Audit committee, in the real corporate world, has been existed for long time and the perception of its roles and responsibilities are evolved time-by-time. This post aims to highlight roles and responsibilities of audit committee in the past and recent years.


There were varied views on audit committee’s roles and responsibility in the United States and European Union—which then followed by the rest of the countries—before 2000s, but a certain consensus has emerged in recent years following the promotion of audit committee function in corporate governance by market regulators and professional bodies.


What is Audit Committee?

In short words, audit committee can be described as a group of minimum 3 persons who oversee quality and integrity of the company’s accounting and reporting practices.

Searching offline and online auditing literature, one may find various descriptions about audit committee. A common term consistently appeared among the descriptions is the “oversight responsibility.” Because of this oversight responsibility, audit committee members must be independent with no connection to company management.

Therefore, in longer words, an audit committee can be described as a group of minimum 3 independent directors with no connection to the company management, which are an operating component of the board of directors, with responsibility for internal controls and financial reporting oversight.

In the real corporate world, an audit committee often invites members of management or others to attend committee meetings and even to join in on the deliberations. However, any such invited outside guests cannot be full voting members. And the roles of the committee is much more than overseeing financial reporting practices, depending on sizes of the company, such as: legal and regulatory compliance; risk management, corporate governance practices.


Who Does Establish Audit Committee and How?

Audit committee is established by the board of director (BOD)—which is a formal entity given the responsibility for the overall governance of that company for its owner investors or lenders.

Because all members of the board can be held legally liable through their actions on any issue, and a board and its committees enact most of its formal business through resolutions, which become matters of company record.

The company of the board’s various committees, including the audit committee, is established through such a resolution. Such resolution is an example of corporate governance setting the rules by which a corporation operates. This type of resolution is documented in the records of the board and not generally revised unless some circumstances require a change.

While not published in annual reports and the like, the existence of appropriate board resolutions becomes issues in matters of regulation and litigation only when a board needs to rely on an authorizing resolution. After SOx became U.S. law in 2002, many corporate board audit committee–authorizing resolutions were updated to make them compliant. Otherwise, such resolutions are often almost one-time things.

Here is an example company board resolution authorizing their audit committee:


Board Resolution Example That Authorizes the Audit Committee

LDP Company Corp Board of Directors

Board Resolution No. 25, January 23, 2013

The Board of Directors authorizes an audit committee to consist of five directors who are not officers of LDP Company. The Board will designate one member of the Audit Committee as a Financial Expert, per the requirements of the Sarbanes-Oxley Act, and elect one member to serve as its chair for a term of three years. The LDP Company Chief Executive Officer may attend Audit Committee meetings as a nonvoting member at the invitation of the Audit Committee.

The LDP Company Audit Committee is responsible for:

  • Determining that LDP Company internal controls are effective and formally reporting on the status of those controls on an annual basis with quarterly updates.
  • Recommending an external auditor to be selected on an annual basis through a vote by the shareholders.
  • Taking action, where appropriate, on significant control weaknesses reported by internal audit, the external auditors, and others.
  • Approving an annual plan and budget submitted by the external auditor.
  • Approving annual audit plans to be submitted by the outside auditor as well as by internal audit.
  • Approving the appointment and ongoing service of Internal Audit’s Chief Audit Executive.
  • Approving the annual internal audit plan and recommending areas for additional internal audit work as appropriate.
  • Reviewing and distributing the audited financial statements submitted by the outside auditor.
  • Establishing an LDP Company whistleblower program that allows officers, employees, and other stakeholders to report financial accounting errors or improper actions and to investigate and resolve those whistleblower calls without any retribution to the original whistleblower.
  • Circulating a Code of Ethics to senior officers and obtaining their assent on a quarterly basis.
  • Initiating appropriate actions based on any recommendations by the outside auditor or the Director of Internal Audit.
  • Maintaining records on other consulting activities as mandated by the Sarbanes-Oxley Act.

An Audit Committee meeting will be held at least concurrently with each scheduled Board meeting and at other times as required.

The Audit Committee will meet privately with the outside auditor or the Chief Audit Executive to assess the overall internal control environment and to evaluate the independence of the audit function.

Composed: Jessica Dharma Putra/Corporate Secretary


The New York Stock Exchange (NYSE) suggested proposed board audit committee charters in December 1999 but with no requirement that an audit committee should have such a charter. The Sarbanes Oxley (SOx) Act, however, has now mandated that each board audit committee must develop its own formal audit charter to be published as part of the annual proxy statement.

