An Audit Committee Event Matrix

Internal Auditor, April, 2000 by Anthony J. Ridley

Audit directors seem to have diverse opinions regarding the right time to tell their audit committees about serious findings. To beat this dilemma, find out up front exactly what and when they want to know.

CHIEF AUDIT EXECUTIVES (CAEs) USUALLY REPORT the results of their work to audit committees as part of a preset agenda and during scheduled meetings. When important events occur outside these time frames, CAEs may be uncertain about what they should tell their audit committee and when to disclose the information.

The easiest way to resolve this quandary is to ask your audit committee in advance about the things they want to know--and when--and then capture their preferences in an event matrix for ongoing use. The matrix can eliminate much of the guesswork related to providing information to your audit committee.

WHAT INTERESTS AUDIT COMMITTEES

The dynamics of each business influence what an audit committee wants to know, so each organization's event matrix may be different. The events in the sample matrix on page 55 are generic and can be supplemented or specified as needed. However, the five categories of events can function as an initial talking document for your committee.

The matrix assumes that certain policies and plans exist within the entity and have been discussed with the audit committee. For example, a published ethics policy and an internal audit plan should be familiar to members of the audit committee. Although the event categories in the matrix may seem obvious, explaining why each is included on the list is still a worthwhile exercise.

DEFALCATIONS AND ETHICS VIOLATIONS

The most common events that might be reported involve fraud, defalcation, and theft. Because this category provides some measure of the audit committee's acceptance of risk, it's a logical place to start and is listed first. Audit committee chairmen of similar businesses might have very different risk tolerances; one might say that $100,000 is an appropriate reporting threshold, while another could be comfortable with $500,000. Ideally, if the entity spends time discussing risk, the threshold should already be established.

The loss involved in a defalcation is not the only variable that should interest your committee members. They will likely want to know whether it involved a control breakdown or perhaps a collusion to bypass controls. They will certainly have a different view if a member of management is involved in the event or the event violates a published ethics policy.

LITIGATION Legal concerns are often overlooked until final resolution of a case determines potential costs. Provisions for litigation are an important financial consideration to many businesses, and any substantial change in outlook should be of interest to the committee. Also, stock markets are sensitive to significant litigation settlements that will impact share values--another element that will warrant the attention of the board.

REGULATORY CONCERNS AND ADVERSE PUBLICITY Financial cost may not be the major concern of your committee; regulatory or publicity issues could be even more important to them. Also, it would be a mistake to overlook external audits of your entity, particularly by government agencies. Even if you're not in a regulated industry, in this day and age you are regulated in many ways that your audit committee should know about, including tax audits. The potential impact of bad publicity will also interest your audit committee and may be the most difficult area to quantify in advance.

FINANCIAL REPORTING The potential for fraudulent financial reporting is one of the things that is likely to keep your audit committee awake at night. You cannot absolve yourself of responsibility simply because the external auditors are looking at this potential. This whole category can be expanded to accommodate your business, but your committee will most likely be interested in the impact of prior period adjustments and changes to accounting policy.

INDEPENDENCE AND EFFECTIVENESS OF AUDITORS Any inability to perform your role as an internal auditor should be covered by talking about the audit plan's progress and your ability to access data or people. The independence of both internal and external auditors should also be protected by early discussions of changes in structure, engagement, or fees.

KEEP IT SIMPLE

Your audit committee cannot be informed of every interesting event. The most common dimension among events that will be reported is financial, and the information can be shown in absolute amounts or as a ratio to certain data. The best practice is to keep it simple with absolute amounts. Calculations involving items such as cost of goods sold or net assets are variable and could be open to interpretation. As a result, they should be avoided.

In some cases subjective assessments will be necessary. For example, your committee may say it needs to know if the future of a business segment is impaired or if publicity will adversely impact future sales. In these instances you will need to establish an internal mechanism that ensures management is involved in, and agrees with, these assessments.