Audit Committees Prevent Management Fraud?
Steven A. Harrast and Lori Mason-Olsen
JANUARY 2007 - The
world of accounting changed on July 30, 2002, when the Sarbanes-Oxley
Act (SOX) was signed into law. The changes set in motion by
that legislation continue to cascade through all aspects of
the accounting profession. SOX became law as the Enron debacle
was unfolding and only nine days after the WorldCom bankruptcy,
the largest bankruptcy in history. While the colossal corporate
failures surrounding the passage of SOX may have ensured passage
of the legislation, the scandals that motivated SOX had been
recognized by members of Congress and the SEC for some time.
On September 28, 1998, Arthur Levitt, chairman of the SEC,
made a speech at the New York University Center for Law and
Business condemning the “creative accounting practices”
used by U.S. companies. Earnings restatements continue to
rise, and many questions remain about the ability of public
companies to control management fraud in the financial reporting
the passage of SOX, audit committees have been stepping
up to the plate and assuming new duties in the financial
reporting system. By design, audit committees are expected
to maintain a line of defense against management fraud by
monitoring the financial reporting function and internal
controls of an organization. A strong, independent audit
committee has increasingly become an indispensable part
of an organization’s governance. The authors discuss
below significant events in the development of audit committees,
and present the results of a survey of audit committee members,
who describe the benefits and challenges of their role under
current standards. This information is intended to help
accounting professionals understand the critical role of
an audit committee and better utilize this important resource.
of Audit Committees
the recent frauds and the subsequent rise in the number
of earnings restatements demonstrate the continuing need
for improved controls in the financial reporting process.
Unlike employee fraud, management fraud is less likely to
be detected by low-level controls because of management
override. Typical internal control systems cannot be counted
on as an effective deterrent to management fraud. Therefore,
SOX section 301 requires an independent audit committee
to help deter management fraud and enhance the integrity
of financial reporting.
SEC promoted the audit committee concept after its investigation
of the McKesson & Robbins case. In the McKesson &
Robbins fraud, a corrupt management claimed the existence
of inventory that later turned out to be bogus, a practice
that resulted in on-site inventory inspections. In 1972,
the SEC encouraged the establishment of audit committees
composed of independent directors, and by 1974, the SEC
began to require public disclosure of whether audit committee
members were, in fact, independent. Little changed until
the late 1990s, when earnings management and creative accounting
practices became a threat to market integrity. In 1998,
SEC Chairman Levitt called for greater controls to guard
against fraudulent financial reporting. That same year,
the public stock exchanges—often referred to as self-regulating
organizations (SRO)—sponsored the Blue Ribbon Committee
(BRC) to study how audit committees could be more effective.
The BRC recommended that companies establish independent
audit committees with a minimum of three financially literate
members and one financial-expert member. In addition, the
BRC recommended that audit committees adopt a formal charter
to plainly describe the committee’s role in internal
control activities. Soon after the BRC report was issued,
the SEC and the SROs adopted the requirement for independent
audit committee members.
2002, during heightened awareness of management financial
fraud, Congress passed SOX. Although SRO rules already required
the independence of audit committee members, SOX established
the requirement by statute. Individual SROs are permitted
to establish independence standards more stringent than
those set forth by SOX. Current SRO rules generally prohibit
audit committee members from: 1) receiving compensation
for their services (other than director’s fees; 2)
employment by or consulting for the company; and 3) having
any close family members who are either employees of or
consultants for the company. Prior employees and auditors
may become independent after a three-year “cooling-off”
period. To make a definitive determination of independence,
consult the SEC rules and the rules published by the SRO
where the company’s securities are traded.
to SOX section 301, the audit committee carries out its
responsibility over the financial reporting process by:
appointing, overseeing, and compensating the independent
establishing procedures for handling complaints about
accounting, auditing, and internal control; and
procedures for the submission of concerns about questionable
accounting and auditing matters.
governance structure protects the integrity of the reporting
process by insulating the external auditor from possible
addition to minimum audit-committee responsibilities, SROs
have sought to enhance the quality of corporate governance
by instituting additional requirements for listed companies.
These include a continuing requirement that audit committees
have a charter describing the audit committee’s responsibilities
and that the committee hold meetings in “executive
session” on a regular basis, with only independent
directors in attendance. As recently as January 1, 2006,
Nasdaq has made amendments to its listing rules regarding
audit committee members believe that recent changes could
make a difference? In a 2004 KPMG Audit Committee Institute
survey of about 500 audit committee members from various
industries—including financial services (37.6% of
respondents), technology (12.7%), manufacturing (10.5%),
retail (9.4%), healthcare (8.4%), energy (5.2%), transportation
(2.2%), telecommunications (1.6%), and others (10.2%)—70.5%
believed that the losses incurred in some of the high-profile
financial reporting scandals of the last few years could
have been avoided or reduced if the financial reporting
and audit processes of the company had been overseen by
an audit committee deemed to be effective by today’s
standards (see Exhibit
survey suggests that most audit committee members would
concur with the ideas expressed by the SEC and the BRC about
the importance of an effective audit committee. It is important
that audit committees believe their activities will make
a difference, and it is encouraging to note that most agree
that they can. Unfortunately, some skepticism remains about
an audit committee’s ability to prevent fraud. Clearly,
an audit committee must possess both information and diligence
to detect and prevent management fraud.
much time are audit committee members spending on each committee?
