pwc audit committe charter

Audit CommitteesGood practices for meeting market expectations

2nd edition

Audit CommitteesGood practices for meeting market expectations

www.pwc.com/corporatereporting

PricewaterhouseCoopers (www.pwc.com) is the worlds largest professional servicesorganisation. Drawing on the knowledge and skills of more than 124,000 people in 142countries, we build relationships by providing services based on quality and integrity.

2003 PricewaterhouseCoopers. All rights reserved. PricewaterhouseCoopers refers tothe network of member firms of PricewaterhouseCoopers International Limited, each ofwhich is a separate and independent legal entity.

2nd edition

Preface

Audit committees do not prepare financial reports. And audit committees donot conduct external audits. But they have an essential part to play inensuring the integrity and transparency of corporate reporting. The marketnow expects that published information has been subject to objective,board-level review.

Thousands of pages of rules on corporate governance have now been issued.However, the regulations seldom provide helpful guidance on how thecommittee should go about its work. What knowledge or experience isrequired? Which areas should it focus on? How should its activities becommunicated?

This booklet is designed to assist committee members in answering thesequestions. It includes our view of good practices, together with the latestrequirements, from over 40 major countries.

We encourage you to consult with PricewaterhouseCoopers on any of theissues raised in this publication.

Audit Committees Good practices for meeting market expectations 2nd edition

PricewaterhouseCoopers 1

J. Frank BrownGlobal Leader,Assurance and Business Advisory ServicesJuly 2003

This booklet was researched and prepared by Graham Gilmour and Sukhumaporn Wong-Ariyaporn ofPricewaterhouseCoopers Global Corporate Reporting Group, with the assistance of partners and staffin our offices in more than 40 countries around the world.

Contents

Page

Executive summary 4

Why Audit Committees matter 6

A common-sense set of skills 7

World markets 8

The future 9

Organisation of the Audit Committee 10

Single and two-tier board structures 10

Charter 12

Table: Example audit committee charter 13

Membership 17

Independent directors 18

Financial expertise 19

Meetings 21

New members getting started 23

Table: Orientation information for new committee members 24

Oversight responsibility for financial reporting 25

Risk and controls 25

Financial reporting 28

Table: Reviewing financial statements 31

Regulatory, compliance and ethical matters 33

Working with Auditors 35

External auditors 35

Table: What you should expect from your auditors 41

Internal auditors 42

Communicating and reporting 44

Working with management 44

Reporting to boards and shareholders 45

Table: Illustrative contents of committee report 46

Maintaining and measuring effectiveness 47

Training needs 47

Evaluating performance 48

Table: Work programme and self-assessment guide 49

Appendices

Detailed requirements in 41 major countries 55

Stock exchange requirements overview 63

UK Combined Code requirements audit committees 64

US Sarbanes-Oxley Act and NYSE rules: selected provisions 66

Audit Committees Good practices for meeting market expectations 2nd edition


Executive summary

Audit Committees GoodPractices for Meeting MarketExpectations was firstpublished in May 1999. Thisedition reflects the evolvingrole of the audit committeeand latest good practices for example the need forappropriate financial expertise,greater emphasis on training,and review of performance.An expanded sectionsummarising the auditcommittee requirements in 41major countries is provided.The appendices also includethe latest influentialpronouncements on auditcommittees from the UK and USA.

Why AuditCommitteesmatter(pages 6 to 9)

The audit committee is an essentialpart of the corporate reportingprocess. Its primary responsibilityis to oversee on behalf of the boardthe integrity of the financialreporting controls and proceduresimplemented by management, toprotect the interests of shareholdersand other stakeholders. Newregulatory pronouncements andrequirements in many countrieshave served to re-emphasise theimportance of objective oversightof financial reporting.

Organisation ofthe AuditCommittee(pages 10 to 24)

The audit committee should bewell prepared to undertake itsduties. A clear, well-written charterhelps the committee and others tounderstand its role andresponsibilities. All members of thecommittee should have appropriatequalities and skills, if they are toadd value. Ideally, all should beseen to be independent ofmanagement. They should alsohave appropriate financialexpertise. Meetings should be heldat relevant times throughout theyear, supported by good agendapapers. New members shouldreceive induction training andbackground information on thebusiness.

Oversightresponsibility forfinancialreporting (pages 25 to 34)

The committees key task is toensure the integrity of publishedfinancial information. Thus, it needsto understand the whole financialreporting process. This starts withthe procedures for managingfinancial risks and the internalfinancial controls (for example overrecording of data) implemented bymanagement. The committeeshould review each set of draftfinancial statements prior to

publication and discuss thosestatements with management andthe auditors. (Some illustrativequestions for reviewing financialstatements are provided on page31). In addition, the committeeshould consider legal, regulatoryand ethical matters that have apotential financial impact.

Working withAuditors(pages 35 to 43)

The audit committee should be theprimary focus for the companysrelationship with the externalauditors. It should makerecommendations to the board forthe appointment of the auditors,agree the audit fees, review thescope of work, and hold privatemeetings with the auditors todiscuss their findings. Thecommittee should also review withthe external auditors theirindependence. Where a companyhas an internal audit function, thecommittee should similarly reviewits capabilities, qualifications,resources, scope of work, andfindings.

Executive summary

4 PricewaterhouseCoopers

Communicatingand reporting(pages 44 to 46)

The committee needs to have aconstructive working relationshipwith management, and shouldrequest presentations andinformation from management onspecific issues. In most countries,the committee works underdelegated authority from andshould report to the main boardof directors or supervisory board.Increasingly, good practice is forthe committee to report on behalfof the board to the shareholders,either at the general meeting or inthe annual report. A suggested listof contents for a written report isprovided on page 46.

Maintaining andmeasuringeffectiveness(pages 47 to 54)

In a fast-changing environment,all audit committee members needto update their knowledge andawareness (particularly of financialaccounting standards and widerreporting issues) on a regular basis.The committee should alsoevaluate regularly its performanceagainst its responsibilities, as set outin its charter. This assessment cantake place on an individual basis,and/or collectively for thecommittee as a whole. A suggestedwork programme and self-assessment guide is included onpage 49 to help committees.

Overview ofareas of focusAn overview of the auditcommittees main areas ofresponsibility, and issues relevantto each area, is shown below. It may be used as a template fordiscussion, to highlight particularkey areas for each committee toaddress.

Executive summary


Financial reporting Appropriateness of accounting policies Disclosure requirements Fairness and balance of MD&A/

operating review GAAP conversion

External audit

Appointment and remuneration

Scope of work Independence requirements Significant audit findings/

recommendations Reviewing the performance of

external auditors

Internal audit

Charter,authority and

resources Scope of work Internal audit effectiveness Responses to internal audit

recommendations

Maintaining & measuring effectiveness

Training needs Maintaining financial

literacy Annual performance

evaluation of audit committee

Communicating & reporting

Relations with management

Updates & recommendations to the full board

Reports to board and shareholders

Regulatory, compliance & ethical matters

Effectiveness of system for ensuring compliance with laws and regulations

Code of conduct/ethics Whistleblowing

Risk management & internal control

Understanding key risk areas Effectiveness of controls

Fraud risk

Audit committees:areas of focus

Why Audit Committees matter

Audit committees play avaluable role througheffective and informedoversight in helping to ensuremarket confidence in high-quality financial reporting. Webelieve that every companylisted on world equity marketsshould aim to have an auditcommittee or equivalent bodywith the type of good practicefeatures described in thisbooklet.

Shareholders also have aresponsibility to take an activeinterest in the governancearrangements of the companies theyinvest in. Where there is no auditcommittee or equivalent strongindependent element on the board,investors should be asking questionsof management.

The corporatereporting supplychainThe audit committee has becomean essential part of what issometimes referred to as thecorporate reporting supply chain.Each group in the chain hasdistinctive roles and responsibilitiesin relation to providing financialinformation to the market, asshown by the diagram above.

Management is responsible for theday-to-day operations and businessprocesses that deliver value forshareholders. The boards role is tochallenge the strategy and businessdecisions taken by executivemanagement; and to ensure thatappropriate policies and systemsare in place to control the business.To be effective, there should be anindependent element on the board individuals able to exerciseobjective judgement and askdifficult questions of management.

