Role of Audit Committees in the Public Sector
AUGUST 2005 - Recent
corporate scandals and legislation like the Sarbanes-Oxley
Act have spurred the public to focus on the importance of
governance. Governance is not limited to business entities:
It is important to public sector entities as well. Public
sector entities include state and local governments, federal
agencies, public utilities, hospitals, colleges and universities,
pension plans, city councils, boards of trustees, legislatures,
and boards of governors.
in the public sector deserves the same attention as governance
in the corporate sector. While unethical behavior in the
corporate sector impacts the shareholders of a company,
unethical behavior in the public sector impacts all taxpayers
and citizens. The recent scandals involving Long Island
school districts illustrate all too well that governance
in the public sector can fail.
Committees and the Public Sector
in the public sector and failures in the quality of government
audits led the U.S. Government Accountability Office (GAO)
to recommend that public sector entities consider the benefit
of using audit committees. In 2003, the GAO revised Government
Auditing Standards to require that auditors communicate
certain information to the audit committee or to the individuals
with whom they have contracted for the audit. Each government
entity must designate an audit committee or an equivalent
body to fulfill the role of financial oversight.
effective audit committee can increase the integrity and
efficiency of the audit process, as well as the system of
internal controls and financial reporting.
audit committee is an integral element of public accountability
and governance. It plays a key role with respect to the
integrity of the entity’s financial information, its
system of internal controls, and the legal and ethical conduct
of management and employees. An audit committee’s
responsibility will vary depending upon the entity’s
complexity, size, and requirements. Typical audit committee
responsibilities include approving the overall audit scope,
recommending the appointment of the external auditor, overseeing
the entity’s financial statement and internal controls,
helping to ensure that the audit is conducted in a cost-effective
manner, and risk management oversight.
committees are an increasingly important component of effective
accountability and governance. An audit committee must have
three important qualities in order to fulfill its duties:
independence, communication, and accountability.
In the public sector, the structure of entities
does not separate the governing authority and oversight
responsibility from the day-to-day management. For example,
a public university president may be both the chief executive
officer and a board member. Public sector audit committees
should be independent both in fact and in appearance, and
have processes in place to ensure such independence.
Communication between a governing body and
its finance officers can be difficult at times. For example,
external financial reporting follows standard principles;
however, budgets and expressions of policy are unique to
the circumstances of the organization and its jurisdiction.
Communication may be complicated when a governing body approves
a budget but not the financial statements. The GAO has indicated
that audit committees can provide assistance if they have
the necessary technical skills in accounting and auditing
and are able to communicate with finance officers and auditors
on complex issues.
An audit committee must be independent to contribute to
the integrity of the financial reporting process. An independent
audit committee can help reinforce a culture with zero tolerance
combination of independent oversight and the technical expertise
of audit committee members enhances accountability.
Committees and Internal Controls
Government Auditing Standards (2003 Revision) does
not include additional internal control standards for financial
statement audits, it emphasizes several aspects of internal
controls that are important for auditors and audit committees.
Controls over the safeguarding of assets, controls over
compliance with laws and regulations, and controls over
environment and risk assessment are covered.
existence of an internal control system does not ensure
the reliability of financial reporting or compliance with
laws and regulations. An entity’s success in achieving
its control objectives can be limited by circumvention,
the breakdown of existing controls, the ability to override
the system, and poor oversight.
in internal controls can cause many problems, including
fraudulent activities, errors, and noncompliance with laws
and regulations. An audit committee should understand an
entity’s internal controls and ensure that the five
components of internal controls in the COSO framework—control
environment, risk assessment, control activities, information
and communication, and monitoring—are present and
operating effectively in the organization. An audit committee’s
activities should include the following:
Understanding how the internal control objectives are
achieved within the entity.
whether the control environment and procedures can accomplish
Reviewing the auditor’s reports on internal controls
and compliance with laws and regulations.
Determining whether material weaknesses, reportable conditions,
or other findings were reported.
Reviewing suggested improvements to internal controls
and following up to correct the weaknesses in internal
effective audit committee should have open lines of communication
with management, internal auditors, and outside auditors.
It should prepare an annual report to the governing body
which identifies how the committee discharged its charter
responsibilities, and which should be addressed to the full
governing body. Reports should present significant accounting,
internal control, and compliance issues; identify the authority
and responsibility of the audit committee; discuss the review
of the financial statements, annual reports, and accounting
issues; and discuss the review of the auditor’s management
letter, internal controls, and compliance.
Committees and External Auditors
Accepted Auditing Standards (GAAS) and Government Auditing
Standards require an auditor to test an entity’s
internal controls and deliver its report and recommendations
to the audit committee. The external auditor is required
to communicate the following:
Its responsibilities for testing internal controls and
compliance with laws and
Possible weaknesses in internal controls that are discovered
prior to the audit engagement.
The effect that possible weaknesses in internal controls
could have on the accuracy of financial information or
on compliance with laws and regulations, as well as any
additional testing of internal controls required.
probability that internal control procedures are not sufficient
to achieve a relatively low risk that errors or irregularities
would not be detected within a timely period by employees
in the normal course of their assigned functions.
knowledge of the risk control areas and the activities
needed to address those risks.
GAO, in “CPA Audit Quality: A Framework for Procuring
Auditing Services,” recommends that an audit committee
participate in the entity’s procurement process, evaluate
audit firms using pre-established technical factors, evaluate
the quality of services rendered, and ensure the auditor’s
independence on an ongoing basis.
auditors are required by GAAS and by Government Auditing
Standards to alert the audit committee and the governing
body about important matters. These issues vary from entity
to entity, but one of the important ones is the adequacy
of the internal control system.
following are examples of questions that an audit committee
might ask about internal controls:
Are there any material weaknesses or reportable conditions?
Is appropriate and timely action taken in response to
comments and recommendations about weaknesses of internal
Is the internal audit function adequately organized, and
are its operations in accordance with professional standards?
Does the internal control system provide reasonable assurance
that errors and reportable conditions are handled properly?
Are there any legal or regulatory factors that could have
a material effect on the entity’s financial statements?
Which critical internal control and compliance areas warrant
the attention of the audit committee?
long-term planning and budgetary controls used by the
Can the controls ensure the integrity of electronic data-processing
audit committee must review the financial statements, and,
if appropriate, the comprehensive annual financial report
and the underlying audit results, with the governing body
and external auditors. The review should consider reasons
for nonstandard audit opinions; changes in accounting policies;
areas of judgment in the financial statements; accounting
and auditing problems that are a source of disagreement;
material noncompliance with laws, regulations, and grant
provisions; and changes in the report format or the nature
of footnote disclosure from the prior year’s financial
Committee Composition and Responsibilities
an audit committee does not relieve governing bodies of
responsibility for the matters considered by the committee.
An audit committee should have a charter that states its
mission, objectives, authority, organization, and methodology.
In addition, the charter should establish voting requirements,
the liability of members, and their method of appointment.
committees should have three to six members, with some or
all of the following qualities:
Good communication skills and the ability to work with
Knowledge of the needs, interests, and concerns of the
Accounting and auditing expertise and experience; and
A willingness to ask hard questions and deal with controversial
audit committee may often be empowered by the governing
body to select or recommend the external auditors, which
would be formally approved by the governing body. In doing
so, the audit committee should consider the following factors:
The firm’s reputation and fees;
The firm’s scope of services and experience with
the public sector; and
The firm’s quality-control standards.
George, PhD, CMA, is an associate professor of accounting
at Montclair State University, Montclair, N.J.