What is an audit committee?
An audit committee is a standing committee of a company’s board of directors charged with supervising the integrity of the company’s financial reporting, the quality of accounting practices, relationships with auditors, and certain compliance and risk matters. For publicly traded U.S. companies, having a qualified audit committee is a listing requirement on major exchanges.
Key definitions (short)
– Independent outside director: a board member who has no material relationship with the company that could impair impartial judgment.
– Financial expert: a director with accounting or financial experience sufficient to understand and assess financial statements and internal controls.
– External auditor: an independent accounting firm engaged to audit the company’s financial statements.
– Internal auditor: an employee or contracted function that evaluates the company’s internal controls, compliance and accounting processes.
– Proxy statement (SEC Form DEF 14A): the document filed with the SEC that discloses board and committee makeup, duties and director compensation.
How an audit committee works — core duties
– Oversee financial reporting: review quarterly and annual financial statements and disclosures before they are released to investors.
– Monitor accounting policies and estimates: assess whether accounting methods are appropriate and consistently applied.
– Supervise external auditors: select, appoint, evaluate and, if appropriate, dismiss the external audit firm; confirm independence and the absence of conflicts of interest.
– Coordinate with internal audit: receive reports from internal auditors and authorize special investigations when needed.
– Liaise with management: maintain ongoing communication with the chief financial officer (CFO), controller and other finance staff.
– Discuss risk and compliance: review regulatory compliance, financial controls and broader risk areas that affect reporting (including cyber risks).
Composition and meeting practice
– Members normally must be independent outside directors; rules require at least one director who meets the “financial expert” standard.
– The committee typically meets at least quarterly (four times per year) to review audits and related matters; more meetings are held if issues arise.
– Chairs are often accountants or former bankers, but boards sometimes appoint other financially literate directors when a CPA is not available.
– Committee service is commonly compensated in addition to a director’s base retainer (companies disclose specifics in the proxy statement).
Practical step-by-step checklist for audit committees
1. Confirm committee composition: verify independence and at least one financial expert.
2. Schedule regular meetings: plan at least four meetings annually and additional sessions for audit close periods or special issues.
3. Pre-review financials: obtain draft quarterly/annual financials and auditor letters before public release.
4. Evaluate external auditor independence: review relationships, non-audit fees, and rotation policies.
5. Review internal audit results: examine findings, remediation plans and control status.
6. Escalate investigations: authorize independent investigations (internal or external) when accounting irregularities or fraud risks are suspected.
7. Assess risk coverage: ensure cybersecurity and other emerging risks that could affect financial reporting are reviewed.
8. Report to the full board: summarize material issues, audit results and recommended actions.
9. Maintain documentation: keep minutes and records of committee deliberations and decisions.
10. Disclose per regulations: confirm committee duties and qualifications are accurately described in the proxy statement (Form DEF 14A).
Common hazards and challenges
– Scale and complexity: large multinationals have many systems and personnel, increasing the chance of reporting gaps.
–
– Geographic and regulatory fragmentation: multijurisdiction operations mean multiple accounting standards (U.S. GAAP vs. IFRS), tax regimes and local audit firms — increasing reconciliation work and oversight burden.
– Rapid regulatory and standards change: adoptions of new accounting standards, disclosure rules or sustainability reporting requirements can outpace committee preparedness.
– IT, data and systems risk: poor integrations, data lineage gaps and weak reconciliations undermine financial statement reliability.
– Overreliance on external auditors: committee must not treat the external audit as a substitute for active governance; audits provide reasonable, not absolute assurance.
– Management override and cultural risks: weak “tone at the top” or incentive structures can enable intentional misstatements.
– Related‑party transactions and conflicts of interest: these require heightened scrutiny and clear disclosure controls.
– Resource and expertise constraints: committees lacking members with accounting, audit or IT experience struggle to challenge management effectively.