The role of the independent externalauditor is to give assurance to theshareholders on the fair presentationof the financial statements preparedby management and approved bythe board.

The Audit Committee acommittee of the main board actingunder delegated authority provides key linkages betweeneach of these groups. It can easethe pressure on a busy boardbecause it is able to take more timeto address financial reporting andinternal control issues. And, byproviding a primary focus fordiscussions with the internal andexternal auditors, it enables bothsets of auditors to enhance theirindependence.

For the supply chain to workeffectively, each group needs tolive up to its responsibilities.



Creating value

Business processes

Financial information and controls

Setting policy

Approve thefinancial statements

Appointment ofaudit committee

Review integrityof the financial statements and annual report

Assurance to board of directors and shareholders

Institutional and other shareholder involvement

Balanced reporting by media and analysts

Regulatory monitoring

Corporate reporting supply chain

Management Board ofdirectors

Independentexternal auditor

and auditcommittee

Regulators,investors and other

stakeholders

A common-sense set of skillsSome of the most important recentrecommendations on auditcommittees are set out in theappendices to this booklet (theyinclude those arising from the UKSmith Report, one of the mostwide-ranging reviews exclusivelyfocussed on the role of the auditcommittee). They re-emphasise thekey attributes that audit committeesshould have if they are to performtheir role effectively. Takentogether, they provide a common-sense set of fundamentals thatcould apply to most companiessituations:

Committee members who areindependent and add value to company decision-making

Candid discussions withmanagement and externalauditors regarding the quality of financial reporting andcompliance with standards

Effective communication andinformation flow withmanagement and the auditors

A key role in monitoring thecomponent parts of the auditprocess, and helping to ensurethe auditors independence.

Even more important, perhaps, arethe recommendations aimed atenhancing the professionalism ofaudit committees equipping themto do their job:

Committee members to havespecific skills, particularly infinancial matters

Training of members, both oninduction and throughout theirterms of office

Regular reviews of auditcommittee effectiveness.

The key to building increasedconfidence in financial reportinglies in high-quality people beinginvolved in the review process.That means independently-mindeddirectors on audit committees, andhigh-quality auditors able to drawon top-quality multidisciplinaryexpertise.

The principles highlighted aboveare developed in later sections ofthis booklet.



The audit committee has a keyrole to play in the relationshipbetween the executive managersand the external auditor We recommend the EuropeanCommission include provisionson the role and responsibilitiesof audit committees...

High Level (Winter) Group of EU Company Law Experts, final report, November 2002

Requirements for audit committees

Mandatory requirement for listed companies (existing or proposed)

Comply or explainrequirement

Option under the law or voluntary coderecommendation

Alternative structures(eg supervisory board)

No requirement as yet

20%(8)

7%(3)

39%(16)

7%(3)

27%(11)

(From 41 surveyed countries)

World marketsUntil as recently as a decade ago,audit committees were found inonly a handful of the largest capitalmarkets. Now, as the chart on thispage shows, they are a regularfeature in a majority of the worldsmajor economies. Auditcommittees are, or are soon tobecome, a mandatory requirementin 16 countries. A further 14countries have either a comply orexplain requirement or the option,under either the law or a voluntarycode, to establish an auditcommittee. (Details of the specificrequirements in each country arecontained in the Appendix onpages 55 to 62.)

The trend is expected to continue.As leading companies adopt therecommendations contained in thelatest influential pronouncements,those practices may be expected tospread to other territories andcompanies not yet covered bysimilar rules or codes of practice.

Government authorities, regulatorsand international bodies (forexample, IOSCO and the OECD)have indicated that they view auditcommittees as a potentiallypowerful tool that can enhance thereliability and transparency offinancial information. The mostsignificant push towards auditcommittees may be yet to come.

The European Commission hasindicated that it will adoptrecommendations on the role ofindependent directors and auditcommittees. That will send apowerful signal to the markets thatgovernance responsibilities arebeing taken seriously in the 25member states of an enlargedEuropean Union.

The purpose of the guidance in thisbooklet is not to suggest that theapproach taken in any particularcountry should be followedelsewhere. Its more modest aim issimply to share good practice.There is no one size fits allsolution, since the role and detailedresponsibilities of the auditcommittee will vary depending onthe circumstances of each company.



MandatoryOption under

requirement for Comply orthe law or

AlternativeNo requirement

listed companies explainvoluntary code

structuresas yet

(existing or requirementrecommendation

(eg supervisory

proposed)board)

Argentina Germany Belgium Austria LuxembourgAustralia (1) South Africa Brazil Chile NorwayCanada United Kingdom Czech Republic China TaiwanHong Kong France DenmarkIndia Greece FinlandIndonesia Italy HungaryIreland Japan PolandKorea Netherlands (2) PortugalMalaysia RussiaMexico SwedenNew Zealand SwitzerlandSingaporeSpainThailandTurkeyUSA

1) Only for those top 500 listed companies in the Australian Stock Exchange. 2) New draft proposals envisage a comply or explain requirement.

The futurePricewaterhouseCoopers views onhow corporate reporting maydevelop in the next decade are setout in our recent book BuildingPublic Trust The Future ofCorporate Reporting.* The bookproposes a model for corporatetransparency based on three tiersof information:

Financial information, based onglobally-accepted accountingprinciples and standards

Industry-specific information,based on agreed industrystandards

Company-specific informationsuch as strategy, riskmanagement practices,compensation policies, corporategovernance, and performancemeasures.

The information published bycompanies in each of these areaswill increasingly be analytical andqualitative, rather than simplyquantitative.

When shareholders andstakeholders have this enhancedinformation set, they will be betterable to properly value and assessthe companies they invest in anddo business with.

As companies public reportingbegins to reflect more of theseelements, the audit committee islikely to assume an even moreimportant role. Some auditcommittees already review theother information published bycompanies alongside theirfinancial reports.

The range of skills and experienceof audit committee members mayneed to evolve to enable them tounderstand how the businessgenerates this wider set of data.Other committees, for example risk,environmental, compensation andgovernance committees, may becreated to deal with specific areas.But the audit committee will still beresponsible for ensuring that all thefinancial aspects are reported in abalanced and understandable way.



* Building Public Trust The Future of Corporate Reporting by Samuel A. DiPiazza and Robert G. Eccles is published by John Wiley & Sons and is availablethrough your nearest PricewaterhouseCoopers office.

Organisation of the Audit Committee

The legal or regulatoryrequirements for an auditcommittee vary betweencountries in some they aremandatory for listedcompanies, in othersvoluntary. In addition, theresponsibilities of each auditcommittee differ, dependingon local business culture andthe particular needs of thecompany.

Single and two-tier boardstructuresIn many countries where auditcommittees are found, there is asingle-tier board structure. In someof these countries (for example theUSA), the board comprises mainlynon-executive directors. In others,the board is composed of an almostequal number of executive andnon-executive members. The auditcommittee is a committee of themain board, and its members aredrawn from the non-executivedirectors on the board.

Two-tier board structures areadopted in some markets, eitherbecause the law requires it or on avoluntary basis. Our survey ofcountries on page 55 shows thatthese structures are most commonlyfound in Continental Europe, forexample in Germany and theNetherlands.

These structures consist of aManagement Board responsible forday-to-day operations, and aSupervisory Board mainlyresponsible for overseeingmanagement and the strategy of thecompany. Members of thesupervisory board are nominated

by the shareholders in the general meeting. Under the co-determination laws of somecountries, a proportion of themembers must be representativesof the employees. Other membersmay represent key shareholders orproviders of finance.

The law usually prescribes certainresponsibilities for the supervisoryboard, including, in some cases,responsibility for financial reportingmatters. In these countries,membership of the audit committeeis logically drawn from thesupervisory board. Depending onlocal laws and circumstances, thesupervisory board could form aseparate audit committee drawnfrom its members. Alternatively,the whole supervisory board couldbe designated as the auditcommittee.

Some other countries, such asJapan, have alternative structuressuch as a board of statutoryauditors, that performs oversightresponsibilities in relation to thedirectors.

The key requirement regardlessof structure is that there should beappropriate independent directorinvolvement in the review of thecompanys financial reports and theprocesses and controlsunderpinning those reports.



