Corporate Governance Program

for
Bank Directors of Indian Banks

Audit Committee Effectiveness

What Works Best

Rahoul Chowdry
Global Banking & Capital Markets Leader

Presentation by:

16 December 2005, Mumbai

Recent research shows that in

Australia

32% die of natural causes

30% die from cancer

25% die from heart disease

10% die from road and other accidents

2.5% die from insect and snake bites

0.5% are taken by crocs and sharks

Recent research shows that in

Australia

32% die of old age

30% die from cancer

25% die from heart disease

10% die from road and other accidents

2.5% die from insect and snake bites

0.5% are taken by crocs and sharks

.but

no one has yet died from boredom

listening to presentations

Agenda
I. Oversight responsibilities of Audit Committees
II. Relationships with:
- Management
- Internal Auditors
- External Auditors

III. Key to effectiveness

- Committee composition
- Training
- Meetings
- Charter & evaluations

I. Oversight responsibilities of Audit

Committees
Integrity of financial reporting
People and culture
Compliance and ethics
Risk management
Internal control and systems

Financial Reporting
Committees need to
- Understand financial statements through discussion with
management and external auditors
- Understand accounting policies
- Assess quality, not just reliability, of earnings
- Apply appropriate level of skepticism and ask probing questions
- Be comfortable with treatment of unusual/complex issues

Financial Reporting
Other keys
- Review significant period-to-period changes and challenge sudden
changes
- Recognize financial reporting areas most susceptible to fraud
Revenue recognition

Provisions

Expense classification

Areas of judgement

Accounting for business combinations

Suspense / Clearing accounts

- Maintain healthy skepticism when considering the risk of fraudit is

never zero
Understand any concerns raised by auditors

Narrative Reporting
Review disclosures and consider consistency with financial
statements
Many specific disclosures required by regulators
Leading audit committees focus on transparencywhether
all significant developments are fully disclosed

People and Culture

People and Culture

Capabilities, training of people
Strong culture based on
- Integrity
- Transparency
- Meritocracy
- Consultative
- No fear

Strong culture results in better internal control, a natural desire

to do the right thing and fewer surprises

Compliance and
Ethics

Codes of Conduct
Many committees oversee compliance with code of conduct
- Review and approve code
- Ensure it is communicated to all employees and they attend
training
- Understand program for monitoring code compliance and review
reported violations and follow-up actions

A similar approach should be taken to overseeing compliance

with laws and regulations

Whistleblower and Complaint Hotlines

For US listed companies audit committee must establish
processes to receive complaints about accounting and auditing
Complaints should be reported to the committee who should
review remediation actions taken, ensuring they are timely,
consistent, and appropriate

Risk Management
and Internal Control

Risk Management
Audit committees increasingly oversee risk management
processes
Committees can fully embrace this role by
- Understanding how risk management processes are tailored to
companys specific needs
- Probing whether the processes are ongoingnot just at a point in
time
- Ensuring responsible individual has appropriate stature, expertise,
and time
- Meeting periodically with chief risk officer

Internal Control the 5 key components

5.
4.
3.
2.
1.

Internal Control the 5 key components

Control Environment
Sets tone of organization influencing control
consciousness of its people.
Factors include integrity, ethical values, competence,
authority, responsibility.
Foundation for all other components of control.

Internal Control the 5 key components

Control Environment
Sets tone of organization
influencing control consciousness of
its people.
Factors include integrity, ethical
values, competence, authority,
responsibility.
Foundation for all other components
of control.

Risk Assessment
Risk assessment is the identification
and analysis of relevant risks to
achieving the entitys objectives
forming the basis for determining
control activities.

Internal Control the 5 key components

Control Activities
Policies/procedures that ensure
management directives are carried
out.
Range of activities including
approvals, authorizations,
verifications, recommendations,
performance reviews, asset security
and segregation of duties.

Control Environment
Sets tone of organization
influencing control consciousness of
its people.
Factors include integrity, ethical
values, competence, authority,
responsibility.
Foundation for all other components
of control.

