| Title |
Summary of the Audit Committee Guidance Committee Guidelines |
||||||
| Issue No. | 1/2009 - Audit Committee Guidance and SID celebrates Ten Years | ||||||
| Details | Summary of the Audit Committee Guidance Committee Guidelines
On 30 October 2008, the Audit Committee Guidance Committee (ACGC) released the ACGC guidebook which provided greater direction and offered practical guidance to audit committees in several key areas. These include risk management, internal controls, quality of internal audit, interested persons transactions, risk management, board composition, performance assessment and financial reporting. The guidebook produced by the ACGC represents a significant milestone in the local corporate governance scene.
Past reflection, future direction The ACGC Guidelines is timely in addressing the practical challenges faced by independent directors and audit committees. It is commonly said that corporate governance disasters could have been averted if independent directors had been more rigorous in asking their Chief Executive Officers (CEOs) questions, demanding answers and when needed, blowing whistles. In these turbulent times when large companies can collapse overnight, the roles of independent directors and the audit committee seem to offer little security to stakeholders and the public. A heightened media spotlight on independent directors may be inevitable in the light of recent corporate failures and the economic meltdown.
Even though Singapore has a developed economy with relatively sophisticated business practices, the media occasionally gets a feast of boardroom drama. Some independent directors may then quickly find themselves ‘identifiable’ to the man on the street. Independent directors could also face the risk of legal liability and reputational repercussions. This could potentially discourage good candidates from taking up the role of independent director. It is thus timely that the Audit Committee Guidance Committee guidebook helps shed light on roles and responsibilities of independent directors.
The practical challenges faced by independent directors and audit committees are numerous, but these can be summarised into three major themes:
Pushing and testing the limits further, Section 705, introduced by the SGX, requires directors to provide a ‘negative assurance’ statement.
What’s next? In light of the new ACGC Guidebook, every independent director and audit committee member should ask themselves this question: “How does the organisation measure up with respect to the recommended practices in the guidebook?”
With the new guidelines and the heightened attention on independent directors and audit committees, the immediate priority would be to align their current governance practices and procedures to the framework detailed in the guidebook.
Independent directors should: 1. Perform a “Stock-Take” of the current “As-Is” state of their boards and organisations 2. Determine the gaps where current practices fall short of the guidance from the ACGC Guidebook 3. Assemble a “To-Do” list to address and bridge these gaps.
The standards provided in the guidebook are not mandatory but provide useful guidelines to good practices Stakeholders may sometimes expect almost complete compliance with the guidelines. While this set of guidelines do not have the force of law, it does increase the directors’ exposure to liabilities. This blueprint sets the tone and standards of internal controls expected of SGX listed companies and would no doubt serve as a reference point and benchmark for any companies listed on SGX and those looking to be listed on the SGX. Even in the absence of such stakeholder expectations, independent directors themselves should embrace and adopt these guidelines to fulfill their obligations in discharging their responsibilities.
The ACGC Guidebook is not intended to resolve all challenges faced by independent directors nor will it immediately eliminate gaps in the public’s perception. As the industry and the public digests the new mandate of the ACGC and assesses the implications, this guidebook provides an important first step towards harmonising the expectations leveled at independent directors and the practical challenges they face.
The ACGC Guidelines – Salient Points The guidelines are a result of inputs from various stakeholders in the business community and takes on board the Frequently Asked Questions (FAQs) by Audit Committee members. In addition to the FAQs which are featured throughout the various sections in the guidebook, it also incorporates case studies, and appendices of sample templates and other more detailed guidance notes. There are useful reallife case examples compiled to provide guidance.
The guidebook is in two main sections: 1) AC Compositions “The AC plays a critical role in ensuring the integrity of the financial statements through its oversight of the company’s financial reporting process, the internal control system and the audit function. To discharge this role properly, the AC must ensure that it has individuals with the appropriate qualifications to provide independent, objective and effective oversight.” • What are the key factors a company needs to consider when appointing AC members? • It covers areas in the form of ‘Objectivity’ and ‘Independence’, ‘Qualification of members’, ‘Selection of AC Chairman’ and ‘Tenure of the AC’.
