AUDIT COMMITTEES - DEFENDERS OF THE FAITH
16th June, 2020
SUMMARY OF DISCUSSIONS
Covid-19 came with not much of advance notice, and wrought, and continues to wreak, untold havoc on
the lives and health of humankind, across continents, and the economic health of most nations. In the
corporate world, managements are waging continuing battles to ensure crisis management of a high
order. In these challenging times, Audit Committees are having to engage increasingly with Statutory
Auditors to ensure that the disruptions caused do not adversely impact the scope or the quality of audit.
Auditors are also struggling to finally sign off, because of the difficulty in accessing some documents
essential to the process of audit. CFOs and their teams are also having to strive to make available the
documents needed for audit. It is therefore the right context in which to ask whether Audit Committees
have been able to deliver what was expected of them, and what steps, if any, they need to take to impart
more rigour to the entire process so as to satisfy stakeholders that what they see is what they get.
- Audit Committee (AC) was the first committee of the Board.
- Over the years, the role of the AC has expanded substantially. Are ACs able to perform their role
optimally, or are they falling short? Is there a performance gap, and if so, how can it be bridged?
- The role of AC in private sector and public sector organisations is similar. The issues they face are also
- The expectations from ACs are very high. If a company runs smoothly, AC is supposed to have
performed its role. But if something goes wrong, the AC is on the firing line.
COMPOSITION OF ACE
- The composition of the AC is very important. It should comprise members who are willing to commit
quality time, and contribute meaningfully to the discussions.
- A person should not join the AC merely because she was invited by the Chair of the Board.
NUMBER OF MEETINGS
- Since the AC has to look at a number of items, in addition to the financials of the company, it should
have more than the mandatory minimum of 4 quarterly meetings. In these 4 meetings, there are time
pressures since financial results have to be discussed and disclosed. In the non-accounts meetings,
there can be detailed discussions on other important items, with no time pressure.
- A number of companies have at least 2 additional meetings of the AC, with focus on non-accounts
matters, such as Internal Audit (IA) reports. Due to crowded agendas, ACs are often not able to
deliberate on a number of important topics. These additional meetings are found to be very useful.
- Since law and regulations have listed the items to be considered by an AC, they will necessarily come to
the AC. This will ensure a sense of discipline, with no mandated items being lost sight of.
- Expectations from the AC are high, but the time and energy available with the members may not always
match the number of items that the AC is supposed to deal with. This could sometimes lead to a
compromise on the quality and depth of discussions.
- There is a need to prioritise within the agenda items, to improve the effectiveness of the meetings.
- If processes and common principles can be established, time spent on items such as Related Party
Transactions (RPTs) can be reduced, without impacting on the rigour of analysis/ decision-making.
ROLE OF CHAIR OF AC
- The Chair of AC has a major role in setting the agenda for AC meetings. The agenda should be
- Pre-engagement with the Statutory Auditors, Internal Auditor and Chief Financial Officer (CFO) helps
the Chair of AC to prepare for the AC meeting, as also to do the heavy-lifting on behalf of the AC
members and the Board.
- Since the items to be dealt with in any AC meeting are usually too many, the Chair has to manage the
time very well, without compromising on the quality of discussions.
- Extracting value from auditors, while ensuring balance in discussions, is very important.
- The Chair of AC has to present to the Board the significant items that were discussed at the immediately preceding meeting of the AC. The briefing by her should cover all the major agenda items, and discussions thereon.
ROLE OF AC
- Role of AC is undergoing a change from being primarily transactional, to being more process oriented.
However, responsibilities too are increasing, and most AC members feel that they seem to be
responsible for everything.
- AC should have engagement and a connect with the management. Mutual trust is an essential
ingredient of that relationship.
- AC should be able to ask the right questions. This can happen only if the members read the agenda
papers, and come prepared. The performance of management at such meetings rises to the level of
demand by the committee.
- AC should have a role in ensuring compliance with law and regulations, and should ensure that
processes are laid down for the same. This would necessarily include increasing automated processes
and reducing manual interventions. Once processes have been established, the focus should be on
extracting value from them.
- Finalising the plan of both Statutory Audit and IA, and cross validating it with the demand of the
auditee, is an important role of the AC.