Irrespective of how the functions ofthe audit committee are organised,there are several steps that can betaken that will contribute to itseffectiveness, including:

Establishing a writtencharter/terms of reference

Selecting appropriately qualifiedcommittee members

Defining the roles andresponsibilities of the chairman

Considering the perceivedindependence of committeemembers

Determining the term of office ofcommittee members

Appropriately schedulingmeetings

Providing high-quality meetingpapers on a timely basis

Ensuring that sufficient resourcesand professional advice areavailable to the committee

Providing an orientation for newcommittee members.

Each of these aspects is discussedin the following pages.



Sony has chosen, according to the amendedJapanese Commercial Code,to abolish its current Boardof Statutory Auditors andestablished Nomination,Audit and CompensationCommittees as of June 2003at its shareholders meeting. These committees arecomposed of a majority ofoutside directors

Sony Corporation, June 2003

CharterAudit committees should have awritten charter (or terms ofreference) that provides a clearunderstanding of the committeesrole, structure, processes, andmembership requirements. A well-written, detailed charter willprovide a framework for thecommittees organisation andresponsibilities that can be referredto by the board, committeemembers, management andexternal and internal auditors. The audit committee should, atleast annually, review the charterand recommend or proposechanges to the board for approval.

Consideration should be given tomaking the charter available toshareholders, perhaps by inclusionin the annual report. In somecountries, companies must disclosewhether the audit committee has awritten charter.

The committees charter shoulddefine:

Overall purpose and objectives

Authority

Organisation membership,qualification, size, term of office

Meetings of the committee frequency, participants anddocumentation

Roles and responsibilities

Relationship with management,and external and internal auditors

Reporting responsibilities

Evaluation of the auditcommittee.

In developing a charter, it isimportant that the committeesactivities are not unduly restricted.The committees duties andresponsibilities need to be flexibleenough to allow it to operateeffectively.

Establishing a detailed, well-writtencharter will be beneficial only if theaudit committee uses it as aneffective tool. For example, thecharter should be:

Used as a guide in establishingthe committees meeting agendas

Reviewed annually in order toreflect any changes required bylaw and regulations and to ensureit responds to the changing needsof the company and the market

Used to evaluate whether thecommittee satisfied itsresponsibilities during the year

Adopted as a framework forreporting the committeesactivities to the board.

Included on the following pages isan outline of an audit committeecharter. It is presented forillustrative purposes and should betailored according to the needs ofthe company.



The audit committee should be giventhe necessary power and resourcesto meet its charter. This will includerights of access to management andto auditors (external and internal)without management present andrights to seek explanations andadditional information

Australian ASX Corporate Governance Council, March 2003

Example audit committee charter

1. Overall purpose/objectives

The audit committee is appointedby the board of directors (orsupervisory board) to assist theboard in discharging its oversightresponsibilities. The auditcommittee will oversee thefinancial reporting process toensure the balance, transparencyand integrity of published financialinformation. The audit committeewill also review: the effectivenessof the companys internal financialcontrol and risk managementsystem; the effectiveness of theinternal audit function; theindependent audit processincluding recommending theappointment and assessing theperformance of the external auditor;the companys process formonitoring compliance with lawsand regulations affecting financialreporting and, if applicable, itscode of business conduct.

In performing its duties, thecommittee will maintain effectiveworking relationships with theboard of directors, management,and the external and internalauditors. To perform his or her roleeffectively, each committeemember will need to develop andmaintain his or her skills andknowledge, including anunderstanding of the committeesresponsibilities and of thecompanys business, operationsand risks.

2. Authority

The board authorises the auditcommittee, within the scope of itsresponsibilities, to:

2.1 Perform activities within thescope of its charter.

2.2 Engage independent counseland other advisers as it deemsnecessary to carry out its duties.

2.3 Ensure the attendance ofcompany officers at meetingsas appropriate.

2.4 Have unrestricted access tomembers of management,employees and relevantinformation.

2.5 Establish procedures fordealing with concerns ofemployees regardingaccounting, internal control orauditing matters.

2.6 Establish procedures for thereceipt, retention andtreatment of complaintsreceived by the companyregarding accounting, internalaccounting controls orauditing matters.

2.7 Be directly responsible for theappointment, compensation,retention and oversight of thework of the external auditor.

2.8 Approve all audit engagementfees and terms as well asreviewing policies for theprovision of non-audit servicesby the external auditors [and,when required, the frameworkfor pre-approval of suchservices].

3. Organisation

Membership

3.1 The board of directors [orshareholders meeting] willnominate the audit committeemembers and the chairman ofthe audit committee [who isan independent director].

3.2 The audit committee willcomprise at least [number]members and [the majority of]/ [all] members shall beindependent non-executivedirectors of the company.

3.3 A quorum of any meeting willbe [number] members /[proportion] of members.

3.4 Each member should haveskills and experienceappropriate to the companysbusiness.

3.5 Each member shall befinancially literate; at leastone member must haveaccounting or relatedfinancial expertise.

3.6 Members will be appointedfor a [number] year term ofoffice.

3.7 The secretary of the auditcommittee will be thecompany secretary, or suchother person as nominated bythe board.

Meetings

3.8 Only committee members areentitled to attend meetings.The audit committee mayinvite such other persons (eg the CEO, CFO, head ofinternal audit and externalaudit engagement partner) toits meetings, as it deemsnecessary.

3.9 The external and internalauditors should be invited tomake presentations to theaudit committee asappropriate.



4. Roles and responsibilities

The audit committee will:

Internal control

4.1 Evaluate whethermanagement is setting theappropriate control cultureby communicating theimportance of internal controland management of risk.

4.2 Understand the internalcontrols systems implementedby management for theapproval of transactions andthe recording and processingof financial data.

4.3 Understand the controls andprocesses implemented bymanagement to ensure thatthe financial statementsderive from the underlyingfinancial systems, complywith relevant standards andrequirements, and are subjectto appropriate managementreview.

4.4 Evaluate the overalleffectiveness of the internalcontrol and risk managementframeworks and considerwhether recommendationsmade by the internal andexternal auditors have beenimplemented by management.

4.5 Consider how management isheld to account for thesecurity of computer systemsand applications, and thecontingency plans forprocessing financialinformation in the event of asystems breakdown or toprotect against computerfraud or misuse.

Financial reporting

4.6 Gain an understanding of thecurrent areas of greatestfinancial risk and how theseare being managed.

4.7 Review significant accountingand reporting issues,including recent professionaland regulatorypronouncements, andunderstand their impact onfinancial reports.

4.8 Oversee the periodic financialreporting processimplemented by managementand review the interimfinancial statements, annualfinancial statements andpreliminary announcementsprior to their release.

4.9 Review managementsprocess for ensuring thatinformation contained inanalyst briefings and pressannouncements is consistentwith published financialinformation, balanced andtransparent (particularyregarding GAAP vs non-GAAP data).

4.10 Meet with management andthe external auditors toreview the financialstatements, the keyaccounting policies andjudgements, and the results ofthe audit.

4.11 Ensure that significantadjustments, unadjusteddifferences, disagreementswith management and criticalaccounting policies andpractice are discussed withthe external auditor.



3.10 Meetings shall be held not lessthan [number] times a yearand should correspond withthe companys financialreporting cycle.

3.11 Special meetings may beconvened as required. Thesecretary will convene ameeting on receipt of a requestby the external or internalauditors.

3.12 The secretary shall circulatethe agenda and supportingdocumentation to the auditcommittee members areasonable period in advanceof each meeting.

3.13 The secretary of the committeeshall circulate the minutes ofmeetings to members of theboard, members of thecommittee, (and the head ofinternal audit and the externalauditor where appropriate).

3.14 As a minimum, the chairmanof the committee [or anothermember of the committee]shall attend the board meetingat which the financialstatements are approved.

3.15 Members of the auditcommittee should attend everymeeting of the committee.

3.16 The committee should meetwith in-house legal counsel ona regular basis. A meetingwith outside legal counselshould be held if it is deemednecessary.

