Primary navigation:

QFINANCE Quick Links
QFINANCE Topics
QFINANCE Reference
Add the QFINANCE search widget to your website

Home > Auditing Best Practice > Managing the Relationships between Audit Committees and the CAE

Auditing Best Practice

Managing the Relationships between Audit Committees and the CAE

by Richard E. Cascarino

Executive Summary

  • Audit committees are a fundamental part of the proper governance of any organization, together with executive management and internal as well as external audit.

  • An audit committee can only be as effective as is permitted by the information it receives.

  • The relationship between the committee and the chief audit executive (CAE) is critical to the successful functioning of the audit committee.

  • The relationship will be effective in an environment of mutual trust and common understanding.

  • Of all the committees involved in the management and control of an organization, perhaps the audit committee has the most significant impact on the life of the CAE.

  • Although, in general, all audit committees fulfill a similar function within the organization, the nature of the organization itself can prescribe a particular emphasis in the working of the audit committee. This, in turn, affects the nature of the relationship between the CAE and the committee as a whole.

The Role of the Audit Committee

The audit committee is intended, overall, to assist an organization to achieve an effective internal control structure derived directly from the tone at the top. The authority of an audit committee is drawn from the board of directors, the rules and regulations of the organization, and any relevant governance legislation of the country or countries within which the organization operates.

This role, of necessity, involves ensuring that the risk management process remains both comprehensive and ongoing instead of the annual process that is implemented in many organizations. Corporate policies regarding legal compliance, compliance with corporate codes of conduct, and conflicts of interest must be maintained and policed. In addition, the audit committee has a duty to review both current and pending legislation as it relates to corporate governance within the country or countries wherein it operates. Communication is the key to good governance and includes ensuring that the financial statements presented to the shareholders are both understandable and reliable, and facilitating internal communication with senior management and internal audit. Communication with internal audit should go beyond the scheduled committee meetings, and the CAE should be encouraged to communicate with the chair of the audit committee directly. The audit committee, as a whole, should meet privately with the CAE at least annually to seek assurances about the independence of the internal audit function.

To ensure effective use of internal auditing, the audit committee would normally review internal audit plans as well as reports and significant findings. It would seek to ensure that internal auditing is carried out by professionals with a comprehensive understanding of the business systems and processes as well as of the corporate culture within the organization.

The audit committee relies on the internal audit function to provide objective opinions, information, and, when necessary, education to the audit committee, while the audit committee in turn will provide oversight and validation to the internal audit function. In today’s environment this could include the outsourcing or co-sourcing of all or part of the internal audit function; however, the audit committee should ensure that the role of the CAE remains within the organization itself.

Internal Audit Reporting Structure

In order to ensure transparency and to prevent undue influence internally, the Institute of Internal Auditors (IIA) recommends that the CAE maintain a dual reporting relationship. Typically, this would involve the CAE reporting to executive management at as high a level as possible for administrative purposes to ensure alignment with corporate direction, support at a managerial level, and the normal administrative support required for a staff function. The second relationship, with the audit committee, is for operational and functional purposes, to ensure that independence and objectivity is maintained. The audit function’s independence and reporting structure are normally laid out in the internal audit charter, which specifies the dual reporting structure as well as the internal auditors’ right of access to personnel and records without hindrance or impediment, a critical part of their independence. The charter would normally be signed by both the chief executive and the chair of the audit committee.

The audit committee should provide oversight, strategic direction, accountability, and enforcement where required. Part of such oversight includes ensuring that the internal audit function is properly positioned, resourced, and supported. This involves reviewing and approving:

  • the internal audit activity’s charter, and mission statement where appropriate, to ensure they meet the needs of the organization;

  • the annual work plan to ensure that all significant risk areas are being addressed and that no restrictions are placed on the scope of internal audit activities;

  • the resources, skill levels, and budget to ensure that the work plan is achievable within the appropriate time;

  • internal audit activities, performance, and recommendations.

At the same time, the audit committee is responsible for providing input into the appointment, dismissal, evaluation, compensation, and succession planning of the CAE. This is a critical activity of the audit committee since the CAE will, of neccessity, have a high degree of interaction with the audit committee. The committee will typically seek to ensure that candidates for a CAE position have distinguished themselves professionally. They would normally have an advanced degree, the appropriate professional designation, and several years experience in an audit supervisory role. Typical professional designations could include the Certified Internal Auditor (CIA), Certified Government Auditing Professional (CGAP), Certified Financial Services Auditor (CFSA), or Certified Information Systems Auditor (CISA) among others.

The committee is also responsible for ensuring that a continuous quality assurance and improvement program exists within internal audit and that full disclosure of the results be made to the audit committee.

Back to Table of contents

Further reading

Books:

  • Braiotta, Louis, Jr, R. Trent Gazzaway, Robert Colson, and Sridhar Ramamoorti. The Audit Committee Handbook. 5th ed. Hoboken, NJ: Wiley, 2010.
  • Burke, Frank M., and Dan M. Guy. Audit Committees: A Guide for Directors, Management, and Consultants. 3rd ed. New York: Aspen Publishers, 2004.
  • Cascarino, Richard E., and Sandy van Esch. Internal Auditing: An Integrated Approach. 2nd ed. Lansdowne, South Africa: Juta Academic Publishers, 2006.
  • Moeller, Robert. Brink’s Modern Internal Auditing. 7th ed. Hoboken, NJ: Wiley, 2009.
  • Ruppel, Warren. Not-for-Profit Audit Committee Best Practices. Hoboken, NJ: Wiley, 2005.

Articles:

  • Collier, Paul Arnold. “Audit committees in major UK companies.” Managerial Auditing Journal 8:3 (1993): 25–30.
  • Goodwin, Jenny. “The relationship between the audit committee and the internal audit function: Evidence from Australia and New Zealand.” International Journal of Auditing 7:3 (November 2003): 263–278. Online at: dx.doi.org/10.1046/j.1099-1123.2003.00074.x

Reports:

  • Australian National Audit Office. “Public sector audit committees.” February 2005. Online at: tinyurl.com/6fo5xwz
  • Blue Ribbon Committee on Improving the Effectiveness of Corporate Audit Committees. “Report and recommendations of the blue ribbon committee on improving the effectiveness of corporate audit committees.” New York Stock Exchange and National Association of Securities Dealers, 1999.
  • European Corporate Governance Institute (ECGI). “Institutional position paper: a benchmark for audit committees.” November 2002. Online at: www.ecgi.org/codes/documents/auditcom_final_paper.pdf
  • Institute of Internal Auditors. “Chief audit executive (CAE) reporting lines.” Practice Advisory 1110-2. December 2002.
  • Institute of Internal Auditors. “Relationship with the audit committee.” Practice Advisory 2060-2. December 2002.
  • Institute of Internal Auditors. “A global summary of the Common Body of Knowledge 2006.” Online at: www.theiia.org/research/common-body-of-knowledge/

Websites:

Back to top

Share this page

  • Facebook
  • Twitter
  • LinkedIn
  • Bookmark and Share