- In the process of building constructive relationships with Statutory Auditors, Internal Auditor, and
senior management, the AC should not restrict its interactions with these persons to only formal
meetings. At times, the insights gathered from informal conversations are more important than the
ones from the formal meetings.
- In addition to engaging with the Statutory Auditors and the Internal Auditor, the AC should also engage
with the Chief Compliance Officer and the Chief Information Officer. Their insights will help the AC in
becoming more effective.
- AC should define its expectations, since it will help in improving its effectiveness, and help in extracting
maximum value, given the limitation of time. Questions asked by AC depend on the information fed to
it. In most cases, information is decided by law, by management or by auditors.
- The AC should clearly state its expectations from the management on matters such as - What it
wants to know? How does it want to be informed? What are the matters on which it would like
to be informed?
- AC should know where the big risks in the business lie, and how do they connect through
financial reporting. It should also know major areas where judgement will be exercised/
estimates would be made, and its implications, if any, on the company by interacting with the
- AC must also inform the auditors of the additional items that it wants to know about. This helps
in determining the responsiveness of the management, and the thought process of the Internal
Auditor and the Statutory Auditors, and in determining how information flows to the
- The auditee could be defensive when auditors are making their presentations to the AC. The committee
should not be seen as an inspector, and should help strike a balance between the auditee and the
- AC, or the Chair of AC, should read the management representation letter that is given by the CFO to the
auditors, since the letter has a lot of commitments.
- AC has to ensure that there are proper processes, so that the auditors can make a proper
representation to the committee.
- There should be internal control systems, which should be well established and functioning throughout
the year. This system should have SOPs, documentation and good practices.
- For Internal Financial Controls (IFC), Directors feel that the Statutory Auditors should first sign it, and
the auditors feels that the Directors should do so first. These reports are often clean reports. The Board
may not have enough expertise to decide on the adequacy of these controls. These reports should be
given a lot of importance since, in the event of a fraud being reported, these reports would provide
valuable insights. While companies may feel they are doing enough, there are always areas for
improvement. AC can have some time dedicated in its meeting to understand and document the efforts
being made towards putting such controls in place.
- Contingent liabilities too must be considered by the AC. In most companies, these are very high and
could, on occasion, destabilise the company.
- ACs cannot ignore the responsibility of monitoring the controls in the subsidiaries of a company. There
are a lot of expectations from the AC, but there are time constraints. However, increased attention is
being paid by the ACs to this aspect of its responsibility.
- If a company is listed on an international exchange, the role and responsibilities of the AC could
undergo changes, as per the regulations of that country/exchange. This has a significant bearing on the
agenda, the meeting, and the minutes of AC.
- AC members should bring insights or best practices that they have observed in other companies with
which they are associated.
ROLE IN RISK
- Irrespective of the existence of a Risk Management Committee (RMC), AC has a role in risk
management. This can be performed only by very strong inputs from the RMC to the AC. This can be
done by having the Chair of AC as a member of the RMC, or the Chair of RMC being a member of the AC.
This will help improve the quality of integrated reporting and reporting of true and fair picture since it
will give a rounded perspective.
- On important matters relating to risk, such as IT systems and cyber security, alignment of AC and RMC
is very important. Having special joint meetings can help both the committees to be on the same page.
- Items such as fraud and data protection, especially in Covid-times, have to be given increased
EXTRACTING VALUE FROM AUDITORS
- ACs sometimes do not extract full value from auditors. Auditors sometimes do not communicate
enough to the ACs.
- Statutory Auditors and Internal Auditor are the eyes and ears of the AC.
- In Covid-times, some issues around auditing processes have come up. However, most auditors have
- Statutory Auditors
- Interaction of AC with the Statutory Auditors is very important. The auditor must inform the AC
of everything that is relevant and material. Being quiet is not always a sign of all being well in
- There is a need to question the auditor, in order to understand their processes and their
- Internal Auditor
- Interaction of AC with the Internal Auditor is very important. A balance has to be achieved
between being too transaction oriented or too system oriented in IA. Both are equally
important, and importance should not be given to one, to the exclusion of the other.
- AC can consider suggesting/ implementing short term job rotation wherein employees from
different departments can be given short stints in the IA department. This will provide the IA
with auditee experience so that there is no disconnect between business and audit. This has
found to be useful in companies that have adopted it.