Risk Assessment
Risk assessment is the identification
and analysis of relevant risks to
achieving the entitys objectives
forming the basis for determining
control activities.

Internal Control the 5 key components

Control Activities
Policies/procedures that ensure
management directives are carried
out.
Range of activities including
approvals, authorizations,
verifications, recommendations,
performance reviews, asset security
and segregation of duties.

Monitoring
Assessment of a control systems
performance over time.
Combination of ongoing and
separate evaluation.
Management and supervisory
activities.
Internal audit activities.

Control Environment
Sets tone of organization
influencing control consciousness of
its people.
Factors include integrity, ethical
values, competence, authority,
responsibility.
Foundation for all other components
of control.

Risk Assessment
Risk assessment is the identification
and analysis of relevant risks to
achieving the entitys objectives
forming the basis for determining
control activities.

Internal Control the 5 key components

Monitoring
Assessment of a control systems
performance over time.
Combination of ongoing and
separate evaluation.
Management and supervisory
activities.
Internal audit activities.

Control Activities
Policies/procedures that ensure
management directives are carried
out.
Range of activities including
approvals, authorizations,
verifications, recommendations,
performance reviews, asset security
and segregation of duties.

Information and Communication

Pertinent information identified,
captured and communicated in a
timely manner.
Access to internal and externally
generated information.
Flow of information that allows for
successful control actions from
instructions on responsibilities to
summary of findings for
management action.

Risk Assessment
Risk assessment is the identification
and analysis of relevant risks to
achieving the entitys objectives
forming the basis for determining
control activities.

Control Environment
Sets tone of organization
influencing control consciousness of
its people.
Factors include integrity, ethical
values, competence, authority,
responsibility.
Foundation for all other components
of control.

All five components must be in

place for a control to be effective.

Internal Control
Focus on areas of greatest potential risk, such as
Management override of controls

Poor culture

Outside service providers

Recurring control weaknesses

Information technology

Payment systems

Mergers and acquisitions

Proper segregation of duties

Understand extent to which internal audit plans address other

high-risk areas in compliance and operations
Committees should understand the nature and severity of
control deficiencies, managements remediation plans, and
impact on financial reporting

II. Oversight of
Management and
Internal Audit

Relationship with Management

Challenge is balancing advising and counseling management
with fiduciary duty to monitor and oversee management
To build trust, need strong, open two way communication
channels
Clear understanding on where managements responsibilities
end and committees begin
Management should seek committees input in advance of key
decisions
Evaluate managements performance and assess bench
strength

Relationship with Internal Audit

To be effective, internal audit must have appropriate stature
within the company
Accomplished by
- Having internal audit director report directly to committee
- Ensuring internal audits continual access to committee
- Playing key role in selection, evaluation, compensation,
succession of internal audit director

Relationship with Internal Audit

Also key is for committee to
- Review and approve internal audits charter and plans
- Monitor execution of plans and approve major changes
- Understand results of audit work, with focus on most significant
findings
- Ensure internal audit has budget and resources needed

Relationship with external auditors

Auditors should report directly to the committee
Audit Committees have a role in
- Selecting, or reappointing, external auditors
- Evaluating auditors performance
- Ensuring auditors independence
- Candid and ongoing communications are vital, and timely and
robust dialogue on complex issues is essential

III.Key to Audit
Committee
Effectiveness

Members Attributes
Key is good understanding of the business including
companys products, services, and industry
Willingness to dedicate substantial time and energy
Other relevant attributes
- Extremely high level of integrity
- Healthy skepticism and courage to challenge
- Inquisitiveness and independent judgment

Good financial knowledge

Regular training

Participants
Both internal audit director and external auditors typically attend
every meeting
Managements participation is important
Meet privately with internal audit director, external auditors,
finance management, and others, as warranted
Guard against too many observers
Audit Committees should meet at least 4 times a year

Evaluation
Evaluate committee performance regularly by comparing
activities against
- Charter
- Leading practice

Assess committee dynamics, not only on what the committee

does, but also on how effectively it functions
Should be robustnot simply a check the box exercise
Obtain feedback from board, management, internal audit,
general counsel, and external auditors

Thank You