The Board of Directors and Audit Committee Guide to Fiduciary Responsibilities: Ten Crtical Steps to Protecting Yourself and Your Organization

INTRODUCTION

I

N THE WAKE

of the 2001 collapses of Enron, WorldCom, and Arthur Andersen, professionals, lawmakers, and stakeholders alike turned their focus to issues such as corporate governance, accountability, and transparency, pushing C-suite executives, managers, and board members to more closely scrutinize the inner workings of businesses. In the decade since, however, corporate malfeasance has remained in the headlines, with attention-grabbing collapses of such corporate stalwarts as Lehman Brothers, which in 2008 accounted for the largest bankruptcy in U.S. history—and nearly brought down the entire U.S. economy.

According to the 2011 Performance and Accountability Report by the U.S. Securities and Exchange Commission (SEC), the SEC filed 735 enforcement actions covering a broad spectrum of financial wrongdoing during the fiscal year ended September 30, 2011.¹ This represented an 8.6 percent increase from 2010—more cases than ever previously filed by the SEC’s Division of Enforcement in a single fiscal year. Those enforcement cases, and those from 2010, resulted in $3.6 billion in penalties and disgorgement (i.e., the repayment of illicit gains), with many of the financial wrongdoings falling under the general oversight of audit committee activities.

Despite some notable business failures and enormous fines, boards of directors have done much to improve the accountability and transparency of the companies they oversee. In fact, strong boards and audit committees can do—and have done—much to help build great companies. Because many organizations do not impanel a separate audit committee, the entire board may be called upon to fulfill that function. Therefore, this book interchangeably uses the terms board and audit committee.

In this era of closer scrutiny and larger fines, those who sit on boards and committees must do all they can to hold management accountable for its actions. In fact, regulators and disgruntled shareholders are accelerating their efforts to hold board directors personally accountable for their actions as well as for perceived inaction in their role in overseeing management, meaning that anyone who chooses to sit on a board or audit committee can be sued if the organization or directors break the law. Directors and committee members must be thorough, independent, and able to apply their expertise when overseeing organizations, whether public or private, for-profit or nonprofit.

No organization should harbor the false impression that the full board can carry on the duties of an audit committee without ample expertise at the board level. For example, Sonora Resources Corp. reported just such a material weakness to the SEC in an annual filing, stating, We have a board which consists of the Chief Executive Officer and we do not have an audit committee. An audit committee would improve oversight in the establishment and monitoring of required internal controls and procedures.² Such material weakness points to both a lack of independence at the board level and a lack of expertise—something no organization should allow.

In another example, Buka Ventures Inc. reported a material weakness in an annual filing to the SEC, noting that [c]ertain entity level controls establishing a ‘tone at the top’ were considered material weaknesses and that the company did not have a separate audit committee or a policy on fraud. The disclosure continues: There is no system in place to review and monitor internal control over financial reporting. The Company maintains an insufficient complement of personnel to carry out ongoing monitoring responsibilities and ensure effective internal control over financial reporting.³

These examples point to a dangerous recipe for errors and fraud. Weak, ill-informed, and inexperienced boards and audit committees can contribute in many negative ways to the downfalls of organizations. On the other hand, strong boards and audit committees stand at the core of strong organizations.

The audit committee is responsible for overseeing internal and external audit functions, financial reporting, and disclosure. Any publicly traded company in the United States listed on a stock exchange must maintain a qualified audit committee whose members consist of independent outside directors, and disclose if they have at least one financial expert, or otherwise, to explain why they do not. The audit committee is the most commonly referred to standing committee of the board—and for good reason: This is the group of individuals that ensures primary oversight of an organization’s financial reporting process and internal controls. As the board committee that is assigned primary responsibility to protect investor interests, the audit committee is a key component of the corporate governance structure. Yet failures and weaknesses in corporate governance arrangements are commonly cited as being behind business catastrophes, including the financial crisis of 2007–2008 that brought the world to the brink of economic chaos.

Boards of directors and audit committees must do all they can to ensure that proper corporate governance strategies are in place, that transparency is embedded in the organization’s culture, and that financial reporting processes are followed to the letter. Successful board and audit committee members must:

Understand and satisfy regulatory and legal expectations of board service.

Equip themselves with tools to direct both internal and external auditors.

Learn how to identify the leading financial reporting distortions.

Find out how to build an effective team as a board and audit committee.

Know what to ask when invited to join a board or committee.

Protect stakeholder interests by reducing organizational exposure to adverse events through risk-management and fraud-deterrence activities.

Prepare for bad news with a crisis media-action plan.

Balance stakeholder interests concerning executive compensation and employee relations.

Explore the effects of management influence over board oversight duties.

The Board of Directors and Audit Committee Guide to Fiduciary Responsibilities provides specific guidance that helps committee members satisfy the requirements of serving as board members while protecting themselves and their organizations. It offers practical advice to anyone who wants to fulfill his or her duties without adverse legal, reputational, or financial repercussions. Readers will find insight and actionable recommendations regarding the audit committee’s role in management and audit oversight.