According to the KPMG survey, the most commonly cited annual
time requirement necessary to fulfill the role as an audit
committee member, including all related meetings and preparation
time, is between 50 and 100 hours. The responses are tabulated
indicated in Exhibit 2, the time requirement can be substantial.
A small fraction of committee members indicate spending
over 300 hours a year on audit-committee-related matters.
At least one SRO, the NYSE, believes that serving on too
many audit committees reduces effectiveness. The commentary
on NYSE rule 303A requires special disclosure when a member
sits on more than three separate audit committees. While
there is no rule on the number of meetings the audit committee
should hold, it seems reasonable to assume that four meetings
would be required to review quarterly and annual filings.
The SEC requires disclosure of the number of audit committee
meetings held, so that stakeholders can monitor the diligence
of the committee.
there activities that detract from audit committee effectiveness?
The KPMG study found that 37% of audit committee members
thought that compliance activities resulted in a negative
impact on the overall effectiveness of the audit committee
3). The burden of compliance is a very real issue because
the SEC’s disclosure requirements are periodically
updated, and as a result, individual SROs must update their
respective listing requirements. Because audit committee
activities are closely scrutinized and because compliance
activities are mandated by laws and regulations, they must
be given top priority.
seems likely that the compliance burden on audit committees
will add to the time-commitment burden of directors and
make service on audit committees less attractive. If the
compliance burden continues to grow, it may limit the ability
of the audit committee to effectively monitor financial
reporting issues, thereby reducing it to a “form-over-substance”
committee. Fortunately, compliance and risk officers, and
their respective staff members, are carrying some of the
burden of compliance.
and NYSE rules require that a financial expert be present
on the audit committee of a listed company. (As noted above,
the presence of a financial expert is an SRO rule and is
not imposed by SOX or the SEC.) Under Nasdaq Rule 4350(b)(2)(A),
a financial expert is someone who “has past experience
in finance or accounting, requisite professional certification
in accounting, or any other comparable experience.”
The NYSE is less explicit in defining a financial expert,
thus allowing listed companies to make their own determination.
Is there a downside to having a financial expert on the
4 shows that most audit committee members (60.1%) agree
that there is a risk that audit committee members may inappropriately
defer to the audit committee financial expert.
SROs felt compelled to mandate the presence of a financial
expert on the audit committee is somewhat of a mystery given
the typical tendency of business entities to want less regulation.
If audit committee members are overrelying on the financial
expert, the purpose of having an expert may be defeated.
audit committees receiving the information necessary to
fulfill their oversight function? Exhibit
5 shows that, unfortunately about half of audit committee
members rate the quality of pre–audit committee meeting
materials as moderate or low. The audit committee must cultivate
relationships and work closely with the CEO and CFO, and
the internal and external auditors, to provide actionable
information for meetings and to resolve any matters requiring
action. To accomplish this end, it is imperative that the
committee be informed about all significant issues in financial
reporting so that appropriate discussions can take place.
independent audit committee plays a central role in ensuring
the credibility of financial reporting and reducing the
possibility of management fraud. The responsibilities and
requirements placed on audit committees have been strengthened
over time, especially with the passage of SOX in 2002. Unfortunately,
there are still a number of barriers to the effective functioning
of audit committees, including an overreliance on a financial
expert, poor-quality information for the committee, and
a significant compliance burden. Nevertheless, audit committees
gained significant clout under SOX and have greater power
to participate in the financial reporting process. Will
audit committees be able to stop management fraud? Certainly
not in every case, but a diligent audit committee should
be able to deter management fraud and may currently be the
best friend an investor has.
A. Harrast, CPA, PhD, is an assistant professor of
accountancy at the University of Northern Iowa, Cedar Falls,
Lori Mason-Olsen, PhD, is an assistant professor
of accountancy at North Dakota State University, Fargo, N.D.
Presentation reprinted from “Audit Committee Institute
Fall 2004—Exploring Expectations of Audit Committee
Effectiveness,” ”2003, KPMG International. KPMG
International is a Swiss cooperative of which all KPMG firms
are members. KPMG International provides no services to
clients. Each member firm is a separate and independent
legal entity and each describes itself as such. Printed
in the United States of America. Reprinted with permission
of KPMG International. All rights reserved.
views expressed are those of the authors and not necessarily
those of The CPA Journal or KPMG, unless otherwise indicated.
This article contains information of a general nature and
is believed by the authors to be accurate as of its original
publication. The reader should not construe the content
as accounting, legal, or other professional advice, and
it is not intended to address the circumstances of any particular
individual or entity. If specific professional advice or
assistance is required, the services of a competent professional
should be sought.