3.17 The audit committee will meetwith the external auditors [atleast once a year] withoutmanagement present.

4.12 Review the other sections ofthe annual report before itsrelease and consider whetherthe information isunderstandable and consistentwith members knowledgeabout the company and itsoperations and lacks bias.

Compliance with laws andregulations

4.13 Review the effectiveness of thesystem for monitoringcompliance with laws andregulations and the results ofmanagements investigationand follow-up (includingdisciplinary action) of anyfraudulent acts or non-compliance.

4.14 Obtain regular updates frommanagement and companyslegal counsel regardingcompliance matters that mayhave a material impact on thecompanys financial statementsor compliance policies.

4.15 Be satisfied that all regulatorycompliance matters, related tothe business of the company,have been considered in thepreparation of the financialstatements.

4.16 Review the findings of anyexaminations by regulatoryagencies.

Working with auditors

External audit

4.17 Review the professionalqualification of the auditors(including background andexperience of partner andauditing personnel).

4.18 Consider the independence ofthe external auditor and anypotential conflicts of interest.

4.19 Review on an annual basisthe performance of theexternal auditors and makerecommendations to theboard for the appointment,reappointment or terminationof the appointment of theexternal auditors.

4.20 Review the external auditorsproposed audit scope andapproach for the current yearin the light of the companyspresent circumstances andchanges in regulatory andother requirements.

4.21 Discuss with the externalauditor any audit problemsencountered in the normalcourse of audit work,including any restriction onaudit scope or access toinformation.

4.22 Ensure that significant findingsand recommendations madeby the external auditors andmanagements proposedresponse are received,discussed and appropriatelyacted on.

4.23 Discuss with the externalauditor the appropriateness ofthe accounting policiesapplied in the companysfinancial reports and whetherthey are considered asaggressive, balanced orconservative.

4.24 Meet separately with theexternal auditors to discussany matters that thecommittee or auditors believe

should be discussed privately.Ensure the auditors haveaccess to the chairman of theaudit committee whenrequired.

4.25 Review policies for theprovision of non-audit servicesby the external auditor [andwhere applicable theframework for pre-approval ofaudit and non-audit services].

4.26 Ensure the company hasappropriate policies regardingthe hiring of audit firmpersonnel for senior positionsafter they have left the auditfirm.

Internal audit

4.27 Review the activities,resources and organisationalstructure of the internal auditfunction and ensure nounjustified restrictions orlimitations are made.

4.28 Participate in the appointment,promotion or dismissal of theinternal audit head anddiscuss with the externalauditor the standard of workof internal audit staff.

4.29 Review the effectiveness of theinternal audit function andensure that it has appropriatestanding within the company.

4.30 Meet separately with thedirector of internal audit todiscuss any matters that thecommittee or internal auditorsbelieve should be discussedprivately.

4.31 Ensure that significant findingsand recommendations made



by the internal auditors andmanagements proposedresponse are received,discussed and appropriatelyacted on.

4.32 Review the proposed internalaudit plan for the coming yearand ensure that it addresseskey areas of risk and thatthere is appropriate co-ordination with the externalauditor.

Reporting responsibilities

4.33 Regularly update the boardabout committee activitiesand make appropriaterecommendations.

4.34 Ensure the board is aware ofmatters that may significantlyimpact on the financialcondition or affairs of thebusiness.

4.35 Prepare any reports requiredby law or listing rules orrequested by the board, forexample a report on the auditcommittees activities andduties to be included in thesection on corporategovernance in the annualreport.

Evaluating performance

4.36 Evaluate the committees ownperformance, both ofindividual members andcollectively, on a regularbasis.

4.37 Assess the achievement of theduties specified in the charterand report the findings to theboard.

Review of the committee charter

4.38 Review the audit committeecharter annually and discussany required changes with theboard.

4.39 Ensure that the charter isapproved or reapproved bythe board.



MembershipThe appointment of suitablyqualified members to the auditcommittee is a critical factor for a committees performance.

The board or a nominationscommittee is usually responsiblefor appointing the audit committeemembers. The board (ornominations committee) shouldselect only those members whopossess the necessary qualificationsand experience.

Qualifications

Each member should be capable ofmaking a valuable contribution tothe committee. A diverse outlookamong members is desirable, sincea uniform point of view could leadto over-emphasis in one direction.Qualifications that each committeemember should possess include:

An attitude of mind independentfrom the companys management

Integrity

Capacity to dedicate sufficienttime and energy

Understanding of the business,its products, and its services

Knowledge of the companysrisks and controls

Ability to read or understandbasic financial statements, askpertinent questions about themand interpret and evaluate theanswers

Ability to give direct and honestopinions

Inquisitiveness and independentjudgement

Ability to offer differentperspectives and constructivesuggestions.

Newly appointed committeemembers may not initially possessall of these characteristics. Theyshould be allowed a sufficientperiod say 6 to 12 months toacquire the necessary level offamiliarity with the companysoperations.



I have in mind a person with the intelligence,experience and understanding to know the rightquestions to ask of management or the auditorsand the forcefulness and tenacity to ask a directquestion and insist on a straight answer.Ideally, all audit committee members shouldhave these qualities

US SEC Commissioner, February 2003

IndependentdirectorsThe audit committee is responsiblefor overseeing the financialreporting process and, in doing so,it may need to challenge thejudgement of management or takepositions that may be contrary tothose of management. Because ofthis oversight role, independencefrom management is an essentialquality for audit committeemembers.

A committee composed wholly ofindependent directors is optimal.In some countries, all members arerequired to be independent non-executive directors. Independentdirectors are better equipped toexpress their opinions in a free andunrestricted manner, unconstrainedby any financial ties or position inthe company.

The concept of independence is noteasy to define, though many majorinvestors and representative bodieshave developed frameworks orguidance for their own purposes. It is necessary that the board has astrong understanding of howindependence is defined and howit is perceived by the market. It isalso important that the boardsapproach to independence iscommunicated to shareholders.

To be considered independent,each member must satisfy allapplicable laws and regulationsrelating to audit committeeindependence. For example, anindependent director must be aperson other than an officer oremployee of the company or itsaffiliates, or any other individualhaving a relationship that wouldinterfere with the exercise ofindependent judgement.

Relationships that may beperceived to impair an auditcommittee members independenceinclude the following:

Current or prior employment atthe company or any of its affiliates(the period in which the prioremployment occurred can varyconsiderably it is quite common,however, for investors toconcentrate on the last threeyears)

Cross-relationships or significantlinks with other directors in othercompanies

Receipt of consulting, advisory orother compensation from thecompany (or its affiliates), exceptfor directors fees consistent withthe committee duties undertaken

Participating in the companyshare option or performance-related pay scheme

Obtaining financial assistancefrom the company in terms ofloans or advance payments otherthan on ordinary terms



Potential conflicts exist if auditcommittee members formerlywere part of the companymanagement team. Formerworking relationships may placeundue pressure on the auditcommittee to avoid asking hardquestions

OECD Second South Eastern Europe Corporate Governance Roundtable, May 2002

Being a member of the immediatefamily of the management team

Being a director or majorshareholder of a significantcustomer or supplier

Being a representative of asubstantial shareholder orprovider of finance.

The company may decide toappoint a director who has one ormore of the above relationships insome jurisdictions if the boardconsiders that membership is in thebest interests of the company and itsshareholders as a whole. In theinterests of transparency, the natureof such a relationship and thereasons for appointment should bedisclosed to the shareholders.

FinancialexpertiseIt is good practice that each memberof the audit committee should befinancially literate having theability to read and understandprimary financial statements,including a companys balancesheet, income statement and cashflow statement.

In order to conduct itsresponsibilities, committee memberswill need to give attention to matterssuch as:

GAAP and non-GAAP amounts,key performance indicators andratios

Complex and sensitive orjudgemental areas, such asfinancial instruments, accountingfor pensions and share options,business combinations andvaluation of intangible assets

In the case of companies withmultiple listings, the implicationsof preparing financial statementsunder several reportingframeworks

Moving from one reportingframework to another (forexample from national GAAP toInternational Financial ReportingStandards).

Emerging practice (and arequirement in recent US and UKpronouncements) is that at least onemember should be a financial expertwho has accounting or relatedfinancial expertise. This could havearisen through past employment infinance or accounting, aprofessional qualification inaccounting, or any othercomparable experience, for exampleas a senior officer with financialoversight responsibilities or as anauditor of a listed company.

