In anticipation of the launch event of the ACI Forum, KPMG has recently conducted an analysis of audit committees in Malta focusing on listed entities, banks and insurance companies. Research has indicated that there are presently around 50 audit committees with an average of three members per committee. Out of the 123 individuals involved in audit committees, 31% are foreign nationals and 13% are involved in more than one committee. Finally, on average, less than 15% of audit committee appointments are held by executive directors.
Locally the Institute will employ a range of tools to assist audit committee members and non-executive members in meeting their oversight role. These tools include the ACI Forum, Audit Committee Bulletins and access to select publications and other resources, sourced primarily via the global ACI network.
To help audit committees focus their agendas on key challenges throughout the year, the UK ACI has issued its annual "aide memoire" to directors - "Ten To-Do's for Audit Committees in 2010" - highlighting issues that should be at the top of the audit committee’s current agenda. These are summarised below.
ACI's "Ten To-Do's for Audit Committees in 2010"
When considering and carrying out their 2010 agendas, audit committees should:
1. Regain control of the audit committee agenda
The challenges of the economic crisis (access to capital, cash flow, counterparty risks, impairments, etc) have dominated audit committee agendas. As signs of recovery emerge, take the opportunity to develop more focused (yet flexible) agendas, with an eye on the company's key financial reporting risks. To improve the efficiency of committee meetings, insist on quality pre-meeting materials, spend less time on low-value or checklist activities, and engage in discussions rather than listening to presentations. Don't let compliance activities crowd-out substantive discussion.
2. Understand the risks posed by cost reductions made in response to the economic crisis
Many companies have engaged in cost cutting as the economic crisis deepened. Every board and audit committee should now be asking whether the company's delivery model has been changed permanently, and whether a "cost-reduced" business model can be sustained. Did we cut too much? How quickly can we restore critical infrastructure such as IT and sales force? How far have we extended the organisation through outsourcing and off-shoring? As companies cut costs and reduce their workforce, the control environment becomes even more critical. Now is not the time to cut-back on internal audit's budget.
3. Focus closely on all financial communications
Company announcements and analyst briefings can pose difficult issues because they contain important business information which often does not come from the financial reporting system, is not audited, and is not subject to internal controls. If you haven't already done so - given the uncertainties created by the economic crisis - reconsider company announcements and guidance it issues on expected future performance. Engage early-on in reviewing the 2010 disclosures, particularly new disclosures regarding risk, compensation, and corporate governance. Where applicable, understand the company's policy on the use of social media networks to reach investors and customers.
4. Continue to monitor fair value issues, impairments, and management's assumptions underlying critical accounting estimates
These issues, together with going-concern challenges, will continue to be a major area of focus for audit committees. At the same time, there are important new financial reporting developments (including business combinations, segmental reporting and IFRS 9) that may require the committee's attention. Set aside time at each committee meeting for a deep dive into a specific financial reporting development impacting the company.
5. Rethink the audit committee's role in risk oversight
The tremendous focus on risk today provides an opportunity for the board to reassess the oversight role of the audit committee, the full board and the other standing committees such as the risk committee. Does the audit committee have the expertise and time to deal with strategic, operational, and other risks? Is the expertise of other board members being leveraged? Audit committees already have a lot on their plates with oversight of financial reporting risks.
6. Make sure internal audit is properly focused and fully utilised
Help refine internal audit's role and focus internal audit's activities on key areas of risk, as well as risk management generally. Internal audit is not accountable or responsible for risk management, but it should provide added assurance to the audit committee regarding the adequacy of the company's risk management processes. Internal audit is most effective when it is focused on risk: ensure that the internal audit plan is risk-based and focuses on the critical risks to the business and not just compliance and financial risks.
7. Prepare for the potential impact of key public policy initiatives on compliance, risk, and governance processes
New legislation has already emerged in the wake of the financial crisis and major public policy changes (e.g. the environment, energy, and financial services regulation) may soon follow. Such changes will likely impact a broad cross-section of companies and industries, and may impose additional reporting, transparency, and compliance obligations. These, in turn, will require new or modified compliance, risk, and governance oversight processes.
8. The economic crisis continues to put pressure on compliance and anti-fraud programs. Be vigilant
The economic downturn has placed tremendous pressure on management to achieve operating results; at the same time, cost cutting and workforce reductions may have exacerbated these pressures. How has the company treated its employees? How do they think they've been treated? A comprehensive review of the company's anti-fraud and compliance programs (including the impact of any new anti-bribery legislation) may be in order. The right tone at the top and throughout the organisation is critical.
9. Help reduce the risk of misalignment as the company undergoes change
Change creates risk. During times of dramatic change, the risk of misalignment - of the company's strategy, goals, risk, controls, compliance, incentives, and people - goes up exponentially. Given the audit committee's role in overseeing risk, internal controls, compliance, and ultimately the impact of significant changes on the company's financial statements, the committee is in a unique position to help reduce the risk of misalignment.
10. Take a fresh look at the audit committee's composition and leadership
The audit committee's effectiveness and accountability hinges on meaningful self-assessment of the audit committee as a group as well as individual members. Take a hard look at the committee's composition, independence, and leadership. Is there a need for a "fresh set of eyes?" If so, ask for them.
Juanita Bencini, Advisory partner at KPMG responsible for Regulatory and Compliance who is spearheading the ACI initiative in Malta, stated that even though established for markets where audit committees are more evolved, it is striking how these to-dos are also hugely relevant for the Maltese market. “I have seen audit committees in Malta evolve significantly over the years, both in listed entities as well as regulated entities such as banks. In part this has been fuelled by regulation but companies are beginning to appreciate the input and insight that a properly functional audit committee can provide to an entity. These to-dos can be a great catalyst for shaping our local audit committees’ agendas and focusing their discussions during 2010.”
The Malta ACI is keen to establish itself as the reference resource for audit committee members with these “to-dos” providing just a glimpse of the insights the network has to offer on the area. The Malta ACI will shortly be launching its first event, exploring the critical issues and challenges facing audit committees locally. Ideas will be exchanged via a Q&A session with Mr. Phil Hodkinson, audit committee chair and non-executive director of three large UK companies: BT Group plc, Resolution Ltd, and Travelex Holdings Ltd. Mr. Hodkinson is also a qualified actuary and chartered banker by profession and non-executive director of Her Majesty’s Revenue & Customs, and a trustee of three charities: BBC Children in Need, Christian Aid and Business in the Community.
Further information on the ACI in Malta can be obtained on the following email address: aci@kpmg.com.mtor by calling on +356 2563 1160.