An Open Letter to Audit Committee members
To: Members of the audit committee
From: Richard Chambers
Re: Reassessing your role when it comes to internal audit
Congratulations on being a member of the audit committee for your company!
Your service in this role reflects that you are a seasoned executive whose business and financial acumen places you among the elite members of your board. However, before you pat yourself on the back for the job you are doing, perhaps you should reflect on the full scope of your responsibilities.
The role of the audit committee and its value to the organization have dramatically increased in importance in the past decade. Regulators, executive management, and shareholders increasingly rely on the audit committee to provide significant direction and oversight, not just on financial controls and reporting, but also on a growing list of complex risks that challenge all modern businesses.
Your qualifications as an audit committee member likely include significant experience with, or knowledge of, financial controls and reporting. It is also likely that you are deeply familiar with the role the external auditor plays as the independent reviewer of financial statements. In fact, you probably think the oversight of the external auditors is the most important responsibility you have as an audit committee member.
It is less likely that you have a deep understanding of the internal audit function and the support it can provide to the audit committee, and management, and the value it brings to the organization. Seasoned audit committee members often describe internal audit as their “eyes and ears” in the organization, and they see the chief audit executive (CAE) as a trusted adviser who can be relied upon for valuable insight on the effectiveness of the organization’s risk management and internal controls.
If your background didn’t afford you a lot of contact with strong internal audit functions, it might be useful to review the key roles internal auditors play and the value they can bring:
Of course, these benefits and more can be realized only when the internal audit function is allowed to do its job. This will require a number of commitments from you and your fellow audit committee members. The audit committee must:
Strong audit committee members add value by asking probing questions. Not long ago, I authored a blog post on Five Questions the Audit Committee Should Ask the CAE – But Doesn’t. I would encourage you to review that list before your next meeting. Don’t be reluctant to raise these and other pertinent questions when internal audit is in the room.
The external auditors may be more important to you than the internal auditors. But consider this: the most lethal risks to shareholder value aren’t financial. They’re strategic, business, operational, and compliance risks. Guess who audits those?
Best of luck as you reassess how to get more value from your internal auditors. Please don’t hesitate to reach out to me if you have any questions.
Richard F. Chambers