By Timothy Copnell – Executive Chairman, KPMG’s UK Audit Committee Institute
Audit committees can expect their company’s financial reporting, compliance,
risk and internal control environment to be put to the test in the year ahead.
Among the key drivers and pitfalls are investor demands for transparency, technology advances and long-term economic uncertainty (with concerns about Brexit, mounting trade tensions, resurging debt and market valuations). In this article I look at just some of the issues driving the audit committee agenda and some of the questions audit committees should be asking.
Investors are demanding strong and transparent oversight of the audit relationship
Overseeing the auditor selection process, including any (mandatory) tender process and auditor independence, is a key part of an audit committee’s role – and one that continues to be driven hard by global regulators and the investment community. Regular audit tendering and rotation is already ‘business as usual’ for many audit committees, but new rules and expectations can introduce complexities that are difficult to navigate and, in some cases, will significantly impact the way audit committees operate in practice.
To ensure the auditor’s independence from management and to obtain critical judgement and insights that add value to the company, the audit committee’s direct oversight responsibility for the auditor must be more than just words in the audit committee’s terms of reference or items on its agenda.
All parties – the audit committee, external auditor and senior management – must acknowledge and continually reinforce this direct reporting relationship between the audit committee and the external auditor in their everyday interactions, activities, communications and expectations. Think about how technology innovation might drive the quality of the external audit and whether the audit firm is making the most of the opportunities available.
Technology is driving the transformation of finance functions
Technology is a driver, as well as being a potential bear trap, in other areas of audit committee oversight, too. Over the next two years, finance functions are likely to undergo the greatest technological transformation since the 90s and the Y2K ramp-up. This will present important opportunities for finance to reinvent itself and add greater value to the business. As much of finance’s work involves data gathering, audit committees should
be thinking about the organisation’s plans to leverage robotics and Cloud technologies to automate as many manual activities as possible, reduce costs and improve efficiencies. Also, how can finance use data and analytics and artificial intelligence to develop sharper predictive insights and better deployment of capital?
The finance function is well-positioned to guide the company’s data and analytics agenda – and to consider the implications of new transaction-related technologies, from blockchain to cryptocurrencies. As historical analysis becomes fully automated, the organisation’s analytics capabilities should evolve to include predictive analytics, an important opportunity to add real value. Finally, as the finance function combines strong analytics and strategic capabilities with traditional financial reporting, accounting and auditing skills, its talent and skill sets may need to change. Is finance attracting, developing and retaining the talent and skills necessary to deepen its bench strength and match its evolving needs? It is essential that the audit committee devotes adequate time to understand finance’s transformation strategy.
Brexit and mounting trade tensions are creating economic uncertainty
Major geopolitical risks are a board issue, but they can provide a challenge for audit committees, too. Take, for example, the risks and reporting consequences associated with Brexit. Not just an issue for UK companies – if you have any exposure to the UK, direct or otherwise, then your supply chain, your customer base, your taxes, tariffs or financing may be affected. With this in mind, audit committees need to really understand the potential impacts and ensure that any related disclosures are clear and company-specific.
Whatever the driver, increased uncertainty will impact company reporting and audit committees need to ensure that both the narrative disclosures and the numbers themselves are reflected correctly.
Where there are particular threats, for example the possible effect of changes in import/export taxes or delays to their supply chain, these should be clearly identified along with any actions taken (or planned) to manage the potential impact. This may mean recognising or re-measuring certain items in the balance sheet. Audit committees need to ensure sufficient information is disclosed to help users understand the degree of sensitivity of assets and liabilities to changes in management’s assumptions.
Consider the wide range of reasonably possible outcomes when performing sensitivity analysis on the cash flow projections and which should be disclosed and explained – and which, if any, have an impact on the organisation’s business model and, in extremis, the ability to continue as a going concern. Committees should also be cognisant of any changes between the balance sheet date and the date of signing the accounts, and ensure a comprehensive post balance sheet events review is factored into the year-end reporting plan in order to identify both adjusting and non-adjusting events and to make the necessary disclosures.
Newspapers and social media are highlighting lapses in corporate culture
Corporate culture is front and centre for companies, shareholders, regulators, employees and customers – as it should be for every board. Headlines of sexual harassment, bullying and other wrongdoing – with corporate culture as the culprit – have put boards and audit committees squarely in the spotlight: Where were the directors? What are they doing to fix the culture?
“The audit committee should have a laser focus on the tone set by senior management and zero tolerance for conduct that is inconsistent with the company’s values and ethical standards, including any ‘code of silence’ or omertà”
Given the critical role that corporate culture plays in driving a company’s performance and reputation – for better or, as evidenced by the #MeToo movement, for worse – boards are taking a more proactive approach to understanding, shaping and assessing corporate culture, and audit committees are playing a key role in ensuring the board has both appropriate assurance in place and regulatory compliance and monitoring programmes that are up-to-date and cover all vendors in the global supply chain, as well as clearly communicate the company’s expectations for high ethical standards.
The audit committee should have a laser focus on the tone set by senior management and zero tolerance for conduct that is inconsistent with the company’s values and ethical standards, including any ‘code of silence’ or omertà. Be sensitive to early warning signs and verify that the company has robust whistle-blower and other reporting mechanisms in place; and that employees are not afraid to use them.
