The Role of Audit Committees in the Public Sector

By Nashwa George

E-mail Story Print Story

Governance in the public sector deserves the same attention as governance in the corporate sector. While unethical behavior in the corporate sector impacts the shareholders of a company, unethical behavior in the public sector impacts all taxpayers and citizens. The recent scandals involving Long Island school districts illustrate all too well that governance in the public sector can fail.

Audit Committees and the Public Sector

Events in the public sector and failures in the quality of government audits led the U.S. Government Accountability Office (GAO) to recommend that public sector entities consider the benefit of using audit committees. In 2003, the GAO revised Government Auditing Standards to require that auditors communicate certain information to the audit committee or to the individuals with whom they have contracted for the audit. Each government entity must designate an audit committee or an equivalent body to fulfill the role of financial oversight.

An effective audit committee can increase the integrity and efficiency of the audit process, as well as the system of internal controls and financial reporting.

The audit committee is an integral element of public accountability and governance. It plays a key role with respect to the integrity of the entity’s financial information, its system of internal controls, and the legal and ethical conduct of management and employees. An audit committee’s responsibility will vary depending upon the entity’s complexity, size, and requirements. Typical audit committee responsibilities include approving the overall audit scope, recommending the appointment of the external auditor, overseeing the entity’s financial statement and internal controls, helping to ensure that the audit is conducted in a cost-effective manner, and risk management oversight.

Audit committees are an increasingly important component of effective accountability and governance. An audit committee must have three important qualities in order to fulfill its duties: independence, communication, and accountability.

Independence. In the public sector, the structure of entities does not separate the governing authority and oversight responsibility from the day-to-day management. For example, a public university president may be both the chief executive officer and a board member. Public sector audit committees should be independent both in fact and in appearance, and have processes in place to ensure such independence.

Communication. Communication between a governing body and its finance officers can be difficult at times. For example, external financial reporting follows standard principles; however, budgets and expressions of policy are unique to the circumstances of the organization and its jurisdiction. Communication may be complicated when a governing body approves a budget but not the financial statements. The GAO has indicated that audit committees can provide assistance if they have the necessary technical skills in accounting and auditing and are able to communicate with finance officers and auditors on complex issues.

Accountability. An audit committee must be independent to contribute to the integrity of the financial reporting process. An independent audit committee can help reinforce a culture with zero tolerance for fraud.

The combination of independent oversight and the technical expertise of audit committee members enhances accountability.

Audit Committees and Internal Controls

Although Government Auditing Standards (2003 Revision) does not include additional internal control standards for financial statement audits, it emphasizes several aspects of internal controls that are important for auditors and audit committees. Controls over the safeguarding of assets, controls over compliance with laws and regulations, and controls over environment and risk assessment are covered.

The existence of an internal control system does not ensure the reliability of financial reporting or compliance with laws and regulations. An entity’s success in achieving its control objectives can be limited by circumvention, the breakdown of existing controls, the ability to override the system, and poor oversight.

Weaknesses in internal controls can cause many problems, including fraudulent activities, errors, and noncompliance with laws and regulations. An audit committee should understand an entity’s internal controls and ensure that the five components of internal controls in the COSO framework—control environment, risk assessment, control activities, information and communication, and monitoring—are present and operating effectively in the organization. An audit committee’s activities should include the following:

• Understanding how the internal control objectives are achieved within the entity.
• Considering whether the control environment and procedures can accomplish their objectives.
• Reviewing the auditor’s reports on internal controls and compliance with laws and regulations.
• Determining whether material weaknesses, reportable conditions, or other findings were reported.
• Reviewing suggested improvements to internal controls and following up to correct the weaknesses in internal controls.

An effective audit committee should have open lines of communication with management, internal auditors, and outside auditors. It should prepare an annual report to the governing body which identifies how the committee discharged its charter responsibilities, and which should be addressed to the full governing body. Reports should present significant accounting, internal control, and compliance issues; identify the authority and responsibility of the audit committee; discuss the review of the financial statements, annual reports, and accounting issues; and discuss the review of the auditor’s management letter, internal controls, and compliance.

Audit Committees and External Auditors

Generally Accepted Auditing Standards (GAAS) and Government Auditing Standards require an auditor to test an entity’s internal controls and deliver its report and recommendations to the audit committee. The external auditor is required to communicate the following:

• Its responsibilities for testing internal controls and compliance with laws and
  regulations.
• Possible weaknesses in internal controls that are discovered prior to the audit engagement.
• The effect that possible weaknesses in internal controls could have on the accuracy of financial information or on compliance with laws and regulations, as well as any additional testing of internal controls required.
• The probability that internal control procedures are not sufficient to achieve a relatively low risk that errors or irregularities would not be detected within a timely period by employees in the normal course of their assigned functions.
• Its knowledge of the risk control areas and the activities needed to address those risks.

The GAO, in “CPA Audit Quality: A Framework for Procuring Auditing Services,” recommends that an audit committee participate in the entity’s procurement process, evaluate audit firms using pre-established technical factors, evaluate the quality of services rendered, and ensure the auditor’s independence on an ongoing basis.

External auditors are required by GAAS and by Government Auditing Standards to alert the audit committee and the governing body about important matters. These issues vary from entity to entity, but one of the important ones is the adequacy of the internal control system.

The following are examples of questions that an audit committee might ask about internal controls:

• Are there any material weaknesses or reportable conditions?
• Is appropriate and timely action taken in response to comments and recommendations about weaknesses of internal control?
• Is the internal audit function adequately organized, and are its operations in accordance with professional standards?
• Does the internal control system provide reasonable assurance that errors and reportable conditions are handled properly?
• Are there any legal or regulatory factors that could have a material effect on the entity’s financial statements?
• Which critical internal control and compliance areas warrant the attention of the audit committee?
• Are long-term planning and budgetary controls used by the unit?
• Can the controls ensure the integrity of electronic data-processing operations?

An audit committee must review the financial statements, and, if appropriate, the comprehensive annual financial report and the underlying audit results, with the governing body and external auditors. The review should consider reasons for nonstandard audit opinions; changes in accounting policies; areas of judgment in the financial statements; accounting and auditing problems that are a source of disagreement; material noncompliance with laws, regulations, and grant provisions; and changes in the report format or the nature of footnote disclosure from the prior year’s financial statements.

Audit Committee Composition and Responsibilities

Having an audit committee does not relieve governing bodies of responsibility for the matters considered by the committee. An audit committee should have a charter that states its mission, objectives, authority, organization, and methodology. In addition, the charter should establish voting requirements, the liability of members, and their method of appointment.

Audit committees should have three to six members, with some or all of the following qualities:

• Good communication skills and the ability to work with others;
• Knowledge of the needs, interests, and concerns of the constituency;
• Accounting and auditing expertise and experience; and
• A willingness to ask hard questions and deal with controversial matters.

An audit committee may often be empowered by the governing body to select or recommend the external auditors, which would be formally approved by the governing body. In doing so, the audit committee should consider the following factors:

• Auditor independence;
• The firm’s reputation and fees;
• The firm’s scope of services and experience with the public sector; and
• The firm’s quality-control standards.