The purpose of a board audit committee charter is to define the audit committee’s responsibilities regarding:

  • Identification, assessment, and management of financial risks and uncertainties
  • Continuous improvement of financial systems
  • Integrity of financial statements and financial disclosures
  • Compliance with legal and regulatory requirements
  • Qualifications, independence, and performance of independent outside auditors
  • Capabilities, resources, and performance of the internal audit department
  • Full and open communication with and among the independent accountants, management, internal auditors, counsel, employees, the audit committee, and the board

The audit committee is required to go before its overall board of directors and obtain authorization, through this charter document, for board audit committee activities. Though there is no single required format or mandated contents for this charter document, but the NYSE has published a model charter that has been adopted by many public corporations today. Formats vary from one company to another, but audit committee charters generally include:

1. Purpose and authority of audit committee

2. Audit committee composition

3. Meetings schedule

4. Audit committee procedures

5. Audit committee primary activities:

  • Corporate governance
  • Public reporting
  • Independent accountants
  • Audits and accounting
  • Other activities

6. Audit committee discretionary activities:

  • Independent accountants
  • Internal audits
  • Accounting
  • Controls and systems
  • Public reporting
  • Compliance oversight responsibilities
  • Risk assessments
  • Financial oversight responsibilities
  • Employee benefit plans investment fiduciary responsibilities

7. Audit committee limitations

A good example of an easy-to-follow charter, can be found online, is Accenture Plc’s audit committee charter, found on its Web site (http::/,com/us-en/company/governance/committees/Pages/corporate-governance-audit-committee.aspx), which will be used as an example to explain each of the audit committee’s roles on this post.

Not every corporation is a Accenture in terms of size and resources and not every company registered in the U.K, of course, but all corporations in the U.S. with SEC registration must conform to SOx rules. Smaller entities will not have the resources or need to release a Web-based audit committee charter. But they still must have an independent directors’ audit committee, as mandated by SOx, as well as an audit committee charter. This is the type of board of directors’ resolution document that would be part of corporate records.


Audit Committees in the Past

The description of audit committee presented on the above section is what it is today. In past years, many audit committees met only quarterly for brief sessions in conjunction with regular board meetings; those meetings often were limited to little more than approving the external auditor’s annual plan and their quarterly and year-end reports and reviewing internal audit activities in what appeared to be little more than a perfunctory basis.

While NYSE rules, even prior to SOx, required that audit committees consist of only outside directors, in the past many audit committee directors often appeared to be buddies of the chief executive officer (CEO) with apparently little evidence of true independent actions.

Internal audit’s Chartered Audit Executive (CAE) has always had a direct reporting relationship to the audit committee, but often this was little more than a theoretical relationship where the CAE had limited contact with the audit committee beyond scheduled board meetings. SOx has now changed all of that.

During the first years of this millennium, a major issue that evolved from the collapse of Enron and the related financial scandals was the fact that boards and their audit committees were not exercising a sufficient level of independent corporate governance.

The Enron audit committee was highlighted as an example of what was wrong. It was reported to have met some 30 minutes per calendar quarter prior to the company’s fall. Given the size of Enron at that time and the many directions it was pursuing, the audit committee’s attention appeared to be limited at best.

Even before the fall of Enron, the SEC was becoming interested in seeing audit committees acting as more independent, effective managers of a company’s external and internal auditors. In 1999 the Blue Ribbon Committee on “Improving the Effectiveness of Corporate Audit Committees” was formed by the NYSE, SEC, AICPA, and others. It issued a series of recommendations on improving the independence, operations, and effectiveness of audit committees.

The stock exchanges then adopted new independent director audit committee standards as listing requirements to be phased in over the next 18 months, and the Auditing Standards Board  (ASB)of the AICPA raised standards for external auditors with respect to their audit committees. The subsequent financial failures of Enron and others showed these initiatives were not enough. The result was the legislative work that led to SOx.

Today, since the passage of SOx, audit committees have expanded responsibilities and internal audit has a greater responsibility to best serve its audit committee. Although an audit committee typically has regular contacts primarily with the CAE, all internal auditors should have an understanding of this very important relationship.

Next, let’s discuss the current audit committee roles and responsibilities in more detail


Current Roles and Responsibilities of Audit Committee

Many literatures have highlighted the roles and responsibilities of audit committee. Lin et al. (2008) for example, notes that audit committee oversight roles and responsibilities is for improving internal control, rules compliance, sound corporate financial reporting and auditing processes.