The chairmans role

The position of committee chairmanis pivotal he or she must be thefocal point for the committeesrelations with the board, the chieffinancial officer and the internal andexternal auditors. The chairman isresponsible for the smooth runningof meetings, ensuring that the viewsof each member are heard and thatsufficient time is devoted to eachissue for discussion. The chairmanshould plan the agenda for eachmeeting in conjunction with thecommittee secretary.

In selecting a committee chairman,the board should choose someonewith strong and effective leadershipqualities and the ability to promoteeffective working relationships(among committee members andwith others such as managementand external and internal auditors).



The roles of chairman and financialexpert might in some cases becombined in one individual.However, for most committees, abetter balance of skills will beachieved by having these rolesperformed by different individuals.In these circumstances, thechairman must be properly briefedon the technical aspects to enablehim to report to the board andshareholders.

The board should periodicallyreview the mix of characteristics,experience, and skills of allcommittee members to ensure thatit continues to provide anappropriate balance.

Commitment

To fulfil their responsibilities,committee members need todedicate a significant amount oftime and energy to committeeactivities. This will includefamiliarisation with the companysbusiness and industry andpreparation for, and attendance at,meetings.

Members should strive to attendevery meeting of the committee.

The number of other directorshipsheld by committee members mayaffect the amount of time they areable to devote to audit committeeactivities. When evaluatingpotential candidates for thecommittee, boards will thereforewant to consider the number ofother directorships and committeeresponsibilities held by candidates.

Size of committee

An audit committee should be largeenough to represent a balance ofviews and experience, yet smallenough to operate efficiently.

It is now a requirement in marketssuch as the USA and UK that thecommittee should consist of nofewer than three members whoshould all be independent non-executive directors.

Earlier research byPricewaterhouseCoopers found thatin major European companies, 70%of committees had between threeand four members.

It is generally thought thatcommittees composed of three tosix members represent the optimumsize. However, the size of eachcommittee should be appropriatefor the companys circumstancesand will depend on the extent ofthe committees responsibilities.

Term of office

The number of years that membersserve on a committee varies. A common term is three years, withpossible reappointment for a secondterm, but longer terms are alsopossible. It is rare for committeemembers to rotate on an annualbasis, which is why a programmethat regularly evaluates thecommittee members performanceis useful. (See page 48.)

When determining the length oftime committee members mayserve, the board should weigh twoopposing considerations; continuityand freshness. Rapid turnover canbe detrimental to the committeeseffectiveness, since members needtime to familiarise themselves withthe companys business andfinancial reporting structure andunderstand technical issues. Onthe other hand, new members bringa fresh perspective to thecommittee. To balance theseconsiderations, the board may wishto establish staggered terms forcommittee members.



MeetingsFrequency

An audit committee should holdregular meetings and should plancarefully the timetable, agendas andparticipants.

The number of meetings thecommittee holds is influenced by itsobjectives and scope of activities,and the size and nature of thebusiness. Regular meetings providethe opportunity to review anddiscuss financial information on atimely basis. It is helpful toschedule meetings (particularlythose at which the financialstatements are reviewed) well inadvance of the corresponding boardmeeting, to allow time for dealingwith issues raised by the committee.Generally, meetings correspondwith major phases of the financialreporting, external audit, andinternal audit cycles. The chairmanof the committee should decide thefrequency and timing of itsmeetings.

Research into practice at Europeancompanies shows that auditcommittees meet, on average, threeto four times a year. However, thekey is that the number and lengthof meetings are appropriate toensure that the committee meets itsobjectives.

Participants

Members of the audit committeeshould attend all meetings of thecommittee. In addition to membersof the committee, other participantsare often present, by invitation, atmeetings. Such participants mayinclude:

The director or head of thecompanys internal audit function

The lead partner from theexternal auditors

Senior management, includingthe chief financial officer (CFO)or financial director.

Additional attendees should belimited to those who are familiarwith, or responsible for, the topicson the agenda. If necessary, theaudit committee should invite thein-house lawyer or outside legalcounsel to attend a meeting.

Where appropriate, the auditcommittee should arrange separatemeetings with management, andthe external and internal auditors.Topics for discussion withmanagement might include theevaluation of the external auditor,accounting and internal auditpersonnel. Discussions with theauditors might include thecooperation that the external andinternal auditors receive from thecompanys staff and management.



Entitled to attend

All independentnon-executive

directors (NEDs)

Attend byinvitation

CommitteeChair

Head ofInternal Audit

FinancialDirector

ExternalAuditors

Minimum 2 other Committee Members

Agenda and meeting papers

In our experience, the reaction ofmembers to the arrival of auditcommittee papers is typically Toomuch! or Too late! To maximiseeffectiveness, a detailed writtenagenda with clear supportingpapers highlighting matters fordecision should be prepared formeetings. They should bedistributed to committee membersa reasonable period in advance toallow proper consideration.

Appropriate notice should be atleast three or four working days toallow for adequate study of thepapers.

In the case of the annual financialreport, it may be appropriate toschedule two meetings one twoweeks or so before the report is dueto be released to ensure adequatetime to address fully the significantissues, and another just prior to therelease to review the final numbers.

Resources

Audit committees must have accessto the resources and informationnecessary for them to fulfil theirduties. This will mean continuingadministrative and secretarialsupport. Occasionally otherresources may be required (forexample, when conducting specialinvestigations), such as access tolegal advisers and other outsidespecialists. It should be made clearto all directors and staff that theymust fully cooperate with the auditcommittee and supply allinformation as required.

Minutes

Minutes of meetings should beprepared and sent to members ofthe committee, the board ofdirectors (and the external andinternal auditors where appropriate)on a timely basis. These, inaddition to direct reports to theboard from the chairman of theaudit committee, help keep theboard fully informed about thecommittees activities.

Best practice is that the number ofmeetings held and the number ofmembers who attended themeetings should be disclosed inthe annual report.



The committee should meet asufficient time before the resultsannouncement to enable issues tobe discussed with managementand the auditors and resolved

CEO of African company, February 2003

New members getting startedCompanies make use of executiveselection agencies to screendirectors for new positions. In thesame way, prospective auditcommittee members will want toconduct their own due diligencebefore they accept the role,particularly if they are new to theboard.

Questions prospective new boardand audit committee membersmight ask themselves about thecompany before taking on the roleinclude:

Can investors understand thecompanys governance structure?

Who are the companys principaladvisers?

How does the business make itsmoney?

Is the company clearly open,honest and transparent in itsdealings with stakeholders?

Further questions that might beasked in relation to the auditcommittee role include:

Is the committee seen asimportant internally as well asexternally?

How wide is the auditcommittees remit (too narrow ortoo broad)?

Who is the committee chairman,and how does he or she controlthe meetings?

Do the other members add valueby virtue of skills or experience,and how will I complement theseskills and experience?

Once their appointment isconfirmed, committee membersshould be provided with sufficientbackground information. Althoughthey will normally also be directorsof the board, the amount andnature of information andknowledge that will be required tofulfil their audit committee role willbe different from that necessary fortheir board functions.

The induction process should coverthe role of the audit committee,expected time commitment bymembers, overview of the businessand an introduction to thecompanys finance staff.

New members should ensure theyhave an appropriate understandingof the company, its products andservices, areas of risk, and itsinternal control and financialreporting systems. They also needto understand the requirements andobjectives of the audit committeeand so should review the charter,minutes of prior meetings and anyrecent reports made by thecommittee to the board.

On the following page is a list ofitems that new members mayconsider when familiarisingthemselves with the company.Page 47 considers the committeescontinuing need to keep up to date Maintaining and measuringeffectiveness.



Orientation information for new committee members

Management

Background and qualifications ofsenior executives and financialmanagement

An organisation chart setting outreporting lines andresponsibilities

The basis on which seniormanagement is remunerated.

The committee

The audit committees charter its role in overseeing companypolicies, financial reporting, andother special areas

Nature and timing of reportsprepared by management for thecommittee

Company staff available tosupport the audit committee

External advisers available tosupport the audit committee.