The book boils down the voluminous, highly technical guidance provided to board directors into ten easily understood and achieved action steps:

1. Nominate independent directors

2. Establish a culture of action

3. Evaluate the audit committee

4. Direct the external audit

5. Scrutinize the financial statements

6. Leverage internal audit and outside resources

7. Satisfy regulators and other stakeholders

8. Address risk proactively

9. Spearhead fraud-deterrence initiatives

10. Expect the unexpected

These ten actions should not be thought of as discrete, sequential steps. Rather, they cover essential topics that, when performed together, provide a composite set of governance strategies that give audit committee members and board directors the necessary peace of mind to know that they are fulfilling their at times daunting responsibilities. Each of these steps is equally important, with no consideration of value implied by the order in which they are presented.

Good governance by the audit committee is a game of endurance. It requires a systematic approach that must be continually updated and monitored to address emergent threats. As a director, you can be sure that scrutiny of the execution of director and audit committee duties will continue to increase in direct proportion to the level of the public’s distrust of financial reporting.

This book presents an authoritative, reliable framework that audit committee and board members can follow to ensure that they are fulfilling their fiduciary responsibilities in a responsible yet efficient manner. By following the steps outlined, audit committee members can protect themselves and their fellow directors, as well as the company’s reputation and stakeholder interests—most importantly those of shareholders.

CHAPTER ONE

Nominate Independent Directors

A

WELL-RECRUITED AUDIT COMMITTEE

provides a brain trust of backgrounds, experience, perceptions, intellect, and specific skills that facilitate cross-fertilization and exposure to new ideas. The audit committee is typically responsible for monitoring all internal and external audit functions of a company, overseeing the financial reporting process, and ensuring regulatory compliance. For publicly traded companies listed on a stock exchange, at least three independent directors are required to sit on the audit committee, with a requirement to disclose whether they have at least one financial expert.

Selecting members with an eye toward nurturing a culture that is collegial yet critical promotes the atmosphere of accountability necessary to ask hard questions of the chief financial officer, the external auditor, and even the chairman of the board and the organization’s chief executive officer. This chapter presents considerations for the nominating committee and for audit committee candidates.

Nominating Committee Perspective

Audit committee success starts with the nomination process. Therefore, audit committee success ultimately rests on the shoulders of the full board of directors because the appointment of directors, including audit committee members, is a full board responsibility. The re cruitment and selection of new directors and the evaluation of in cumbent directors typically rests with the board’s nominating committee, if one exists; otherwise the entire committee may take on the task of finding new members. The nominating committee is sometimes referred to as the corporate governance committee.

In considering candidates for open audit committee positions, nominating committees consider a candidate’s independence, the need for a financial expert, diversity of skill sets, and demographic diversity.

Independence

The presence of independent oversight of management is directly linked to a lower perceived risk for the organization. An organization that lacks independent oversight is typically associated with a higher cost of capital because a potential shareholder or creditor demands a higher rate of return to compensate for the additional risk. So nominating committees strive to impanel an audit committee of which all members, or at least a majority, meet the organization’s definition of independence. For public companies listed on stock exchanges, all members of the audit committee must be independent per the listing requirements of the exchanges in order to comply with Section 301 of the Sarbanes-Oxley Act of 2002 (SOX), which requires that all members of an audit committee be independent for public companies that are listed on a national securities exchange.

Director independence is a vastly deeper, wider, and more complex topic than can be described by strictly adhering to specific definitions, because of the informal nature of many social connections that could impair independence. Regulators have been challenged to articulate a definition of independence that goes beyond direct relationships to address the deep web of personal connections formed through neighborhoods, schools, fraternities, social clubs, gyms, industry associations, former board members, and the like.

Regulators and funding sources have provided a slew of definitions of independence in an attempt to promote an audit committee culture immune from conflict-of-interest risks. In the case of audit committees, it is especially important that directors are independent from those in management and from the external auditor over whom they watch. Let’s take a look at the definition of related parties per U.S. generally accepted accounting principles (GAAP), legal definitions of independence, and practical definition considerations for nonpublic companies.

Related Parties per U.S. GAAP

Directors and audit committee members are forbidden from involving themselves in related-party transactions unless properly disclosed in the financial statements, as such events might give rise to conflicts of interest and inhibit the appearance of independence required for boards and committees.

