Covid-19 came with not much of advance notice, and wrought, and continues to wreak, untold havoc on the lives and health of humankind, across continents, and the economic health of most nations. In the corporate world, managements are waging continuing battles to ensure crisis management of a high order. In these challenging times, Audit Committees are having to engage increasingly with Statutory Auditors to ensure that the disruptions caused do not adversely impact the scope or the quality of audit. Auditors are also struggling to finally sign off, because of the difficulty in accessing some documents essential to the process of audit. CFOs and their teams are also having to strive to make available the documents needed for audit. It is therefore the right context in which to ask whether Audit Committees have been able to deliver what was expected of them, and what steps, if any, they need to take to impart more rigour to the entire process so as to satisfy stakeholders that what they see is what they get.

  1. Audit Committee (AC) was the first committee of the Board.
  2. Over the years, the role of the AC has expanded substantially. Are ACs able to perform their role optimally, or are they falling short? Is there a performance gap, and if so, how can it be bridged?
  3. The role of AC in private sector and public sector organisations is similar. The issues they face are also nearly similar.
  4. The expectations from ACs are very high. If a company runs smoothly, AC is supposed to have performed its role. But if something goes wrong, the AC is on the firing line.
  1. The composition of the AC is very important. It should comprise members who are willing to commit quality time, and contribute meaningfully to the discussions.
  2. A person should not join the AC merely because she was invited by the Chair of the Board.
  1. Since the AC has to look at a number of items, in addition to the financials of the company, it should have more than the mandatory minimum of 4 quarterly meetings. In these 4 meetings, there are time pressures since financial results have to be discussed and disclosed. In the non-accounts meetings, there can be detailed discussions on other important items, with no time pressure.
  2. A number of companies have at least 2 additional meetings of the AC, with focus on non-accounts matters, such as Internal Audit (IA) reports. Due to crowded agendas, ACs are often not able to deliberate on a number of important topics. These additional meetings are found to be very useful.
  1. Since law and regulations have listed the items to be considered by an AC, they will necessarily come to the AC. This will ensure a sense of discipline, with no mandated items being lost sight of.
  2. Expectations from the AC are high, but the time and energy available with the members may not always match the number of items that the AC is supposed to deal with. This could sometimes lead to a compromise on the quality and depth of discussions.
  3. There is a need to prioritise within the agenda items, to improve the effectiveness of the meetings.
  4. If processes and common principles can be established, time spent on items such as Related Party Transactions (RPTs) can be reduced, without impacting on the rigour of analysis/ decision-making.
  1. The Chair of AC has a major role in setting the agenda for AC meetings. The agenda should be exhaustive.
  2. Pre-engagement with the Statutory Auditors, Internal Auditor and Chief Financial Officer (CFO) helps the Chair of AC to prepare for the AC meeting, as also to do the heavy-lifting on behalf of the AC members and the Board.
  3. Since the items to be dealt with in any AC meeting are usually too many, the Chair has to manage the time very well, without compromising on the quality of discussions.
  4. Extracting value from auditors, while ensuring balance in discussions, is very important.
  5. The Chair of AC has to present to the Board the significant items that were discussed at the immediately preceding meeting of the AC. The briefing by her should cover all the major agenda items, and discussions thereon.
  1. Role of AC is undergoing a change from being primarily transactional, to being more process oriented. However, responsibilities too are increasing, and most AC members feel that they seem to be responsible for everything.
  2. AC should have engagement and a connect with the management. Mutual trust is an essential ingredient of that relationship.
  3. AC should be able to ask the right questions. This can happen only if the members read the agenda papers, and come prepared. The performance of management at such meetings rises to the level of demand by the committee.
  4. AC should have a role in ensuring compliance with law and regulations, and should ensure that processes are laid down for the same. This would necessarily include increasing automated processes and reducing manual interventions. Once processes have been established, the focus should be on extracting value from them.
  5. Finalising the plan of both Statutory Audit and IA, and cross validating it with the demand of the auditee, is an important role of the AC.
  6. In the process of building constructive relationships with Statutory Auditors, Internal Auditor, and senior management, the AC should not restrict its interactions with these persons to only formal meetings. At times, the insights gathered from informal conversations are more important than the ones from the formal meetings.
