Can Audit Committees Prevent Management Fraud?

By Steven A. Harrast and Lori Mason-Olsen

E-mail Story Print Story

Since the passage of SOX, audit committees have been stepping up to the plate and assuming new duties in the financial reporting system. By design, audit committees are expected to maintain a line of defense against management fraud by monitoring the financial reporting function and internal controls of an organization. A strong, independent audit committee has increasingly become an indispensable part of an organization’s governance. The authors discuss below significant events in the development of audit committees, and present the results of a survey of audit committee members, who describe the benefits and challenges of their role under current standards. This information is intended to help accounting professionals understand the critical role of an audit committee and better utilize this important resource.

History of Audit Committees

Unfortunately, the recent frauds and the subsequent rise in the number of earnings restatements demonstrate the continuing need for improved controls in the financial reporting process. Unlike employee fraud, management fraud is less likely to be detected by low-level controls because of management override. Typical internal control systems cannot be counted on as an effective deterrent to management fraud. Therefore, SOX section 301 requires an independent audit committee to help deter management fraud and enhance the integrity of financial reporting.

The SEC promoted the audit committee concept after its investigation of the McKesson & Robbins case. In the McKesson & Robbins fraud, a corrupt management claimed the existence of inventory that later turned out to be bogus, a practice that resulted in on-site inventory inspections. In 1972, the SEC encouraged the establishment of audit committees composed of independent directors, and by 1974, the SEC began to require public disclosure of whether audit committee members were, in fact, independent. Little changed until the late 1990s, when earnings management and creative accounting practices became a threat to market integrity. In 1998, SEC Chairman Levitt called for greater controls to guard against fraudulent financial reporting. That same year, the public stock exchanges—often referred to as self-regulating organizations (SRO)—sponsored the Blue Ribbon Committee (BRC) to study how audit committees could be more effective. The BRC recommended that companies establish independent audit committees with a minimum of three financially literate members and one financial-expert member. In addition, the BRC recommended that audit committees adopt a formal charter to plainly describe the committee’s role in internal control activities. Soon after the BRC report was issued, the SEC and the SROs adopted the requirement for independent audit committee members.

In 2002, during heightened awareness of management financial fraud, Congress passed SOX. Although SRO rules already required the independence of audit committee members, SOX established the requirement by statute. Individual SROs are permitted to establish independence standards more stringent than those set forth by SOX. Current SRO rules generally prohibit audit committee members from: 1) receiving compensation for their services (other than director’s fees; 2) employment by or consulting for the company; and 3) having any close family members who are either employees of or consultants for the company. Prior employees and auditors may become independent after a three-year “cooling-off” period. To make a definitive determination of independence, consult the SEC rules and the rules published by the SRO where the company’s securities are traded.

Audit Committee Duties

According to SOX section 301, the audit committee carries out its responsibility over the financial reporting process by:

• appointing, overseeing, and compensating the independent auditor;
• establishing procedures for handling complaints about accounting, auditing, and internal control; and
• establishing procedures for the submission of concerns about questionable accounting and auditing matters.

This governance structure protects the integrity of the reporting process by insulating the external auditor from possible management pressure.

In addition to minimum audit-committee responsibilities, SROs have sought to enhance the quality of corporate governance by instituting additional requirements for listed companies. These include a continuing requirement that audit committees have a charter describing the audit committee’s responsibilities and that the committee hold meetings in “executive session” on a regular basis, with only independent directors in attendance. As recently as January 1, 2006, Nasdaq has made amendments to its listing rules regarding audit committees.

Audit Committees Respond

Do audit committee members believe that recent changes could make a difference? In a 2004 KPMG Audit Committee Institute survey of about 500 audit committee members from various industries—including financial services (37.6% of respondents), technology (12.7%), manufacturing (10.5%), retail (9.4%), healthcare (8.4%), energy (5.2%), transportation (2.2%), telecommunications (1.6%), and others (10.2%)—70.5% believed that the losses incurred in some of the high-profile financial reporting scandals of the last few years could have been avoided or reduced if the financial reporting and audit processes of the company had been overseen by an audit committee deemed to be effective by today’s standards (see Exhibit 1).

This survey suggests that most audit committee members would concur with the ideas expressed by the SEC and the BRC about the importance of an effective audit committee. It is important that audit committees believe their activities will make a difference, and it is encouraging to note that most agree that they can. Unfortunately, some skepticism remains about an audit committee’s ability to prevent fraud. Clearly, an audit committee must possess both information and diligence to detect and prevent management fraud.