– Turnover and continuity: frequent changes in CFO, CAO, head of internal audit or external audit partner reduce institutional memory and increase control risk.
– Whistleblower program weaknesses: failure to provide secure, anonymous channels and anti‑retaliation protections suppresses early detection of problems.
Mitigation checklist for audit committees (practical, repeatable steps)
1. Charter and calendar
– Maintain a written charter; review annually.
– Schedule regular meetings (e.g., quarterly + executive sessions with auditors and internal audit).
2. Composition and expertise
– Ensure at least one “financial expert” (as defined by regulators) and appropriate IT/cyber expertise or access to advisors.
3. External auditor governance
– Approve engagement, evaluate independence, review non‑audit fees and set partner rotation or tender timelines.
4. Internal audit oversight
– Approve the internal audit charter, resource plan and major findings; require remediation timelines and status reports.
5. Risk and controls coverage
– Maintain a risk map linking top risks (including cyber, fraud and revenue recognition) to audit coverage.
6. Disclosure and compliance
– Confirm committee disclosures in proxy filings and ensure SOX and other regulatory requirements are met.
7. Whistleblower and escalation
– Verify confidential reporting channels and documented procedures for investigation and escalation.
8. Training and continuing education
– Require committee members to complete annual updates on accounting standards, cyber risk and audit best practices.
9. Use of specialists
– Engage independent forensic, valuation or IT specialists when needed.
10. Documentation and KPIs
– Keep detailed minutes and track KPIs (see list below). Review and archive reports and correspondence with auditors.
Worked example — planning materiality and performance materiality (simple, illustrative)
Assumptions
– Public company with pre‑tax income of $100 million.
– Committee chooses planning materiality = 5% of pre‑tax income (a common rule of thumb; actual choice depends on judgment).
Calculations
– Planning materiality = 5% × $100,000,000 = $5,000,000.
– Performance materiality (to reduce the aggregate risk of undetected misstatements) = 75% of planning materiality = 0.75 × $5,000,000 = $3,750,000.
Interpretation
– Auditors will design procedures so that individually uncorrected misstatements are unlikely to exceed $3.75 million in aggregate. The committee should review any audit adjustments above a lower “trivial” threshold (for example, $250,000) and investigate trends of recurring adjustments.
Useful KPIs audit committees can monitor
– Number of significant audit adjustments and their dollar value.
– Open internal control deficiencies by severity and average time to remediation.
– Percentage of internal audit plan completed and % of high‑risk items audited.
– Ratio of non‑audit fees to audit fees.
– Tenure of lead audit partner and time since last auditor tender.
– Number of whistleblower reports and % investigated within required timelines.
– Cybersecurity incidents affecting financial systems and remediation status.
Final practical tips
– Adopt a “challenge but collaborate” mindset: question management assumptions, insist on documentation, and use external experts when internal capabilities are limited.
– Keep stakeholders informed: concise reporting to the full board and transparent proxy disclosures build investor confidence.
– Update the committee’s agenda yearly
– Schedule focused deep dives at least once per year: dedicate one meeting to internal controls and another to external audit/tender planning. Deep dives allow detailed testing of assumptions and allocation of time for complex topics (e.g., revenue recognition, derivatives, cybersecurity controls).
– Require periodic training for committee members: refreshments on accounting standards (GAAP/IFRS), audit quality indicators, and cyber risk. Define a minimum of 8–12 hours of structured training every two years.
– Define rotation and tender policies in the charter: specify lead audit partner rotation period (commonly 5 years in many jurisdictions) and a maximum interval before a formal audit tender (common practice: every 5–7 years). “Audit tender” = formal competitive process to select the external auditor.
– Maintain a conflicts and related‑party checklist: require management and board members to disclose related‑party transactions in advance of meetings; escalate material items for independent review.
– Use technology for continuous monitoring: implement dashboards fed by ERP or GRC (governance, risk, compliance) tools to track control exceptions, remediation status, and key audit metrics in near real time.