2) Roles and Responsibilities of an AC Section I: Internal Controls “The AC should review the adequacy of the company’s internal controls, operational and compliance controls, and risk management policies and systems established by the Management”
The AC has a statutory obligation under the Company’s Act to review the external auditor’s evaluation of internal accounting controls. Consistent with the Code of Corporate Governance, this section takes a broader view of the definition of ‘internal controls’ to collectively include operational controls, compliance controls and risk management policies and systems established by management. The section defines the scope of AC’s responsibilities for internal controls and provides practical guidance on how AC can do so, with the following channels: a) Obtain management’s assurance on the state of internal controls b) Review of internal auditors’ evaluation of internal controls c) Review of internal control issues raised by external auditors. The section also highlights the importance of the audit committee in reviewing the control environment, the organisation’s framework for fraud risk management and its Information Technology (IT) governance framework.
With respect to (a), an appropriate mechanism mentioned in the guidebook is the use of control self assessment (CSA) exercises. CSA drives and reinforces the responsibilities and accountability of internal controls to the process owners and uses an upward self-audit, self-report and self certification process to facilitate the CEO and Chief Financial Officers (CFO’s) written declaration to the AC on the state of internal controls. CSA can eventually become a sustainable platform from which the Board can make the negative assurance statement as required by Section 705 of the SGX Listing Manual.
Review of internal auditors’ evaluation of internal controls includes reviewing and approving the scope of work proposed by internal auditors and benchmark for evaluation of internal controls against an internationally recognised internal control framework. This can augment the expertise of the in-house Internal Audit (IA) team with external specialists, requiring update of the status of implementation of action plans from past IA work and having private sessions with internal auditors at each AC meeting or upon request by the IA, without the presence of management.
With respect to (c), the guidelines suggest the audit committee review the internal controls findings by the external auditor especially those which are disputed by management. In addition, similar private sessions with external auditors without the presence of management are also recommended.
Section II: Risk Management “The Board has the ultimate responsible for ensuring that Management establishes sound risks management policies and systems that safeguard shareholders’ investment and the company’s assets. Management is responsible for putting in place processes for identification, assessment, management, monitoring and reporting of risk and for providing assurance to the Board that is has done so.”
In instances where the Board delegates this role to the AC, the guidebook provides guidance on how the AC can review the effectiveness of the risk management framework of a company. The elements of a good risk management framework are also described in Appendix C3 of the guidebook.
With respect to promoting a ‘risk aware’ culture, this section again specifically mentions CSA as a tool which management can use to assess the control effectiveness as well as business processes within the organisation. Other risk management programmes which the AC can recommend to the management are “near-miss” reporting, crisis and emergency management, business continuity planning and succession planning.
Section III: Internal Audit “The Code recommends the establishment of an IA function to assist the AC in discharging its responsibilities. The Companies Act envisages that each listed company has in place an IA function and tasks the AC with the review of the scope and results of the IA procedures.”
This section of the guidebook provides examples of the various internal audit models a company can adopt: in-house, co-source or out-source. Guidance is also provided with respect to how the AC should assess the effectiveness as well as efficiency of the IA function. The positioning of the IA function within the company determines how effective an IA function is, and hence the mandate in which the IA function operates is a critical success factor. The terms of reference or mandate of an IA function should be an area which the AC would need to clearly define.
Section IV: Financial Reporting “While Management is primarily responsible for the preparation of complete, accurate and reliable financial statements and also formal announcements relating to the company’s financial performance, it is the AC’s duty to oversee the integrity of the financial statements and other related disclosures.”
Guidance is provided in this section, and spells out the key areas, which the AC should focus on, primarily: I. Competency of the finance team in supporting good internal controls II. Effective audits and high quality financial reporting and disclosures III. Accounting polices and the application as to whether they are reasonable and appropriate IV. Errors and mis-statements of financial statements V. How AC should review accounting judgments and estimates VI. Case studies relating to the identification of related party transactions for disclosure purposes.
