In fact, many audit committee members believe they are now being held to a higher standard, according to research by the National Association of Corporate Directors (NACD). The changing environment for audit committees in particular and board members in general has resulted in greater difficulty in filling board vacancies. According to a recent Wall Street journal article, directors at many companies are spooked, and for every acceptance of a directorship at a major company, five turn it down. Prospects are wary of the risk to their reputation and may not have the required time to devote to a significant new responsibility.

Indeed, those who accept audit committee positions face growing responsibilities related to the oversight of risk and governance processes as well as increased scrutiny regarding their qualifications.

Audit Committee Practices

In the post-Enron environment, boards are being motivated by speeches from SEC officials, increased knowledge of best practices, and actions of shareholder activists to ask as many questions of as many people as it takes for them to fully understand the company's business, risks, and controls. Any remnants of the old "rubber stamp" attitude should be long gone.

A result of this increased need for information will likely be audit committee meetings that require more time and advance preparation. Traditionally, audit committees would meet for a few hours before the full board meeting. Agendas were highly structured and allowed little time for discussion. Increasingly, audit committees are meeting the day before the full board meeting to allow enough time for frank, in-depth discussions and full interaction between the committee and management, the external auditors, and the internal auditors. Phone conferences may also be required between scheduled committee meetings to accommodate releases of quarterly results.

They're discovering that audit committee duty entails significant time and effort and requires accountability when things go wrong.

Heightened Emphasis on Risk and Governance

In addition to alerting audit committees to the need to perform their duties with increased rigor, the Enron collapse has focused attention on the importance of internal controls, particularly those involving ethics and a code of conduct. The effectiveness of all controls is dependent upon the control environment, or tone at the top. Enron's apparent widespread non-- compliance with company policies, especially those dealing with its code of conduct, has been widely viewed as a major cause of its troubles. Oversight of governance procedures is one of an audit committee's most important duties.

Additionally, following Sept. 11, audit committees have elevated in importance their need to spend more time overseeing the risks of physical and technical security, as well as to more closely monitor organizational processes for assessing, evaluating, mitigating, and monitoring significant business risks. The winter 2002 Audit Committee Quarterly, published by KPMG's Audit Committee Institute, reports feedback from participants in the institute's Fall 2001 series of audit committee roundtables. According to the feedback, 85 percent of audit committee participants said that risk-related issues would receive the most consideration at the board level due to the changes in risk since Sept. ii. Thirty-five percent of those respondents chose enterprise risk management as the most important issue, while 27 percent said general security procedures were most important. Twenty-- three percent chose computer information disaster recovery as the top priority.

Only 35 percent of audit committee participants said that management had provided the audit committee with adequate background concerning the company's information security risks. And 63 percent of respondents thought the audit committee needed to improve its oversight of information security risks and related controls. It should be noted that the Enron collapse had not yet occurred at the time of these meetings.

Focus on Qualifications

To effectively perform their increasing responsibilities, as well as more traditional duties involving accounting matters, audit committees must be independent and possess financial knowledge. Pursuant to one of former SEC Chairman Arthur Levitt's Blue Ribbon Committee initiatives, the stock exchanges have enacted rules requiring each member of an audit committee to be totally independent of management and to be financially literate. In fact, at least one member of the committee must have accounting or financial management expertise. The Blue Ribbon Committee considered this a necessary first step toward increasing the capability of audit committees to more vigilantly and comprehensively review the contents of a public company's financial statements before approving them for inclusion in the SEC annual report. These same capabilities are necessary for the audit committee to effectively discharge other duties, including evaluating the independence of the external auditors and performance of both the external and internal auditors, monitoring risk processes and controls, and overseeing the governance processes involving ethics systems.

According to NACD's "2001-2002 Public Company Governance" survey, the membership requirements "appear to have a profound impact on audit committee independence." In fact, the report states there was a "massive" 13 percent surge from 2000 in the number of companies having a majority of board members consist of independent outsiders. The NACD reports that the most likely cause is the influx of independent directors to boards to meet the new audit committee standards.

Additionally, a December 2001 SEC "Cautionary Advice" release suggests, "Prior to finalizing and filing audit reports, audit committees should review the selection, application, and disclosure of critical accounting policies." This new duty illustrates the comprehensive level of knowledge of the Generally Accepted Accounting Principles and their application that audit committees must have to discharge their duties effectively.

Roles and Responsibilities

The Blue Ribbon Committee report also focuses public and shareholder attention on the audit committee's mission and activities. Every three years, a company's proxy statement must contain the committee's charter and each year must include a report setting forth committee activities. Among other requirements, the charter must specify that the external auditors are accountable to the board of directors and audit committee and that these groups have the authority and responsibility to select independent external auditors, evaluate their performance, and, when necessary, replace them.

Recommendations from the Blue Ribbon Committee report have also been implemented in the form of new professional auditing standards for external auditors. The new standards require external auditors to discuss the quality of the organization's accounting practices with the audit committee, not just their acceptability. Other matters that the external auditors should discuss with the audit committee include any deficiencies in internal control, discovered fraud or illegal acts, disagreements with management, and audit adjustments, regardless of whether they were booked. According to former SEC Chief Accountant Lynn Turner, speaking at Northwestern University School of Law late last year, such discussions should be robust, candid, and probing.

The Blue Ribbon Committee report also requires the audit committee to annually state that it has satisfied itself of the external auditor's independence.

Role of the Internal Auditor

Increased audit committee focus on business risk and governance provides significant opportunities for internal auditors. In fact, the Standards for the Professional Practice of Internal Auditing specifically requires internal audit activity in these areas.

Internal auditors should be alert to ways to add value and improve their organization's operations. To do so, auditors must acquire and maintain broad skill sets, receive enhanced resources in terms of greater funding and larger staffs, and achieve new understandings of their mission with senior management and the audit committee. Chief audit executives should also encourage audit committee members to make contact with the activity during the year, not just before or at a regular committee meeting.

In the PricewaterhouseCoopers white paper, "Alignment: The Ultimate Best Practice," Jim Latorre, global leader of internal audit solutions, describes a winning internal audit strategy as a continuous effort to harmonize audit activities with the expectations of stakeholders, including the audit committee. He states that a "continuous alignment [process] will help ensure that the internal audit mission, strategic focus, skill sets and core processes are in sync with valid stakeholder expectations and risk management priorities on an ongoing basis. Without an effective alignment process, internal audit runs a growing risk of failing to meet the varied - and constantly changing - expectations of its key constituents."

Latorre continues: "In the future, effective alignment of internal audit mission, people, skills, and capabilities with diverse value drivers is likely to determine a company's investment in internal audit as well as the success of the function." In other words, internal auditors should be sensitive on a realtime basis as to how they can best serve the needs of the audit committee, board, and senior management.

A Time of Change

Recent events have initiated forceful changes in the business environment that may trigger new legislative, regulatory, or private sector oversight of many groups, including audit firms, accounting standard setters, financial analysts, financial rating services, corporate directors, and financial officers. These changes will undoubtedly result in attention to audit committee responsibilities for oversight of risk management and the processes of governance, as well as concerns about control systems.

Audit committees have been provided an insightful view of their importance. To cope with the increasing demands on their time and expertise, audit committees will certainly look to internal auditing as a resource and for support. Internal auditors should use this opportunity to expand their influence in all of the areas envisioned by the new definition of internal auditing. They should be prepared to respond promptly to audit committee requests and to provide high value services.

--  Curtis C. Verschoor; Michael Barrier; Larry E Rittenberg