– Document decisions and rationale: minutes should record major judgments, dissenting views, external adviser inputs, and action owners with deadlines.
– Coordinate with other board committees: establish a standing liaison with the risk, compensation, and nominating committees to avoid siloed oversight.
Checklist: annual audit committee program (practical, step‑by‑step)
1. Prior to fiscal year start
– Approve the committee work plan and meeting schedule.
– Confirm external auditor engagement terms and non‑audit services pre‑approval policy.
2. Quarterly
– Review quarterly financial statements and key audit committee metrics.
– Track open internal control deficiencies and remediation timelines.
3. Semi‑annual
– Meet privately with the lead audit partner and the head of internal audit.
– Update the auditor independence assessment and non‑audit fees report.
4. Annual
– Conduct an annual effectiveness review of the committee (self‑assessment and external facilitator every 3–5 years).
– Oversee the external audit tender process if due.
– Approve the internal audit plan and resource requirements.
Worked numeric examples (how to compute common audit committee metrics)
– Ratio of non‑audit fees to audit fees
Formula: (Non‑audit fees / Audit fees) × 100
Example: Audit fees = $1,200,000; Non‑audit fees = $300,000
Calculation: (300,000 / 1,200,000) × 100 = 25%
Interpretation: Higher percentages can signal potential threats to auditor independence; committees often set internal thresholds (e.g., <30%).
– Time since last auditor tender
Formula: Current year − Year of last tender
Example: Last tender completed in 2016; current year 2025
Calculation: 2025 − 2016 = 9 years
Interpretation: If the committee’s policy calls for tenders every 5–7 years, a 9‑year gap indicates the need to initiate a tender.
– Percentage of internal audit plan completed
Formula: (Number of completed planned audits / Total planned audits) × 100
Example: Completed 18 of 24 planned audits → (18/24) × 100 = 75%
Sample audit committee meeting agenda (concise, one‑day)
– Opening and declarations of interest
– Private session with external auditor (no management)
– Review and approval of prior minutes and action items
– Quarterly financial statements: management presentation and discussion of significant judgments
– Internal audit report: coverage, significant findings, and remediation progress
– Internal controls update: open findings, COSO/other control framework status
– Cybersecurity and IT general controls briefing
– Auditor independence and non‑audit services review
– Risk register updates and coordination items for other committees
– Training topic (20–30 minutes)
– Executive session (committee only) and close
Red flags that require escalation (short checklist)
– Repeated, unresolved significant audit adjustments exceeding materiality.
– Auditor expresses scope limitation or declines to issue opinion.
– Sudden jump in non‑audit fees or long‑running related‑party transactions with inadequate disclosure.
– Persistent delays in remediation of high‑severity internal control deficiencies.
– Significant turnover in key finance positions without documented succession plans.
Practical templates to adopt (one‑line pointers)
– Charter: include clear authority, member qualifications, meeting frequency, and reporting lines.
– Pre‑approval policy for non‑audit services: list allowed services and thresholds requiring committee approval.
– Whistleblower escalation flowchart: timelines and roles for investigation and reporting.
– Auditor tender RFP template: scope, independence questionnaire, fee structure, and transition expectations.
Sources and further reading
– U.S. Securities and Exchange Commission (SEC) — Rules and guidance on auditor independence and committee responsibilities: https://www.sec.gov
– Public Company Accounting Oversight Board (PCAOB) — Standards and resources on audit quality and independence: https://pcaobus.org
– AICPA (American Institute of Certified Public Accountants) — Audit committee resources and best practices: https://www.aicpa.org
– Investopedia — Audit committee definition and responsibilities: https://www.investopedia.com/terms/a/audit-committee.asp
Educational disclaimer
This information is educational and does not constitute individualized investment, legal, or accounting advice. Committees should consult qualified legal and professional advisers when making governance, audit, or regulatory decisions.