Understand the company’s actual culture (the unwritten rules versus those posted on the breakroom wall); use all the tools available – surveys, internal audit, hotlines and social media. Also, walk the floors and do site visits to monitor the culture and see it in action. Recognise that the tone at the top is easier to gauge than the mood in the middle and the buzz at the bottom. How does the board gain visibility into the middle and bottom levels of the organisation? Do employees have the confidence to escalate bad behaviour and trust their concerns will be taken seriously?
Investors want confidence in the non-GAAP measures and the ‘true’ drivers of value
Non-GAAP measures are still high on the agenda of global regulators and the investor community alike. Audit committees should be having a robust dialogue with management about the process and controls by which management develops and selects the alternative performance measures it provides; also their correlation to the actual state of the business and results, and whether the alternative performance measures are being used to improve transparency and not distort the balance of the annual report.
Audit committees should also be ensuring management are giving due attention to disclosing any broader value drivers that contribute to the long-term success of the organisation. What sources of value have not been recognised in the financial statements and how are those sources of value managed, sustained, developed and communicated.
Thinking about these things is particularly important today as major investors are increasingly voicing their expectations for companies to focus on long-term value creation and the factors driving it: strategy and risk, talent, R&D investment, culture and incentives, and environmental, social, and governance (ESG) issues – particularly climate change and diversity. In his seminal ‘letter to CEOs’, BlackRock’s Larry Fink emphasised corporate purpose and a stakeholder-focussed model of governance: “Without a sense of purpose, no company, either public or private, can achieve its full potential. It will ultimately lose the license to operate from key stakeholders. It will succumb to short-term pressures to distribute earnings, and, in the process, sacrifice investments in employee development, innovation, and capital expenditures that are necessary for long-term growth.” If there is a driver for more integrated corporate reporting – where all the major sources of value generation (and destruction) are addressed – then this is it.
Think about accounting developments, but don’t forget the basics
Audit committees have to stay on top ofthe financial statements and that includes thinking about the implementation of new accounting standards. New Revenue Recognition and Financial Instrument standards were live for 2018 calendar year-end companies producing financial statements in accordance with IFRS or US GAAP; and looking forward, the new leasing standard (IFRS16) is almost here, so the impact on the business, systems, controls, disclosures, and resource requirements should be a key area of audit committee focus.
But, audit committees should be careful to ensure management do not lose sight of the basics. In times of change and uncertainty – whether due to new accounting standards or broader economic and geopolitical events, management’s attention will rightly be focussed on ensuring that there is quality disclosure around the key judgements and estimates they make in determining material matters in their reports and accounts. However, management also needs to have effective procedures in place to ensure compliance with the basic reporting requirements, which investors take as a given in audited reports and accounts. The audit committee is ideally placed to stand back and reflect on whether the financial statements are really ‘true and fair’ as the ‘public’ would expect.
Scanning the horizon for emerging risks
The audit committee should work with the internal audit function and/or risk managers to help identify the risks that pose the greatest threat to the company’s reputation, strategy and operations and help ensure that internal audit is focussed on those risks and related controls. As business environmental change accelerates, audit committees should be thinking specifically about the quality of management’s horizon scanning and those existential risks that seem to emerge where none appeared imminent even a year ago.
Question whether the internal audit plan is risk-based and flexible enough to adjust to changing business and risk conditions? Have there been changes in the operating environment? What are the risks posed by the company’s digital transformation and by the company’s extended organisation –sourcing, outsourcing, sales and distribution channels? Is the company sensitive to early warning signs regarding safety, product quality and compliance? Is internal audit helping to assess and monitor the company’s culture?
Audit committees should be setting clear expectations, but also helping to ensure that internal audit has the resources, skills and expertise to succeed and help the chief audit executive think through the impact of digital technologies on internal audit. Finally, just as technology impacts the finance function and the external audit, think about how internal audit might leverage new technology and innovation. This receives less attention than technology within the external audit but probably presents the greater opportunity to move to a continuous assurance model and enhance the quality of overall assurance.
Has it all become too much?
Finally, audit committees should take a fresh look at their agenda and workload to ensure they have the capacity and skills to oversee the ‘new’ areas finding their way to the committee’s agenda (such as cybersecurity, supply chain and other operational risks) in addition to their core oversight responsibilities (financial reporting and related internal controls, and oversight of internal and external auditors).
Do some of these new areas require more attention at the full board or perhaps at a separate board committee? Is there a need for a compliance or risk committee? Keeping the audit committee’s agenda focussed and on point will require vigilance.
About the Author:
Timothy Copnell is the Chairman of KPMG’s UK Audit Committee Institute. Timothy qualified as a chartered accountant in 1989 and joined KPMG’s Department of Professional Practice in 1993 where he took responsibility for corporate governance matters and KPMG’s non-executive programme. His role includes advising on private sector corporate governance and responding to major UK corporate governance developments. In 2004/5 Timothy was awarded the Accountancy Age ‘Accountant of the Year’ for his work with audit committees. Timothy writes regularly for various publications and is the Author of the Audit Committee Guide (ICSA 2010) and Shareholders Questions and the AGM (ICSA 2007)