Chen et al. (2008) notes that while the primary responsibilities of the audit committees are to assist the board with its duties in overseeing the corporation’s reporting and audit requirements, it also:

  • monitors the integrity of the company’s financial statements and reporting system;
  • ensures that the company complies with legal and regulatory requirements;
  • monitors independent auditors’ qualifications and independence;
  • monitors the performance of the company’s internal and external auditors; and
  • monitors compliance with corporate legality and ethical standards, including the maintenance of preventive fraud controls.

Chambers (2005) discussed four responsibilities of audit committees, which are:

  • advising board on the reliability of financial information;
  • advising board in risk management and internal control;
  • dealing with external auditors; and
  • overseeing the internal audit process.

Among many areas of audit committee roles and responsibilities, next we will see five main areas where audit committees perform specific roles:


1. Roles in the Financial Reporting Area

The financial process and ensuring reliable financial information is one of the most important functions of the audit committee. While the audit committee should not become involved in day-to-day operations, there is pressure from the oversight role for the audit committee to get more involved in ensuring the integrity of the financial reporting process. Experts and educators have studied about effective audit committee processes for overseeing financial reporting. These studies generally noted that audit committees are expected to:

  • Review all financial statements, whether interim or annual, before they are approved by the Board of Directors and publicly disseminated to ensure their objectiveness, accuracy, and timeliness.
  • Review all existing accounting policies, and concentrate on the impact on the financial statements of any changes in accounting policies including the likely impact of any contemplated changes.
  • Evaluate exposure to fraud.
  • Appraise key management estimates, judgments, and valuations where they are thought to be material to the financial statements.
  • Evaluate the adequacy of financial statement disclosures.
  • Review adequacy of organization’s structure, including management’s implementation of internal controls.
  • Review all significant transactions, especially those that are nonroutine and those that might be illegal, questionable, or unethical.

If you check on the Accenture Plc’s charter documents, you will find the following roles:

  • Review, in consultation with the independent auditors and the internal auditors, the integrity of the Company’s internal and external financial reporting processes and controls. In this regard, the Committee should obtain and discuss with management and the independent auditors all reports from management and the independent auditors regarding: (i) all critical accounting policies and practices to be used by the Company; (ii) analyses prepared by management and/or the independent auditors setting forth significant financial reporting issues and judgments made in connection with the preparation of the financial statements, including all alternative treatments of financial information within generally accepted accounting principles that have been discussed with the Company’s management, the ramifications of the use of the alternative disclosures and treatments, and the treatment preferred by the independent auditors; (iii) major issues regarding accounting principles and financial statement presentations, including any significant changes in the Company’s selection or application of accounting principles; (iv) major issues as to the adequacy of the Company’s internal controls and any special audit steps adopted in light of material control deficiencies; and (v) any other material written communications between the independent auditor and the Company’s management;
  • Review periodically the effect of regulatory and accounting initiatives, as well as off-balance sheet structures (if any), on the financial statements of the Company;
  • Establish regular systems of reporting to the Committee by each of management, the independent auditors and the internal auditors regarding any significant judgments made in management’s preparation of the financial statements and any significant difficulties encountered during the course of the review or audit, including any restrictions on the scope of work or access to requested information
  • Review any significant disagreement between management and the independent auditors or the internal auditing department in connection with the preparation of the financial statements and management’s response to such matters;
  • Review and discuss with the Company’s internal auditors: (i) the internal audit function, including its authority, responsibilities, independence and reporting obligations; (ii) the proposed audit plan for the coming year; (iii) the coordination of that proposed audit plan with the Company’s independent auditors; and (iv) the results of the internal audit program, and perform a specific review of any significant issues; and
  • Review and discuss with the independent auditors the responsibilities, budget and staffing of the Company’s internal audit function.


2. Roles in the Internal Audit Area

The audit committee can strengthen the entity’s internal audit function by ensuring that management has established and is maintaining an adequate and effective internal audit structure. Also, after discussion in the Treadway Commission’s Report identified the interaction between the internal audit function and the AC that should ensure the internal audit function’s effectiveness and objectivity.