How much time are audit committee members spending on each committee? According to the KPMG survey, the most commonly cited annual time requirement necessary to fulfill the role as an audit committee member, including all related meetings and preparation time, is between 50 and 100 hours. The responses are tabulated in Exhibit 2.

As indicated in Exhibit 2, the time requirement can be substantial. A small fraction of committee members indicate spending over 300 hours a year on audit-committee-related matters. At least one SRO, the NYSE, believes that serving on too many audit committees reduces effectiveness. The commentary on NYSE rule 303A requires special disclosure when a member sits on more than three separate audit committees. While there is no rule on the number of meetings the audit committee should hold, it seems reasonable to assume that four meetings would be required to review quarterly and annual filings. The SEC requires disclosure of the number of audit committee meetings held, so that stakeholders can monitor the diligence of the committee.

Are there activities that detract from audit committee effectiveness? The KPMG study found that 37% of audit committee members thought that compliance activities resulted in a negative impact on the overall effectiveness of the audit committee (Exhibit 3). The burden of compliance is a very real issue because the SEC’s disclosure requirements are periodically updated, and as a result, individual SROs must update their respective listing requirements. Because audit committee activities are closely scrutinized and because compliance activities are mandated by laws and regulations, they must be given top priority.

It seems likely that the compliance burden on audit committees will add to the time-commitment burden of directors and make service on audit committees less attractive. If the compliance burden continues to grow, it may limit the ability of the audit committee to effectively monitor financial reporting issues, thereby reducing it to a “form-over-substance” committee. Fortunately, compliance and risk officers, and their respective staff members, are carrying some of the burden of compliance.

Nasdaq and NYSE rules require that a financial expert be present on the audit committee of a listed company. (As noted above, the presence of a financial expert is an SRO rule and is not imposed by SOX or the SEC.) Under Nasdaq Rule 4350(b)(2)(A), a financial expert is someone who “has past experience in finance or accounting, requisite professional certification in accounting, or any other comparable experience.” The NYSE is less explicit in defining a financial expert, thus allowing listed companies to make their own determination. Is there a downside to having a financial expert on the audit committee?

Exhibit 4 shows that most audit committee members (60.1%) agree that there is a risk that audit committee members may inappropriately defer to the audit committee financial expert.

Why SROs felt compelled to mandate the presence of a financial expert on the audit committee is somewhat of a mystery given the typical tendency of business entities to want less regulation. If audit committee members are overrelying on the financial expert, the purpose of having an expert may be defeated.

Are audit committees receiving the information necessary to fulfill their oversight function? Exhibit 5 shows that, unfortunately about half of audit committee members rate the quality of pre–audit committee meeting materials as moderate or low. The audit committee must cultivate relationships and work closely with the CEO and CFO, and the internal and external auditors, to provide actionable information for meetings and to resolve any matters requiring action. To accomplish this end, it is imperative that the committee be informed about all significant issues in financial reporting so that appropriate discussions can take place.

An independent audit committee plays a central role in ensuring the credibility of financial reporting and reducing the possibility of management fraud. The responsibilities and requirements placed on audit committees have been strengthened over time, especially with the passage of SOX in 2002. Unfortunately, there are still a number of barriers to the effective functioning of audit committees, including an overreliance on a financial expert, poor-quality information for the committee, and a significant compliance burden. Nevertheless, audit committees gained significant clout under SOX and have greater power to participate in the financial reporting process. Will audit committees be able to stop management fraud? Certainly not in every case, but a diligent audit committee should be able to deter management fraud and may currently be the best friend an investor has.

Note: Presentation reprinted from “Audit Committee Institute Fall 2004—Exploring Expectations of Audit Committee Effectiveness,” ”2003, KPMG International. KPMG International is a Swiss cooperative of which all KPMG firms are members. KPMG International provides no services to clients. Each member firm is a separate and independent legal entity and each describes itself as such. Printed in the United States of America. Reprinted with permission of KPMG International. All rights reserved.

The views expressed are those of the authors and not necessarily those of The CPA Journal or KPMG, unless otherwise indicated. This article contains information of a general nature and is believed by the authors to be accurate as of its original publication. The reader should not construe the content as accounting, legal, or other professional advice, and it is not intended to address the circumstances of any particular individual or entity. If specific professional advice or assistance is required, the services of a competent professional should be sought.