U.S. GAAP, the collection of generally accepted accounting standards by the Financial Accounting Standards Board, offers a definition for related parties that includes affiliates, control, immediate family, management, principal owners, and other related parties. Although the technical definition for related parties is quite long, it boils down to a relationship that offers the potential for transactions that are conducted at less than arm’s-length distance, that offer favorable treatment, or that provide an ability to influence the outcome of events differently from what might result in the absence of that relationship. U.S. GAAP goes on to stipulate that related-party transactions are not necessarily illegal, but material related-party transactions must be disclosed to the readers of the financial statements. Creditors of private companies and funding sources of nonprofit organizations require similar disclosures of related-party transactions, with the key objective of these disclosures being improved transparency of the relationships between the board, its audit committee, and management.¹

Legal Definitions of Independence

As mentioned, Section 301 of SOX requires that for public companies listed on a national securities exchange, all members of an audit committee be independent. In order to be considered independent for purposes of SOX, audit committee members may not, other than in their capacity as directors, (i) accept any consulting, advisory, or other compensatory fee from the issuer; or (ii) be an affiliated person of the issuer or any subsidiary thereof.

The SEC is tasked with crafting rules and regulations to effectively implement SEC. In doing so, the SEC directs companies to use the definition of independence from the national securities exchange or interdealer quotation system applicable to them.

All national securities exchanges and interdealer quotation systems in the United States have definitions of independence. For example, the New York Stock Exchange (NYSE) requires boards to affirmatively qualify directors as independent by determining that each director has no material relationship with the listed company. It further specifies that a director is not independent if the director:

Is or has been within the past three years an employee of the listed company.

Has an immediate family member who is or has been with in the past three years an executive officer of the listed company.

Accepts more than $120,000 in direct compensation (other than director fees) from the listed company.

Is a current partner or employee of a firm that is the listed company’s internal or external auditor.

Has been within the past three years employed as an executive officer of another company where any of the listed company’s present executive officers at the same time serves or served on that company’s compensation committee.

Is a current executive officer of a company that has sales or purchase transactions greater than $1 million or 2 percent to the other listed company’s consolidated gross revenues.²

The NYSE definition also notes that it is not possible to anticipate, or explicitly to provide for, all circumstances that might signal potential conflicts of interest, or that might bear on the materiality of a director’s relationship to a listed company.³ The NYSE definition makes it clear that it is in the best interest of boards to broadly make independence determinations to consider all relevant facts and circumstances. The board should consider independence not merely from the standpoint of the director, but also consider independence from the standpoint of persons or organizations with which the director has a relationship. These relationships can include commercial, industrial, banking, consulting, legal, accounting, charitable, and family ties.

The NASDAQ Stock Market (NASDAQ) has similar rules to the NYSE guidelines, but it allows for compensation up to only $60,000.

Those public companies not subject to listing requirements must adopt and disclose a definition of independence using one of the recognized definitions that listed companies use. The definition must be disclosed in annual filings to the SEC or posted on the company’s website.

Practical Definition Considerations for Nonpublic Companies

The NYSE definition of independence can provide guidance to help any organization craft its own definition of independence for the purposes of recruiting strong audit committee members. No single definition is going to perfectly hit the mark for all types of organizations. Companies and nonprofit organizations operate in a diverse array of sizes and industries, each with its own risks.

A purist definition of an independent director or committee member is someone whose directorship constitutes his or her only connection to the organization. Boards are encouraged to use the definitions as a minimum because independence is in reality intangible and immeasurable, rather than something that can be captured by any rules-based definition, as attempted by the NYSE’s definition. A good definition has elements of both a general guiding principle and certain well-defined parameters. Some organizations find it helpful to augment a general definition with specific examples of what does or does not constitute independence.

ACTION STEPS

Avoid director candidates who have a direct financial connection to the organization.

Be mindful of the impact of social relationships on independence.

Craft an independence policy that provides a general definition of independence along with specific scenarios of independence and nonindependence.

Financial Expert

The term financial expert has entered into the vocabulary of mainstream corporate America in large part because of SOX.⁴ Although it is not a requirement for nonpublic companies to have a financial expert on their audit committee, it is for publicly traded companies unless they disclose to the public why they do not. The criteria for what constitutes a financial expert should be strongly considered when recruiting audit committee members.

The SEC and SOX define an audit committee financial expert to be a person who has the following attributes:

An understanding of generally accepted accounting principles and financial statements

The ability to assess the general application of such principles in connection with the accounting for estimates, accruals, and reserves

Experience preparing, auditing, analyzing, or evaluating financial statements that present a breadth and level of complexity of accounting issues that are generally comparable to the breadth and complexity of issues that can reasonably be expected to be raised by the company they serve

An understanding of internal controls over financial reporting (ICFR), that is, those controls that are designed and that function to provide assurance that the output of the financial reporting system is accurate and complete

An understanding of audit committee functions⁵

The SEC’s Final Disclosure Rules Regarding Audit Committee Financial Experts requires that the financial expert, if one or more exists, be identified in a filing. While the SEC does not require publicly traded companies to have a financial expert on the audit committee, the failure to have at least one requires disclosure, including an explanation why no such expert is included in the audit committee. This disclosure requirement operates in practice as a de facto requirement to have at least one financial expert on the audit committee because companies do not wish to been seen as not having financial expertise on the committee. Some organizations have multiple financial experts on their audit