CHANGE IN AUDIT PROCESS
- Auditing processes have not evolved with time. It is very paper dependent. It needs to improve. Along
with CFOs, AC too should push the auditor to improve the process of audit. Audit process should be
holistic and not transactional.
- With increasing dependence on IT systems, a lot has changed in companies. However, it seems that the
audit process and approach has not changed at the same pace. Going forward, there would be a need to
focus on processes, management and systems audits.
- There are a number of analytical tools available. With the help of those, there could be a system of
continuous control monitoring mechanism that helps to check all the transactions, rather than a
sample. The auditors will then have time to focus on more critical areas.
- There should be an analysis of the entire universe of transactions, and not samples alone. Audit has to
move towards being predictive and preventive, rather than corrective and historical.
- With volumes changing, some Chartered Accountancy firms are using data analytics and similar tools,
and coming up with results which are very different from the results that come from sampling
INTERDEPENDENCE OF FUNCTIONS
- Board and committees
- There are several areas of overlap between the functioning of the Board and its committees,
and in the functioning of the committees. The committees have a very strong interdependence
amongst themselves and with the Board. Such interdependence has only increased with time.
- Statutory Auditors and auditee
- The Statutory Auditor is increasingly becoming more and more dependent on the auditee, to
confirm everything that she has been engaged to confirm. The representations that the
management has to give is as exhaustive and enormous as an audit report. As a result, the
auditee is left wondering on the need for the auditor. However, management representation
does not take away from the obligation of validation of the documents by the auditor.
- The auditor also picks the sample on the basis of the management representation letter.
- There are newer global practices being followed in the area of statutory audit, such as peer
reviews, study of quality of audits etc. These processes are initiated post the audit process, by
professionals unconnected with the Statutory Auditor, to check the quality of the audit. The
peer auditor and the lead auditor may have difference of opinions on some matters, and the
price for this is borne by the auditee.
- AC and Statutory Auditors
- AC is dependent on the Statutory Auditor to bring to its attention all the facts that are material.
Many times, AC has to extract information from the auditor, who may be unwilling or who may
not be interested in getting into details, because of multiple reasons, including time constraints
such as multiple AC meetings of different auditee companies on the same day.
- Interdependence of roles
- While performing their respective roles, the spirit of law, and not the letter of law, should
prevail. The roles of the Statutory Auditor, the AC and the management is to ensure ethical
conduct of business and good practices of Corporate Governance.
- AC is not tasked with going through each process. It has to only ask important questions to the
Statutory Auditors, the Internal Auditor and the management, such as – Are the checks and
balances in place? Is the sample size appropriate? Are the policies consistent with the business
of the company? Are the practices best in class?
- The approach to be followed by the AC is one of a psychologist, who puts the other person at
ease, and then encourages her to state the facts. To understand facts that are both said and
unsaid is also a skill that AC needs to have.
- In smaller companies, the AC looks at a number of items, which in bigger companies falls under other
Board level committees.
- The frequency of meetings of the AC in smaller companies is too less to deal with all the matters falling under its ambit.
AC INFLUENCING REGULATIONS AND ACCOUNTING STANDARDS
- There is value in compliances. However, irrespective of the size of the company, regulations for small
companies and big companies seem to be same. Size, scale and complexity of business should be some
of the considerations for regulations. There could be a tiered approach to regulations. It can start with a
basic hygiene level of regulations for all companies. Beyond that, cost of compliance should be
considered. There is a need for a Regulatory Impact Assessment.
- It seems that different Regulators are not working in tandem, and are not considering the cumulative
burden of compliance that companies have to bear. They do not seem to consider whether the company
or its management can deal with this.
- Some regulations must have a sunset clause so that they are revisited after a lapse of time, and
examined for continuing relevance.
- Can ACs and Chairs of ACs have an influencing role in shaping compliance requirements? At present,
many compliances are tick box exercises, with no clarity on the ends that they seek to achieve. A
number of such items have become compliance burdens, which consume a lot of time of the
management, CFO, Chief Executive Officer (CEO), and consequentially of the auditors and the AC. This
takes away from productive work.