Internal auditors

The responsibilities of the internalaudit function

The number of internal auditorsand their qualifications andexperience

The committees relationship withthe internal audit department

The types of reports the auditcommittee receives from theinternal audit department

The current years internal auditplan.

External auditors

A copy of the current yearsexternal audit engagement letter

The scope of the external audit,including the current year auditplan

The committees relationshipwith the external auditors

The types and timing of reportsissued by the external auditors

Company policy with respect toengaging the auditors to provideaudit and non-audit services.



New members will needbackground information on manyareas, including:

The company

Products and services

Foreign and domestic operations

Key areas of risk and how theyare being managed

Financial and operationalcontrols, and plannedmodifications

Types of budget and managementreports produced

Key accounting policies and thereasons for their use

Key areas of concern about thefinancial position and thereported value of individualassets and liabilities

Statutory reporting and exchangelisting requirements to which thecompany is subject

Litigation and contingenciesfacing the company

Annual and interim earningstrends

The companys code of conductor business behaviour.

Oversight responsibility for financial reporting

The audit committee normallyundertakes, on behalf of theboard, responsibility forensuring the integrity of thecompanys financial reports byhaving oversight of internalcontrol, the financial reportingprocess and compliance withregulatory matters.

The specific responsibilities of eachcommittee will vary depending onthe particular circumstances of thecompany. However, in general, theaudit committee will review the:

Adequacy and effectiveness ofrisk management systems andthe companys internal controlsas they affect financial reporting

Adequacy and effectiveness ofthe system for the preparation offinancial data reported to themarket, including the annualfinancial statements and reviewof operations, and interim reports

Process for monitoringcompliance with relevant lawsand regulations, and any legalmatters that could have asignificant impact on thecompanys financial reports

Process for monitoringcompliance with any internalcode of conduct, includingprocedures for dealing withconcerns of employees andcomplaints received by thecompany regarding accountingand auditing matters.

These functions are described inmore detail below.

Risk andcontrolsRisk management

Risks are uncertain future events both positive and negative thatcould affect future cash flows,profitability, shareholders returnand the companys reputation. It isthe responsibility of the board todetermine the risk appetite of thecompany and set policy in relationto this. Managementsresponsibility is to assess what risksthe company may be exposed toand to develop procedures formanaging risk in line with boardpolicy. The audit committees roleis to review the risk profile andensure that risk managementstrategies, particularly as they affectfinancial reporting, are in place.

Risks may arise from both externaland internal factors, such as:competition and complexity of themarket; economic conditions;regulatory changes; weaknesses inthe companys business model; anddeficiencies in internal control.The audit committee should:

Discuss with the board its attitudeto risk and the policiesestablished to ensuremanagement operates withinthese parameters

Understand the companysframework for risk assessmentand management and theassignment of responsibilities

Review the companys majorfinancial risk exposures and stepstaken to monitor and controlthose risks.

In some business sectors,particularly regulated industries(for example banking, financialservices, pharmaceuticals andtransport) it is increasingly commonfor companies to establish separaterisk committees. The auditcommittee should understand therole and activities of the riskcommittee and, through the board,should ensure that it has regularcontact with the risk committee.

For risks that are accepted,management will establish acontrol system. A well-designedand implemented internal controlsystem provides the rightenvironment for the efficientrunning of an entitys operations,and will reduce the risk of financialinformation being materiallymisstated.



Internal control

The board of directors sets policyand oversees management whohave primary responsibility todesign and implement systems ofinternal control. Managementsresponsibilities include:

Establishing and maintaining anadequate internal controlstructure and procedure forfinancial reporting

Evaluating the effectiveness ofinternal control, at least on anannual basis

Identifying promptly materialweaknesses in internal controland taking corrective steps

Notifying the external auditor andaudit committee of significantinternal control deficiencies, andany instances of fraud.

The audit committee should gainan understanding of the system ofcontrols over financial reportingimplemented by management. Thisincludes controls over the integrityof the financial accounting systemsand records, and controls to ensurefair presentation and disclosure offinancial information in accordancewith standards. Where thecompany has a treasury function,the committee should alsounderstand the treasury controlsoperated by management.

The committee should obtain thisunderstanding through reports fromand discussions with management,internal audit, and the externalauditors. The audit committeeshould also understand the extentto which the external and internalauditors review controls.

The audit committees involvementis important and can help toreinforce a strong control culturein the business. Where internalcontrols are weak, the auditcommittee should require the boardto make improvements.

Where management outsources akey part of the information andcontrols system, for example to ashared service centre, thecommittee will want to ensure that

an appropriate service agreement isin place and that performance isbeing monitored. The agreementshould specify the services to beperformed (for example processingof sales and purchasing, andmaintaining financial accountingrecords,) and rights of access to andprocedures for reviewing theperformance of the provider.

In some cases, the audit committeeor management may request anindependent accountant or auditorto prepare a special report onaspects of the internal control andrisk management systems. If so,the audit committee will need tospecify the nature of theengagement and should reviewwith the independent accountantthe basis for the report.



Audit committees should, forexample, satisfy themselves thatthere is a proper system andallocation of responsibilities forthe day-to-day monitoring offinancial controls but theyshould not seek to do themonitoring themselves

UK Smith Report Audit Committees Combined Code Guidance,

January 2003

Fraud risk

Fraud risk should be a majorbusiness concern. The auditcommittee should gatherinformation from management ofthe company, external and internalauditors to enable it to:

Understand and be aware offraud risk

Ensure that the risk of fraud hasbeen communicated bymanagement

Review managements steps toimplement adequate controls tomitigate the risk of fraud.

Fraud can take the form ofmanagement fraud, employee fraudor external fraud. Managementfraud involves intentionalmisrepresentation of financialinformation or improper use of thecompanys resources by seniormanagement. Where there isdeliberate collusion bymanagement, it is unlikely thatnormal audit procedures willuncover fraud and error.

Fraudulent financial reporting is aparticular type of managementfraud that can significantly affectthe integrity of financial statementsand damage the companysreputation. In its review of periodicfinancial information, the auditcommittee should be alert toindications that fraud may bepresent.



Audit committee responsibilities...

" Evaluate whether senior management has set an appropriate control culture by establishing procedures for theassessment and management of risk

" Understand the systems of controls implemented bymanagement for the approval of transactions, recording of dataand compliance of financial statements with relevantrequirements

" Enquire whether internal control recommendations made by the external and internal auditors have been implemented by management

" In reviewing the financial statements and other financialinformation, be alert to possible indications of fraud.

FinancialreportingThe preparation of the financialstatements is a primary responsibilityof the companys management.The audit committee plays a keyrole in reviewing the financialinformation before it is published.As explained on page 19, it isimportant in order to fulfil this rolethat the committees members havea good understanding of financialaccounting. The committee willneed to consider:

Critical accounting policies,judgements and estimates appliedin the financial statements

Alternative accounting policiesapplied by peer-group companies

Quality of earnings and theimplications of exceptionaland/or non-recurring income andexpenses

The impact of business risks andsensitivities on the companysfinancial statements

Implications of expected changesin accounting policies

The impact of the companysfinancing structure on currentand future profitability

The way in which such mattersare dealt with in the companysfinancial reports.

The accounting framework

The audit committee should befamiliar with the accountingframework used by the company forits financial reporting. In most casesthis will be national GAAP generally accepted accountingprinciples the body of accountingstandards and interpretationsapproved for use in a particularcountry. Where companies raisecapital on foreign markets, they mayhave to report in accordance withmore than one GAAP, or provide areconciliation from one GAAP toanother.

In the interests of improvedcomparability, many countries areadopting International FinancialReporting Standards (IFRS). A recentstudy by the large accounting firmsrevealed that over 90% of theworlds major economies areplanning to adopt or converge withIFRS. Listed companies in theEuropean Union member states, forexample, are required to adopt IFRSin 2005.

Where appropriate, the auditcommittee needs to be familiar withthe companys transition processfrom national GAAP to IFRS. Theaudit committee members should:

Understand the wider effects onthe companys reported results ofmoving from national GAAP toIFRS

Understand the transition orconversion plan implemented bymanagement

Receive reports from, and perhapsattend meetings of, the companystransition steering group

Consider how management ispreparing in advance for themore complex areas, such asfinancial instruments, goodwilland deferred taxation.