Section V: External Audit “The duties of the AC should include reviewing the scope and results of the audit and cost effectiveness, and the independence and objectivity of the external auditor.”
While in reality and in practice, AC members are probably most familiar with this section of the guidelines with respect to their roles and responsibilities with dealings with external auditors, there are nonetheless useful notes and guidelines on the appointment and assessment of external auditors.
Section VI: Other Duties and Responsibilities • Interested Person Transactions Clear guidelines, FAQs and case studies provide greater clarity for AC to “make a distinction between” Interested Person Transactions (IPT) and “Related Party Transactions”, what the AC can do to ensure the transaction pricing is not prejudicial to the interest of the company and its minority shareholders and how the AC can ensure that the procedures in the general IPT mandate are on normal commercial terms. Sample forms for disclosure and declaration purposes are also included in Appendices E2 and E3 respectively.
• Conduct of meetings Useful pointers are provide in this section, with a case study also describing what an AC should do if it needs more time to consider a proposal tabled by the Management without prior notice during a routine AC meeting.
• Performance assessment There is a sample checklist provided for ACs to perform a self assessment. Guidelines are also provided as to how the Nominating Committee should interact accordingly. There are many factors, criteria and issues, which need to be considered. This section helps addresses all these.
• Whistleblowing Elements of a good whistle blowing policy are set out in Appendix H1, while a sample of the policy is provided in Appendix H2. Useful guidelines covering the whistleblowing framework and policy are also included to provide further insights as to how AC can implement this effectively. Other areas addressed include guidance to AC if the complaint is against the Chairman of the company or if there are allegations of fraud/bribery involving foreign government officials.
• Training What are the training requirements for AC members or what are the basic topics that all AC members should be familiar with? The guidebook provides answers to these questions. As the business environment grows at a rapid rate, not only it becomes more complex, but it also increases the demands of AC to keep up with these changes. Keeping in line with these changes are the roles and responsibilities of all AC members.
The Audit Committee Mandate – The launch of Audit Committee Institute (ACI) Recognising the importance of audit committees since 1999, KPMG International has created and sponsored the ACI to serve audit committee members and help them to adapt to their changing role. The Singapore Chapter2 of the worldwide ACI has now been launched. This is timely, given the issuance of the ACGC guidebook and the need for further guidance for the mandate of the audit committee.
Historically, ACs have largely been left on their own to keep pace with rapidly changing information related to governance, audit issues, accounting and financial reporting. Sponsored by KPMG LLP in Singapore, the ACI provides knowledge to AC members and is a resource to which they can turn for information or to share knowledge. The ACI aims to be the first point of call for any audit committee member wishing to implement and/or improve audit committee processes.
More importantly, we hope that this new avenue would serve as a useful platform for AC members of the wider business community where knowledge can be shared openly. We encourage AC members to log into the website, (www.kpmg.com.sg/aci) which contains further guidance on many areas, related to the AC agenda. The site is populated with toolkits and publications from our global KPMG ACI network, as well as AC surveys on topical subject matters, which can be accessed by AC members here in Singapore.
There are now ACI chapters in over 28 countries worldwide assisting audit committee members across the globe in their quest to improve governance in organisations operating in, for example, the USA, Australia, Belgium, Canada, United Kingdom, Columbia, Germany, Switzerland and Malaysia.
This article is written by Irving Low, Executive Director, Internal Audit, Risk and Compliance Services (IARCS), KPMG LLP The views and opinions expressed herein are those of the author and do not necessarily represent the views and opinions of KPMG LLP. The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Irving Low Claudia Eio
1 The ACGC was established on 15 January 2008 by the Monetary Authority of Singapore (MAS), the Accounting and Corporate Regulatory Authority (ACRA) and the Singapore Exchange Limited (SGX) in an effort to promote and strengthen good corporate governance practice. The first mandate of the ACGC was to develop practical guidance for audit committees of listed companies. 2 Visit our website at http://www.kpmg.com.sg/aci or email us at aci@kpmg.com,sg |
