Speaking at FEI’s Corporate Financial Reporting Issues conference in New York, speakers said threats such as cyber security and the effects of digital transformation on company operations and globalization, as well as dynamic financial reporting and regulatory frameworks, are prompting audit committee members to expand their purview.
“Financial controls interact with operational controls,” said Jon Lukomnik, managing partner at Sinclair Capital LLC. “Not everything should be on the agenda of the audit committee, but where that line should be drawn varies by company. It's difficult to understand financial risk if you don’t understand operational risk.”
Stronger Reporting
Charles H. Noski, audit committee chair for Microsoft Corporation, said one manifestation of the committee’s broader role can be seen in the audit committee reports included in proxy statements. Until fairly recently, he said, most reports consisted of a few generic paragraphs outlining risks in general terms.
But in the last three years or so, helped by the committee’s broader role and a greater willingness to communicate with shareholders, many reports have expanded to highlight the committees’ function, accounting policies, how committees evaluate external auditors, compliance processes, and other important information.
“In the last handful of years, audit committees have decided this is the one opportunity we have to talk with shareholders, and to explain what we’re doing to fill the role they elected us to do,” Noski said. “We’re trying to describe in a much richer way what we do and the judgments we make.”
James Quigley, audit committee member at Wells Fargo, Hess Corporation, and Merrimack Pharmaceuticals, said audit committee reports have largely shifted beyond an emphasis on meeting the committees’ regulatory requirements to issue a report.
“Most reports have moved away from being a pure compliance [driven] document, and I think investors are better served by that,” he said.
Culture Counts
Speakers also stressed the importance of a company having an effective corporate culture – not just in setting an effective tone at the top, but also in making sure line-of-business managers are committed to effective governance.
“When you serve on an audit committee, you have to understand the company’s culture,” said Nick Cyprus, audit committee chair of Digital Global Inc., and Readers Digest. “You need to evaluate the company’s culture and commitment to transparency, and make sure there’s a strong control environment. Those will tell you how much risk the company is taking on.”
While culture in important in all organizations, it’s a critical issue — and often an operational challenge – for multinational companies who have to ensure executives understand local regulations and accepted practices.
For example, Sinclair Capital’s Lukomnik said most investors in the United States, believe directors owning company stock helps align their interests with those of shareholders — but that same practice can result in directors not being considered independent in some jurisdictions.
“You have to understand cultural norms within a specific sector, as well as the legal framework of different countries,” he said. “Things you may think are universal good practices may be looked at differently in other parts of the world.”
Dialog is Critical
The panelists agreed it’s important for audit committee chairs to be available to serve as a sounding board for company management about reporting and compliance issues. While these and other issues are discussed during routine meetings, informal conversations can also improve the effectiveness of the committee and management.
“It’s important to establish a relationship, and to let management understand that you’re accessible,” said Arnold Hanish, audit committee member at Omeros Corporation. The audit committee chair should be accessible to advise on day-to-day issues in the business and the controls environment. The CEO should be able to use the audit chair as an independent resource.”
James S. Turley, a board member at Citigroup, Emerson Electric, and Intrexon, said he provides personal contact information to senior executives and invites them to let him know about issues they believe aren’t receiving adequate attention.
“I’m not in management and I don’t want to be in management, but I want to be accessible.”