As indicated in the section onmembership, knowledge andexperience of the relevantaccounting standards is a greatadvantage. Committee members,particularly those designated asfinancial expert, should be up-to-date with changes in regulationsand standards.

Reviewing the annualfinancial statements

The audit committee will reviewthe annual financial report andassess whether it is complete andconsistent with the informationknown to committee members. It should have enough time toconduct its review of the financialstatements and the supportingcommentary by management. The final draft of the financialstatements should be received bythe committee at least two or threedays in advance.



The audit committee should meetwith management and the externalauditors to review the annual reportand financial statements and theresults of the audit.

The type of review will vary,depending on the complexity of thecompany and its industry. It will,however, cover the selection andapplication of accountingprinciples and estimates, thepresentation of disclosures, goingconcern disclosures (if applicable),and any other matter significant tothe companys financial reportingprocess.

Significant fluctuations in resultsfrom year to year as well asvariations between actual resultsand the budget or forecast need tobe explained and understood. Thecommittee should pay particularattention to complex or unusualtransactions and to judgementalareas, particularly those areaswhere different assumptions couldhave a significant effect on thefinancial statements. Examples ofsuch areas include restructuringcharges, acquisitions, special-purpose entities, off-balance sheettransactions, derivatives, valuationand impairment of assets, warrantyobligations, environmentalliabilities or litigation provisions.

Pages 31 and 32 provide a list ofquestions that may be asked ofmanagement and the externalauditors prior to the release of theannual financial statements.




" Review significant accounting and reporting issues, including recent professional and regulatory pronouncements, and understand their impact on the financial statements

" Review schedules of adjusted and non-adjusted items and obtainexplanation from the external auditor and management as to whyerrors remain unadjusted

" Read the directors or management letter of representation to theauditors on the financial statements and consider issues addressedin the letter

" Review the financial statements and determine whether they arecomplete, reflect appropriate accounting policies, containadequate disclosure and are consistent with the informationknown to committee members

" Review other sections of the annual report, particularlymanagement commentary, and consider whether the informationis adequate and consistent with members knowledge about thecompany and its operations

" Review the results of the external audit.

Regulators in some territories (suchas the European Union) areproposing to introduce requirementsfor quarterly reporting and for reportsto be filed more quickly. Althoughthis may increase the burden of workfor the audit committee, there aresignificant benefits in the committeereviewing interim information andpreliminary announcements,including:

Enhancement of the committeesability to identify and directattention toward significant issueson a timely basis

The establishment of a regular,almost continuous, flow ofinformation from management tothe committee. Committeemembers understanding of thecompanys business will beimproved

The opportunity for the externalauditors to engage in discussionswith the committee, particularlyon matters of accounting policytreatment, at an early stage.

These benefits, of audit committeeinvolvement in reviewing otherfinancial information, might be builton further by obtaining thecommittees input on the materialused for analyst and institutionalinvestor presentations.

Where financial information of aroutine nature is produced on aregular basis, for example returns toregulators and debt circulars, thecommittee should establish protocolswith management for its review andrelease. The committee needs to besatisfied there is an appropriateprocess for its preparation, but neednot itself review every document thatis filed or published.

Ultimately, as a result of theincreased oversight by the auditcommittee, the whole financialreporting process will bestrengthened and investors interestswill be further protected.

Interim financial statementsand other published financialinformation

All financial information publishedby companies is closely scrutinisedby the investment community, andthe price of a companys stock issignificantly affected by investorsreaction to results announcements.

It is important, therefore, that theaudit committee includes bothpreliminary announcements andinterim (including quarterly)statements within its remit.




" Ascertain how management develops and summarises interim and preliminary results information, and the extent ofexternal and internal audit involvement in the review of suchinformation

" Agree with management appropriate procedures for thepreparation and review of other types of financial information,for example summary financial statements, regulatory returnsand debt circulars.

Illustrative questions for reviewing financial statements

A. Financial reporting process

What are the current areas ofgreatest financial risk, and howare these being managed?

Are the accounting systems(including controls overdisclosure, and controls overfinancial reporting processes)adequate and appropriate?

What significantrecommendations have beenmade to management (byexternal and / or internalauditors) for improvements tothe reporting process? How hasmanagement responded? Arethere any significant areas thatstill require attention?

What are the procedures formaking profit and cash flowprojections?

What evidence hasmanagement considered tosatisfy itself that the company isa going concern (that it willcontinue to operate for theforeseeable future)?

B. Accounting policies

Do significant accounting policiescontinue to be appropriate? Arethe assumptions underlying themstill valid?

Did any accounting policieschange this year? If so, for whatreasons, and what were theeffects of the changes?

What effects would any new orproposed change in generallyaccepted accounting principlesor in other regulations have onthe financial statements?

Do the financial statementscontain a clear andunambiguous reference to theaccounting framework (nationalGAAP or IFRS) adopted?

Where a new framework isadopted for the first time, haveappropriate policies anddisclosure been followed?

Were there any disagreementsbetween management and theauditors on accounting policiesor principles? Were theysatisfactorily resolved?

How do the companys policiescompare with industry norms?

Is the revenue recognitionpolicy appropriate?

Are any policies regardingcapitalisation of expenditure inaccordance with generallyaccepted accounting principles?

What are the overallimpressions of theconservativeness oraggressiveness of theaccounting policies adoptedand the underlying estimates?

C. Financial statements

Overall

Are there significantfluctuations between accountbalances in the financialstatements between current andprior periods? What causedthem?

What significant accruals oradjusting entries were made aspart of the year-end accountingprocess?

Were there any prior-periodadjustments? What were thecircumstances?

Were any significant transactionscompleted during the year that arenot evident from the financialstatements? How were theyaccounted for? Did any of thesetransactions involve related parties?

Were any significant issues raisedby management, companys legalcounsel, or outside legal counselconcerning litigation,contingencies, claims orassessments? How are suchmatters reflected in the financialstatements?

Is the company in danger of notcomplying with the provisions ofloan agreements and covenants?

Measurement and recognition

How did management satisfy itselfabout the value of long-terminvestments?

Has the company invested in anyunusual types of financialinstruments?

Has the value of marketablesecurities or other financialinstruments changed significantlysince year-end?

What other implications mightfalling equity values have (eg pension fund deficits)?

How does the average age ofaccounts receivable at year-endcompare with the preceding year?

Is the collectibility of any largereceivable amount (for example ina loan portfolio) in question?



Is there any indication thattangible or intangible assets maybe impaired?

Are revenues properly accountedfor? What about volume salesincentives and discounts?

What steps were taken todetermine obsolete or excessinventory? Were there anysignificant write-downs?

Are there government orregulatory programmes, forexample concerning theenvironment, that could adverselyaffect the value at which items arerecorded or that could requireprovision?

What are the open tax years? Arethere any significant items that areor may be in dispute?

Were there any commitments orcontingent liabilities indicatingpossible impairment of the valueof an asset or the incurrence of aliability that were not provided forin the financial statements?

Disclosures

Are there appropriate disclosuresregarding going concern issues?

Is there adequate disclosure offinancial risks?

Are all material off-balance sheettransactions, arrangements andobligations (including contingentobligations) appropriatelyaccounted for and disclosed?

Are other relationships of thecompany with unconsolidatedentities or other personsappropriately disclosed?

Are there any significant orunusual amounts due fromofficers or employees?

Are there any other significantrelated party transactions thatrequire disclosure?

Do the disclosures meet therequirements of each jurisdictionin which the financial statementsmay be filed?

D. Transparency

Is the management commentaryconsistent with the financialstatements? Is it balanced,comprehensive andunderstandable?

What significant changes havetaken place during the year in themarkets that the companyoperates in? Is this reflected inthe management commentary?

Is the funding and liquidityposition of the companyadequately explained?

Overall, does the annual report(the financial statements,operating review and other partsof the annual report takentogether) give a transparent viewof the companys performance?

Are references to non-GAAPamounts or measures appropriateand fully explained?

From a review of the financialstatements, is there anyindication of possibledeficiencies in internal control orfraud and error?