- With frequent changes in accounting standards, it is sometimes tough, even for CFOs, to understand
and interpret accounting standards, and they have to take the help of external advisors. If trained
persons like CFOs cannot understand accounting standards, it would be impossible for most
shareholders to understand the standards, and the true and fair picture presented by the company on
the basis of such standards.
- Also, for a number of auditors themselves, it is a challenge to keep pace with the changes in the
accounting standards, as also to understand them. Increasingly, Chambers of commerce too should
send representations against such frequent changes, since such changes impact the industry too.
- There should not be changes to accounting standards for some years, so that from the accountant to the
shareholders, no one is put to difficulty by frequent changes/ additions.
- The financials are akin to the symptomatic cases, like in the context of Covid. They do not reflect the
asymptomatic issues, which come to forefront much later. There is a need to go back to basic
fundamentals, such as people capability in management, CEO-CFO relationship, use of technology,
fundamentals of the control environment etc. These items should be brought to the fore. However, due
to the compliance burden, this is not happening to the required extent.
- There should be a move towards “exceptional reporting”.
- If there are Regulators, with direct/ first-hand corporate experience, it could help greatly.
ARE ACs EFFECTIVE?
- Most members of ACs feel that they are doing a lot. The real question should be whether they are doing
all of what they are supposed to do?
- AC’s role and functioning is still evolving. There is a disconnect between regulations and ground
- The quality of processes followed depend on the quality of the AC and its members. In conglomerate
structures, the processes are uneven, and the quality of persons manning each of the committees is not
- To do a thorough job, outside of the 4 mandatory meetings, the AC should take out the time to
understand the organisation, the dynamics within it, decision making, business fundamentals, policies
governing the business, and processes being followed. In many companies, owing to time constraints,
this is not done.
- In a conglomerate, there should be a forum wherein all the Chairs of ACs meet, once or twice a year, to get a better insight on what is happening in the rest of the corporate world. It also is an excellent forum
for cross-learning. The interdependence between a Board and its committees, and between committees
in a parent company and committees in its subsidiaries, should be used productively. For the ACs to
uniformly discharge their responsibilities, this understanding will be useful.
- For the post-Covid situation, managements and auditors have to plan now. Auditing of the previous FY
was not too adversely impacted since Covid’s impact majorly started in March, 2020. However, the
current FY will see a full year with Covid-related issues. A lot of planning will have to be done, including
on matters such as “going concern”. The AC too will have a very important role in this, and it will have
to prepare itself.
- Majority of the work of a finance department is to collect data. AC has to ensure that the IT systems of
the company can handle these new paradigms, including working remotely.
- New technology can be used for collating data and bringing more insights.
- Data security is also one area where the AC has a role.
- After every AC meeting, taking a feedback could help improve the processes of AC. Annual evaluation
would serve only limited purpose.
- The adoption of IndAS has given rise to some issues which need to be addressed immediately.
- Off-balance sheet items are increasing, and this should be a cause of concern.
CORPORATE GOVERNANCE SPECIALISTS
ADDING VALUE, NOT TICKING BOXES
EXCELLENCE ENABLERS PRIVATE LIMITED
Excellence Enablers Private Limited (EEPL) is an initiative that focuses on implementation of better corporate
governance practices, improvement of Board performance, including audit and evaluation, training of directors
and engagement with stakeholders of governance. It is founded on the firm belief that the gap between
performance and potential can, and must, be bridged. Consistent with that belief, all our offerings are tailormade
to the specific needs of the organisation or the individuals concerned.
Given that our founder, Mr. M. Damodaran, introduced Clause 49 of the Listing Agreement, dealing with
corporate governance in India, and has been a part of both public sector and private sector Boards, as well as
performing and underperforming Boards, we offer experience based consultancy and courses on the journey
from compliance through governance to performance. Further, given his success in turning around
organisations that had been written off, we are uniquely positioned to offer courses on leadership,
organisational transformation, and building winning teams.
EEPL has a number of highly experienced and renowned consultants and faculty members who have helped,
and continue to help, us deliver programmes that have been well received.
All rights reserved.
No part of this publication may be reproduced, stored in retrieval system or transmitted in any form or by any means, electronic,
mechanical, photocopying, recording or otherwise without the prior permission of Excellence Enablers Private Limited.
The views expressed in this report are the views of the participants at the roundtable and do not necessarily reflect the views of Excellence Enablers Private Limited.