statements for publication and filing. Most audit committees also
find it advisable to implement processes for the committee or its designee to
review the corporation™s quarterly financial statements prior to release.
• Internal audit function. The audit committee should oversee the corporation™s
internal audit function, including review of reports submitted by the internal
audit staff, and should review the appointment and replacement of the senior
internal auditing executive.
• Communication. The audit committee should provide a channel of communi-
cation to the board for the outside auditor and internal auditors and may also
meet with and receive reports from finance officers, compliance officers, and
the general counsel.
• Hiring auditor personnel. Under audit committee supervision, some corpora-
tions have implemented “revolving door” policies covering the hiring of au-
ditor personnel. For example, these policies may impose “cooling off” periods
prohibiting the corporation from employing members of the audit engagement
team in senior financial management positions for some period of time after
their work as auditors for the corporation. The audit committee should con-
sider whether to adopt such a policy. Any policy on the hiring of auditor per-
sonnel should be flexible enough to allow exceptions, but only when
specifically approved by the audit committee.
• Audit committee meetings should be held frequently enough to allow the com-
mittee to appropriately monitor the annual and quarterly financial reports. For
many corporations, this means four or more meetings a year. Meetings should be
scheduled with enough time to permit and encourage active discussions with
Recent Developments in Corporate Accountability 25

management and the internal and outside auditors. The audit committee should
meet with the internal and outside auditors, without management present, at every
meeting and communicate with them between meetings as necessary. Some audit
committees may decide that specific functions, such as quarterly review meetings
with the outside auditor or management, can be delegated to the audit committee
chairman or other members of the audit committee.19

In addition to the Business Roundtable™s Principles of Corporate Governance,
both the NYSE and Nasdaq proposed new changes to their corporate governance
listing standards. The NYSE™s proposed rule changes are:

6. Add to the “independence” requirement for audit committee membership the re-


. 6
( 82 .)