  7. In addition to engaging with the Statutory Auditors and the Internal Auditor, the AC should also engage with the Chief Compliance Officer and the Chief Information Officer. Their insights will help the AC in becoming more effective.
  8. AC should define its expectations, since it will help in improving its effectiveness, and help in extracting maximum value, given the limitation of time. Questions asked by AC depend on the information fed to it. In most cases, information is decided by law, by management or by auditors.
    • The AC should clearly state its expectations from the management on matters such as - What it wants to know? How does it want to be informed? What are the matters on which it would like to be informed?
    • AC should know where the big risks in the business lie, and how do they connect through financial reporting. It should also know major areas where judgement will be exercised/ estimates would be made, and its implications, if any, on the company by interacting with the management.
    • AC must also inform the auditors of the additional items that it wants to know about. This helps in determining the responsiveness of the management, and the thought process of the Internal Auditor and the Statutory Auditors, and in determining how information flows to the committee.
  9. The auditee could be defensive when auditors are making their presentations to the AC. The committee should not be seen as an inspector, and should help strike a balance between the auditee and the auditors.
  10. AC, or the Chair of AC, should read the management representation letter that is given by the CFO to the auditors, since the letter has a lot of commitments.
  11. AC has to ensure that there are proper processes, so that the auditors can make a proper representation to the committee.
  12. There should be internal control systems, which should be well established and functioning throughout the year. This system should have SOPs, documentation and good practices.
  13. For Internal Financial Controls (IFC), Directors feel that the Statutory Auditors should first sign it, and the auditors feels that the Directors should do so first. These reports are often clean reports. The Board may not have enough expertise to decide on the adequacy of these controls. These reports should be given a lot of importance since, in the event of a fraud being reported, these reports would provide valuable insights. While companies may feel they are doing enough, there are always areas for improvement. AC can have some time dedicated in its meeting to understand and document the efforts being made towards putting such controls in place.
  14. Contingent liabilities too must be considered by the AC. In most companies, these are very high and could, on occasion, destabilise the company.
  15. ACs cannot ignore the responsibility of monitoring the controls in the subsidiaries of a company. There are a lot of expectations from the AC, but there are time constraints. However, increased attention is being paid by the ACs to this aspect of its responsibility.
  16. If a company is listed on an international exchange, the role and responsibilities of the AC could undergo changes, as per the regulations of that country/exchange. This has a significant bearing on the agenda, the meeting, and the minutes of AC.
  17. AC members should bring insights or best practices that they have observed in other companies with which they are associated.
  1. Irrespective of the existence of a Risk Management Committee (RMC), AC has a role in risk management. This can be performed only by very strong inputs from the RMC to the AC. This can be done by having the Chair of AC as a member of the RMC, or the Chair of RMC being a member of the AC. This will help improve the quality of integrated reporting and reporting of true and fair picture since it will give a rounded perspective.
  2. On important matters relating to risk, such as IT systems and cyber security, alignment of AC and RMC is very important. Having special joint meetings can help both the committees to be on the same page.
  3. Items such as fraud and data protection, especially in Covid-times, have to be given increased importance.
  1. ACs sometimes do not extract full value from auditors. Auditors sometimes do not communicate enough to the ACs.
  2. Statutory Auditors and Internal Auditor are the eyes and ears of the AC.
  3. In Covid-times, some issues around auditing processes have come up. However, most auditors have found solutions.
  4. Statutory Auditors
    • Interaction of AC with the Statutory Auditors is very important. The auditor must inform the AC of everything that is relevant and material. Being quiet is not always a sign of all being well in the company.
    • There is a need to question the auditor, in order to understand their processes and their assumptions.
  5. Internal Auditor
    • Interaction of AC with the Internal Auditor is very important. A balance has to be achieved between being too transaction oriented or too system oriented in IA. Both are equally important, and importance should not be given to one, to the exclusion of the other.
    • AC can consider suggesting/ implementing short term job rotation wherein employees from different departments can be given short stints in the IA department. This will provide the IA with auditee experience so that there is no disconnect between business and audit. This has found to be useful in companies that have adopted it.