Are there any situationsdeveloping that do not require

accounting recognition ordisclosure this year, but may nextyear if conditions do not improve?

E. Questions to ask theauditors about the financialstatements

Did the actual scope of theaudit differ from pre-audit plans?Did management restrict or limitthe scope of the audit in anyway?

Did management cooperateduring the course of the auditand were you provided with allthe information and explanationsyou required without hesitation?

Was there any difficulty inobtaining written representationsfrom the board of directors orexecutive management?

Were any significant adjustmentsto the financial statements madeas a result of the audit?

Are there any unrecordedadjustments resulting from theaudit? What is the quantumeffect of these adjustments?

What are the most significantjudgemental areas in theaccounts?

Would you consider theaccounting policies prudent oraggressive?

Has management resisted anysignificant areas of disclosure?

If you had prepared thesefinancial statements yourself,what would you have donedifferently and why?



Regulatory,compliance andethical matters

Regulatory, tax and legalissues

The audit committee should alsohave oversight of the companysprocess for monitoring compliancewith laws and regulations that havea financial impact. The committeewill normally receive briefings frommanagement, such as thecompliance officer, companyslegal counsel or tax manager, togain an understanding of theprocedures designed for ensuringcompliance and for assessing thepotential impact on the companyand the financial statements. The committee should also reviewreports on the companyscompliance with financial laws and regulations.

The audit committee shouldperiodically meet with thecompanys in-house legal counsel(and if appropriate, external legaladvisers) to consider any mattersthat may have a material impact onthe company and the financialstatements.

Business ethics

There is increasing recognition thatthe reputation of a business is acritical factor in the determinationof its value. Given the increasedattention that the media, the publicand the investment community payto ethical issues, many morecompany boards are now devotingconsiderable resources to ethicalprogrammes.

One sign of the increasedimportance attached to businessethics is the adoption by manycompanies of formal codes ofconduct, which set out the boardsguidelines for acceptable businesspractices. Codes of ethics shouldbe designed to promote:

Honest and ethical conduct,including the handling of actualor apparent conflicts of interest

Full, fair, and understandabledisclosure in reports and publiccommunications

Compliance with applicablegovernmental rules andregulations

Prompt internal reporting ofviolations to an appropriateperson

Accountability for adherence tothe code.

Some companies are publishingtheir codes, so that stakeholderssuch as customers, suppliers andlocal communities can see thestandards by which the companyjudges itself.

Well-defined ethical standards andwritten guidelines for acceptablebusiness behaviour help establisha climate that encourages reliablefinancial reporting and a sense offiduciary responsibility amongemployees. The audit committeeis not normally responsible fordetermining ethical standards.That responsibility should belong tothe board as a whole. However,the board and management mayconsult the audit committee indesigning a code or setting theguidelines for business behaviour.

The audit committee will beinterested in the extent to whichethical standards are embedded inthe companys internal controland internal reporting procedures.It should also consider whethermanagement has a programme formonitoring compliance with thecode and for enforcing instancesof non-compliance.



Whistleblowing

The audit committee may beexpected to establish, or reviewsteps taken by management toestablish, whistleblowingprocedures on financial matters.Managers and employees whobecome aware of instances ofpossible financial malpracticewithin the company should have asafe channel through which toreport their concerns. The auditcommittee should ensure that anyconcerns are properly investigatedand necessary follow-up actiontaken.

The establishment of complaintshandling procedures should also beextended to financial reportingissues raised by regulatoryagencies, investors and members ofthe public. The audit committeeneeds to be satisfied that these areproperly dealt with.




" Review the systems implemented by management for monitoring compliance with financial laws and regulations

" Obtain regular updates from management regarding complianceand the results of managements investigation and follow-up ofany instances of non-compliance. Review the findings of anyexaminations by regulatory agencies

" Assess whether all legal and regulatory compliance matters havebeen considered in the preparation of the financial statements

" Review the programme for monitoring compliance with anycode of ethics, and periodically obtain updates frommanagement regarding compliance

" Ensure the company has appropriate mechanisms for dealingwith financial accounting and reporting issues raised byemployees, investors, members of the public and others.

Working with Auditors

External and internal auditorshave knowledge andexperience that can help thecommittee to perform itsactivities. To fulfil itsresponsibilities, the auditcommittee needs tocommunicate with bothgroups of auditors.

External auditorsThe objective of an external auditof financial statements is todetermine whether, in the auditorsopinion, the statements presentfairly in all material respects, orshow a true and fair view of, thecompanys financial position,results of operations, and cashflows in conformity with national orinternational generally acceptedaccounting principles.

The audit committees primaryinterest is reliable financialreporting, so communication withthe external auditors on a regularbasis is important. Discussionswith the external auditors shouldcover the following four key areas:

Service approach (the auditorsqualifications, includingindependence, to perform thework and the approach to theaudit)

Risk and controls (the key risksidentified by the auditors inrelation to the financialstatements and the companyscontrols, and the resulting auditplan and response to the risks)

Financial reporting (accountingpolicies, disclosures, andobservations on the overallquality of financial reporting)

Governance matters (mattersnoted by the auditors in thecourse of their work that theyconsider should be brought to theaudit committees attention).

The audit committee should havediscussions with the externalauditors at appropriate times duringthe year, not simply at the time ofthe completion of the annual audit.Ideally, the committee will meet atleast three or four times during theyear, to coincide with the externalreporting and audit cycles.

The committee and the externalauditors should communicate at thefollowing stages of the audit:

Pre-engagement to approve thescope of the audit service, discussthe auditors independence, andagree the audit engagement letter

Planning so that the committeecan understand the planned auditapproach

During the audit for example atthe half-year, so the committee iskept informed of significantmatters relevant to the audit

Resolution and completion to discuss the auditors findings.

In some countries, generallyaccepted auditing standardsinclude specific requirements forcommunication between theexternal auditor and the auditcommittee. The InternationalAuditing and Assurance StandardsBoard (IAASB) has also developedguidance on this InternationalStandard on Auditing (ISA) 260,Communications of Audit Matterswith Those Charged withGovernance. The standardindicates matters that, ordinarily,the external auditor should reportor discuss with the auditcommittee. These are included onpage 41, What you should expectfrom your auditors. Relevantmatters should be communicated tothe committee on a timely basis.



The diagram above shows how thecommittees experience of how theexternal audit was conducted helpsto inform its decisions about theaudit relationship for the followingyear.

The committee should meetprivately with the external auditorsat least once each year to ensurefree and open communications.The audit committee may alsoutilise the knowledge andexperience of the external auditorsby meeting with them to receiveregular updates on developmentsaffecting financial reporting.

ServiceapproachReviewing the auditorsperformance

Whether assessing the companyscurrent auditors prior toreappointment, or evaluating newones, the committee shouldconsider:

The firms professionalcapabilities, resources, andpersonnel assigned to the audit

Audit approach

The audit teams knowledge ofthe companys industry

Geographic coverage of the audit.

There are many advantages tocontinuing with a firm that isproviding good service. However, if a new firm is being considered,the audit committee shouldconsider the appointment afterconsultation with management andmake a recommendation to theboard. It is the board that normallyrecommends the appointment tothe shareholders.

The committee should also beinvolved in any decision to dismissthe external auditors. In suchcases, the committee should assureitself that the dismissal is onsubstantial grounds and not, forexample, merely because theexternal auditors took positions onaccounting issues that werecontrary to managementspreferences.



Getting started pre-engagement

Review last years external auditors performance audit team, services and fees

Discuss audit proposal service approach/strategy, terms and fees

Review auditors independence and experience of audit team

Consider engagement letter

Make proposal to board for appointment

Understanding the audit plan

Discuss and agree audit plan for current year

Understand from the auditors what to expect services, timing and reporting requirements

Consider how key risk areas will be addressed during the audit

Resolution and completion (post year-end)

Review the audited financial statements

Discuss key audit findings significant accounting policies/audit judgements/ financial reporting quality

Discuss any disagreements with management

Meet separately with external auditors

Appraise external auditors performance

Staying informed during the audit

Be aware of difficulties encountered in performing audit restrictions on access to information/management

Be informed of deficiencies in internal control/fraud/illegal acts

Be updated on matters impacting on the auditors independence

If the audit