|Audit Committee and Risk Management|
The National Association of Corporate Directors and The Center for Board Leadership have just published “Audit Committees: A Practical Guide.” It is the work of a Blue Ribbon Committee on Audit Committees and will have a major effect on the practice of risk management. Risk and risk management are now board responsibilities. This is a document that every practicing risk manager should read, review, and understand. It clearly sets the guidelines for ultimate reporting on risks and their management in any organization, profit, nonprofit or governmental.
Audit committees of the board have been required for New York Stock Exchange listed companies since 1978. This work defines a new focus on not only financial reporting, but also risk assessment. The authors state that “many audit committees focus on financial reporting but neglect to assess risk.” They continue: “the risks faced by companies span a broad range, including competitive, environmental, financial, legal, operational, regulatory, strategic, and technological, to name only a few. Of course, the audit committee alone cannot monitor all these risks. Rather it must rely on the collective efforts of many other parties to do so — including in some cases other board committee. Nonetheless, it plays a key role in ensuring that risk is included in the ‘line of vision’ for other key participants in the audit process.” Risk management is clearly a central challenge for both CEOs and boards today, along with financial reporting and the audit function itself.
The paper describes why corporations need audit committees, who should lead them and serve on them, how to make them more effective, how to initiate and maintain best practices, and how to operate effectively within legal requirements. It includes nine appendices
including a sample charter (in which risk management is the first of eight “primary responsibilities”), a self-assessment guide, sample questions for an audit committee (again, “risk” is the first topic), a sample committee calendar, “red flags” for financial reporting and risks (27 factors relating to management characteristics, industry conditions, and operating statistics), an internal audit charter (the first item in scope of work is “risks are appropriately identified and managed”), a sample representation letter to the audit committee, an excerpt from the Public Oversight Board Report, and key moments in the history of audit committees.
In the list of responsibilities, the report includes four steps in “monitoring risk management (identification and control):”
This Report explicitly details the risk management responsibilities of audit committees and sets the stage for new risk reporting and communications. For copies, contact The National Association of Corporate Directors, 1707 L Street, Suite 560, Washington, DC 20036. Telephone: 202-775-0509 Website: www.nacdonline.org
Copyright H. Felix Kloman and Seawrack Press, Inc.
to RMR Table of Contents
RiskINFO Home Page
Additional Topics This Month and Archives