  1. Auditing processes have not evolved with time. It is very paper dependent. It needs to improve. Along with CFOs, AC too should push the auditor to improve the process of audit. Audit process should be holistic and not transactional.
  2. With increasing dependence on IT systems, a lot has changed in companies. However, it seems that the audit process and approach has not changed at the same pace. Going forward, there would be a need to focus on processes, management and systems audits.
  3. There are a number of analytical tools available. With the help of those, there could be a system of continuous control monitoring mechanism that helps to check all the transactions, rather than a sample. The auditors will then have time to focus on more critical areas.
  4. There should be an analysis of the entire universe of transactions, and not samples alone. Audit has to move towards being predictive and preventive, rather than corrective and historical.
  5. With volumes changing, some Chartered Accountancy firms are using data analytics and similar tools, and coming up with results which are very different from the results that come from sampling techniques.
  1. Board and committees
    • There are several areas of overlap between the functioning of the Board and its committees, and in the functioning of the committees. The committees have a very strong interdependence amongst themselves and with the Board. Such interdependence has only increased with time.
  2. Statutory Auditors and auditee
    • The Statutory Auditor is increasingly becoming more and more dependent on the auditee, to confirm everything that she has been engaged to confirm. The representations that the management has to give is as exhaustive and enormous as an audit report. As a result, the auditee is left wondering on the need for the auditor. However, management representation does not take away from the obligation of validation of the documents by the auditor.
    • The auditor also picks the sample on the basis of the management representation letter.
    • There are newer global practices being followed in the area of statutory audit, such as peer reviews, study of quality of audits etc. These processes are initiated post the audit process, by professionals unconnected with the Statutory Auditor, to check the quality of the audit. The peer auditor and the lead auditor may have difference of opinions on some matters, and the price for this is borne by the auditee.
  3. AC and Statutory Auditors
    • AC is dependent on the Statutory Auditor to bring to its attention all the facts that are material. Many times, AC has to extract information from the auditor, who may be unwilling or who may not be interested in getting into details, because of multiple reasons, including time constraints such as multiple AC meetings of different auditee companies on the same day.
  4. Interdependence of roles
    • While performing their respective roles, the spirit of law, and not the letter of law, should prevail. The roles of the Statutory Auditor, the AC and the management is to ensure ethical conduct of business and good practices of Corporate Governance.
    • AC is not tasked with going through each process. It has to only ask important questions to the Statutory Auditors, the Internal Auditor and the management, such as – Are the checks and balances in place? Is the sample size appropriate? Are the policies consistent with the business of the company? Are the practices best in class?
    • The approach to be followed by the AC is one of a psychologist, who puts the other person at ease, and then encourages her to state the facts. To understand facts that are both said and unsaid is also a skill that AC needs to have.
  1. In smaller companies, the AC looks at a number of items, which in bigger companies falls under other Board level committees.
  2. The frequency of meetings of the AC in smaller companies is too less to deal with all the matters falling under its ambit.
  1. There is value in compliances. However, irrespective of the size of the company, regulations for small companies and big companies seem to be same. Size, scale and complexity of business should be some of the considerations for regulations. There could be a tiered approach to regulations. It can start with a basic hygiene level of regulations for all companies. Beyond that, cost of compliance should be considered. There is a need for a Regulatory Impact Assessment.
  2. It seems that different Regulators are not working in tandem, and are not considering the cumulative burden of compliance that companies have to bear. They do not seem to consider whether the company or its management can deal with this.
  3. Some regulations must have a sunset clause so that they are revisited after a lapse of time, and examined for continuing relevance.
  4. Can ACs and Chairs of ACs have an influencing role in shaping compliance requirements? At present, many compliances are tick box exercises, with no clarity on the ends that they seek to achieve. A number of such items have become compliance burdens, which consume a lot of time of the management, CFO, Chief Executive Officer (CEO), and consequentially of the auditors and the AC. This takes away from productive work.
