Although the increased responsibilities of audit committee membership are relatively new, neither the statute nor the SEC rules and regulations furnish any guidelines on how the audit committee should operate. You should therefore draw upon your business judgment and experience, as well as upon common sense.

First, the audit committee should prepare an agenda and a schedule for each year. Counsel to the audit committee, who are experienced in this area and who are different from and unrelated to company counsel, should participate in this process. As a start, go through the items required to be covered in the audit committee charter. Also focus on the different reporting issues and the internal audit risks involved with each segment of the company's business.

You should gather contact information and contact the groups or persons with whom you will need to establish communications, such as the lead partner of the outside auditor, the chairman of the executive compensation committee, the company's chief financial officer and other persons within the company's internal financial reporting network responsible for the budget. You should also seriously consider establishing a liaison with the chief compliance officer and the general counsel. One way to ensure this is to set up a specific structured meeting schedule for the next year, which can be modified if specific problems arise. This is especially important because most of the members of the audit committee are independent and they must participate in these meetings.

In establishing a relationship with the outside auditor, it is often a good idea that the chairman of the audit committee and the lead audit partner meet at least twice during the time period that the audit is being conducted. The first meeting should cover the scheduling and procedures. The second should occur prior to the accounting firm's sign-off to go over audit concerns and issues raised during the audit. It may also be prudent to schedule periodic meetings a couple of times when they are not in the middle of an audit. The audit committee should also have a list of audit-related and non-audit items for approval. You should also make sure the controls are in place to notify the audit committee when items materially exceed the budget, as this often relates to the quality of the internal financial controls.

As part the agenda, the audit committee should obtain copies of all of the company's compliance guides and become an active participant in reviewing and updating the company's overall compliance programs. This is especially the case with "up the ladder" complaint provisions to ensure that the audit committee becomes aware of complaints relating to the integrity of the financial information and reports at the very beginning. In that connection, the audit committee should set out a way for complaints concerning or impacting audit items be forwarded to them in such a way that protects the integrity of the person informing them of potential financial improprieties. The audit committee needs to be an early participant in discovering potential financial improprieties because they often indicate deficiencies in the company's internal auditing procedures.

The audit committee should seriously consider implementing a training program for its members, in light of their heightened responsibilities. This is especially applicable to members without an extensive background in audit procedures and corporate reporting of financial information. It could also be helpful to persons who have the requisite background. Being a member of an audit committee is an important responsibility. Once you have been appointed, you then must discharge your responsibilities properly. To do this the audit committee has to implement appropriate procedures.

Need for Meaningful Compliance Program

In the past we have written about the need for companies to establish and enforce internal compliance programs.

The SEC proceedings against Statoil, a Norwegian-based multinational oil company, illustrates this principle. The staff found that Statoil had paid bribes to an Iranian government official in return for his influence to assist the company in obtaining a contract to develop a significant oil and gas field in Iran and to smooth away for additional projects in Iran. These payments violated the Foreign Corrupt Practices Act. During the time period that the bribes were made, Statoil had specific internal controls and procedures that were in place to prevent illegal payments. But, according to the SEC release describing the settlement, these controls were insufficient to prevent or detect the wrongdoing. Further, the company mischaracterized the illegal payments as legitimate “consultant fees” and, accordingly the company violated the books and record keeping provisions of the federal securities law.

Again, the moral to the story is creating a compliance program is only a valuable protective tool if the company implements it and vigorously enforces it.

Return to SEC Central

CHARLES HECHT has been a principal of his own law firm specializing in securities law since 1971. He was previously on the staff of the Division of Corporate Finance of the Securities and Exchange Commission at its headquarters in Washington, DC. Contact him at 212.490.3232 or visit www.securitiescounselors.com