Here are specific roles, in the internal audit area, expected to be done by the audit committee:

  • Appointment of the Chief Audit Executive – The CAE typically reports administratively to company management, but the audit committee is responsible for the hiring and dismissal of this internal audit executive. The objective here is not to deny company management the right to name the person who will administer the internal audit department, which serves the combined needs of company management and the audit committee. Rather, the significance of the audit committee’s participation is to ensure the independence of the internal audit function when there is a need to speak out regarding issues identified in the review and appraisal of internal controls and other company activities.
  • Approval of Internal Audit Charter – An internal audit charter serves as a basis or authorization for every effective internal audit program. An adequate charter is particularly important to define the roles and responsibilities of internal audit and its responsibility to serve the audit committee properly. It is here that the mission of internal audit must clearly provide for service to the audit committee as well as to senior management. The audit committee is responsible for approving this internal audit charter, just as the full board is responsible for approving the audit committee’s charter.
  • Approval of Internal Audit Plans and Budgets – Ideally, the audit committee should have developed an overall understanding of the total internal audit needs of the company. This high-level appraisal covers various special control and financial-reporting issues, allowing the audit committee to determine the portion of audit or risk assessment needs to be performed by either internal audit or other providers. As part of this role, the audit committee is responsible for reviewing and approving all internal audit higher-level plans and budgets. This responsibility is consistent with the audit committee’s role as the ultimate coordinator of the total audit effort. The committee’s review of all internal audit plans is essential if the policies and plans for the future are to be determined most effectively.
  • Audit Committee Review and Action on Significant Audit Findings – An audit committee’s most important responsibility is to review and take action on significant audit findings reported to it by the internal and external auditors, management, and others. While the audit committee has responsibility for all of these areas, our focus here is on the importance of internal audit to report all significant findings to the audit committee regularly and promptly. Part of this reporting will occur through internal audit’s distribution of all audit reports to the audit committee as part of the SOx requirements. Reacting to significant audit findings requires a combination of understanding, competence, and cooperation by all of the major parties of interest: internal audit, management, external auditors, and the audit committee itself.


3. Roles Related to External Auditors’ Activities

The audit committee is a valuable instrument for initiating direct contact with the independent/external auditor, participating in the selection of the external auditor, and promoting effective communication between the independent auditor and corporate directors. Audit committee members dependency on external auditors in performing their oversight.

An audit committee has a major responsibility for hiring the external audit firm, approving its proposed budget and audit plan, and releasing the audited financial statements. While many aspects of this arrangement have remained unchanged over time, SOx has caused some significant changes here.

External auditors no longer can both perform and then approve their internal controls assessments, nor are any consulting arms of public accounting firms allowed to install financial applications that would be subject to external audit review. The major public accounting firms no longer have these consulting divisions, and, as discussed, public accounting firms are prohibited from outsourcing the internal audit services for the companies they audit.

Audit committees should be aware and sensitive to these changes. SOx requires that the audit committee approve all external audit services, including comfort letters, as well as any nonaudit services provided by the external auditors.

External auditors are still allowed to provide tax services as well as certain de minimis service exceptions, but they are prohibited from providing these nonaudit services contemporaneously with their financial statement audits:

  • Bookkeeping and other services related to the accounting records or financial statements of the audit client
  • Financial information technology design and implementation
  • Appraisal or valuation services, fairness opinions, or contribution-in-kind reports
  • Internal audit outsourcing services
  • Management function or human resource support activities
  • Broker or dealer, investment advisor, or investment banking services
  • Legal services and other expert services unrelated to the audit
  • Any other services that the Public Company Accounting Oversight Board determines to be not permitted

Even though their external auditors are prohibited from performing these activities, corporations still will need to contract for and acquire many of these types of services. These must be treated as special contracting arrangements, reported as part the annual financial reports. It is in the best interests of the external audit firm not to get involved with such nonaudit services.

If you check on the Accenture Plc’s charter documents, you will find the following roles are expected from the committee, in the external auditors’ activities:

  • Retain or change the Company’s independent auditors and approve all audit engagement fees and terms;
  • Oversee the work of any registered public accounting firm employed by the Company, including the resolution of any disagreement between management and the independent auditor regarding financial reporting, for the purpose of preparing or issuing an audit report or related work;
  • Approve, in advance, any audit and any permissible non-audit engagement or relationship between the Company and the independent auditors;
  • Review, at least annually, the qualifications, performance and independence of the independent auditors and present its conclusions with respect to the independent auditor to the Board. In conducting its review and evaluation, the Committee should:
  • Obtain and review a report by the Company’s independent auditors describing: (i) the auditing firm’s internal quality-control procedures; (ii) any material issues raised by the most recent internal quality-control review, or peer review, of the auditing firm, or by any inquiry or investigation by governmental or professional authorities within the preceding five years, respecting one or more independent audits carried out by the auditing firm, and any steps taken to deal with any such issues; and (iii) all relationships between the independent auditors and the Company (so as to enable the assessment of the independent auditors’ independence).
  • Ensure the rotation of the lead audit partner and reviewing partner on at least that schedule required by the Securities and Exchange Commission, the Public Company Accounting Oversight Board or any other applicable authority. As part of its review, the Committee shall confirm with any independent auditors retained to provide audit services in any fiscal year that the lead (or coordinating) audit partner (having primary responsibility for the audit), or the audit partner responsible for reviewing the audit, has not performed audit services for the Company in any of the five previous fiscal years of the Company prior to his or her appointment.
  • Take into account the opinions of management and the Company’s internal auditors (or of other personnel responsible for the internal audit function).
  • Receive from the independent auditors such written statements as required by the Public Company Accounting Oversight Board Rule 3526 or any other applicable rules, and recommend to the Board and/or management such actions it deems appropriate to ensure the independence of the external auditors;
  • Review with the independent auditors any audit problems or difficulties and management’s response.
  • Set clear hiring policies to be implemented by the Company for employees or former employees of the independent auditors to ensure the independence of the Company’s outside auditors is not compromised under the rules of the Securities and Exchange Commission.
  • Discuss with management and the independent auditors the Company’s guidelines and policies with respect to risk assessment and risk management. The Committee should discuss the Company’s major financial risk exposures and the steps management has taken to monitor and control such exposures. Such reviews shall include the following:
  • A quarterly review with the Chief Operating Officer (or such other executive or executives with primary responsibility for risk oversight) of the Company’s company risks and risk management;
  • An annual review (or more frequently as appropriate) with such person or persons of the process by which the Company manages its company risks; and
  • An annual review with the chair of each of the Compensation Committee and the Finance Committee of the risk assessment process undertaken by those committees with respect to the risks overseen by those committees.


4. Roles in the Risk Management and Corporate Governance Areas

Audit committees play significant role in managing risk of the business. Apart from the above discussed four key roles, audit committees presume some corporate governance responsibilities for the firm. In the case of corporate governance responsibilities, audit committees are expected to:

  • Facilitate and enhance communication between the external auditors and the BoDs
  • Review corporate policies and practices in the light of ethical considerations
  • Monitor the manner in which the company’s affairs are conducted and, where applicable, compliance with the company’s code of corporate conduct
  • Review significant transactions outside entity’s normal business
  • Review adequacy of management information systems

If you check on the Accenture Plc’s charter documents, you will find the following roles in the external auditors’ activities:

Discuss with management and the independent auditors the Company’s guidelines and policies with respect to risk assessment and risk management. The Committee should discuss the Company’s major financial risk exposures and the steps management has taken to monitor and control such exposures. Such reviews shall include the following:

  • A quarterly review with the Chief Operating Officer (or such other executive or executives with primary responsibility for risk oversight) of the Company’s company risks and risk management;
  • An annual review (or more frequently as appropriate) with such person or persons of the process by which the Company manages its company risks; and
  • An annual review with the chair of each of the Compensation Committee and the Finance Committee of the risk assessment process undertaken by those committees with respect to the risks overseen by those committees.


5. Roles in the Whistleblower Programs and Codes of Conduct Areas

SOx rules state the audit committee must establish procedures for the receipt, retention, and treatment of complaints regarding accounting, internal accounting controls, or auditing matters, including procedures for the confidential, anonymous submission by employees of concerns regarding questionable accounting or auditing matters.

The CAE as well as the legal counsel often are the only non-CEO and CFO links between the audit committee and the corporation. Internal audit often offer its services to the audit committee—often to the designated financial expert—to establish documentation and communication procedures in these areas:

  • Documentation logging whistleblower calls – SOx mandates that the audit committee establish a formal whistleblower program where employees can raise their concerns regarding improper audit and controls matters with no fear of retribution. A larger company may already have an ethics function, where these matters can be handled in a secure manner. When a smaller company does not have such a resource, internal audit should offer its facilities to log in such whistleblower communications, recording the date, time, and name of the caller for investigation and disposition.
  • Disposition of whistleblower matters – Even more important than logging in initial whistleblower calls, documentation must be maintained to record the nature of any follow-up investigations and related dispositions. Although the SOx-mandated whistleblower program does not have any cash reward program, complete documentation covering actions taken as well as any net savings should be maintained.
  • Codes of ethics – SOx makes the audit committee responsible for implementing a code of ethics or conduct for a corporation’s senior officers (CEO and CFO).

The audit committee must to outline a set of rules for proper conduct and have those senior officers acknowledged that they have read and understand and agree to abide by them. Audit committee, if the company has the program, is expected to make sure the program is effectively running, not just for a limited set of senior officers but for the entire company.