  5. With frequent changes in accounting standards, it is sometimes tough, even for CFOs, to understand and interpret accounting standards, and they have to take the help of external advisors. If trained persons like CFOs cannot understand accounting standards, it would be impossible for most shareholders to understand the standards, and the true and fair picture presented by the company on the basis of such standards.
  6. Also, for a number of auditors themselves, it is a challenge to keep pace with the changes in the accounting standards, as also to understand them. Increasingly, Chambers of commerce too should send representations against such frequent changes, since such changes impact the industry too.
  7. There should not be changes to accounting standards for some years, so that from the accountant to the shareholders, no one is put to difficulty by frequent changes/ additions.
  8. The financials are akin to the symptomatic cases, like in the context of Covid. They do not reflect the asymptomatic issues, which come to forefront much later. There is a need to go back to basic fundamentals, such as people capability in management, CEO-CFO relationship, use of technology, fundamentals of the control environment etc. These items should be brought to the fore. However, due to the compliance burden, this is not happening to the required extent.
  9. There should be a move towards “exceptional reporting”.
  10. If there are Regulators, with direct/ first-hand corporate experience, it could help greatly.
  1. Most members of ACs feel that they are doing a lot. The real question should be whether they are doing all of what they are supposed to do?
  2. AC’s role and functioning is still evolving. There is a disconnect between regulations and ground realities.
  3. The quality of processes followed depend on the quality of the AC and its members. In conglomerate structures, the processes are uneven, and the quality of persons manning each of the committees is not necessarily consistent.
  4. To do a thorough job, outside of the 4 mandatory meetings, the AC should take out the time to understand the organisation, the dynamics within it, decision making, business fundamentals, policies governing the business, and processes being followed. In many companies, owing to time constraints, this is not done.
  5. In a conglomerate, there should be a forum wherein all the Chairs of ACs meet, once or twice a year, to get a better insight on what is happening in the rest of the corporate world. It also is an excellent forum for cross-learning. The interdependence between a Board and its committees, and between committees in a parent company and committees in its subsidiaries, should be used productively. For the ACs to uniformly discharge their responsibilities, this understanding will be useful.
  1. For the post-Covid situation, managements and auditors have to plan now. Auditing of the previous FY was not too adversely impacted since Covid’s impact majorly started in March, 2020. However, the current FY will see a full year with Covid-related issues. A lot of planning will have to be done, including on matters such as “going concern”. The AC too will have a very important role in this, and it will have to prepare itself.
  2. Majority of the work of a finance department is to collect data. AC has to ensure that the IT systems of the company can handle these new paradigms, including working remotely.
  3. New technology can be used for collating data and bringing more insights.
  4. Data security is also one area where the AC has a role.
  1. After every AC meeting, taking a feedback could help improve the processes of AC. Annual evaluation would serve only limited purpose.
  2. The adoption of IndAS has given rise to some issues which need to be addressed immediately.
  3. Off-balance sheet items are increasing, and this should be a cause of concern.

Excellence Enablers Private Limited (EEPL) is an initiative that focuses on implementation of better corporate governance practices, improvement of Board performance, including audit and evaluation, training of directors and engagement with stakeholders of governance. It is founded on the firm belief that the gap between performance and potential can, and must, be bridged. Consistent with that belief, all our offerings are tailormade to the specific needs of the organisation or the individuals concerned.

Given that our founder, Mr. M. Damodaran, introduced Clause 49 of the Listing Agreement, dealing with corporate governance in India, and has been a part of both public sector and private sector Boards, as well as performing and underperforming Boards, we offer experience based consultancy and courses on the journey from compliance through governance to performance. Further, given his success in turning around organisations that had been written off, we are uniquely positioned to offer courses on leadership, organisational transformation, and building winning teams.

EEPL has a number of highly experienced and renowned consultants and faculty members who have helped, and continue to help, us deliver programmes that have been well received.

All rights reserved.

No part of this publication may be reproduced, stored in retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise without the prior permission of Excellence Enablers Private Limited.

The views expressed in this report are the views of the participants at the roundtable and do not necessarily reflect the views of Excellence Enablers Private Limited.