Challenges associated with the Audit Committee's role in value creation

Organizations have audit committees as part of their governance framework. These committees operate typically as subcommittees of the board of directors. Its primary responsibility is to provide oversight of financial reporting, risk management, internal controls, and the audit process in order to ensure transparency, accountability, and compliance with applicable laws and regulations.

An audit committee can significantly contribute to internal audit's ability to deliver added value. I have examined value creation from the perspective of internal audit in this blog. Let's now examine the topic from the perspective of the audit committee, focusing specifically on the challenges. To begin my discussion of the challenges associated with the audit committee's role in value creation, I would like to briefly outline the general responsibilities associated with the audit committee's role. By understanding the roles and responsibilities in the same way, it becomes easier to discuss the challenges related to implementation in an understandable manner.

Generally, the audit committee has the following responsibilities:

• Ensure that the internal audit function operates effectively and aligns with the organization's risk management strategy.
• Assure that robust internal control systems are in place and that organizational risks are effectively mitigated.
• Ensure legal, regulatory, and governance standards are observed.

As a first challenge, I would like to draw attention to the differing expectations between internal audit and the audit committee, which may adversely affect to the value creation. The audit committee and internal audit may not have a shared understanding of IA's role and objectives, leading to misaligned expectations. It is important that the audit committee discuss and define its own vision for the work and activities of internal audit. Regular communication and meetings between the audit committee and internal audit can be established to ensure clarity and alignment. Additionally, creating a detailed charter that outlines the internal audit's objectives, responsibilities, and how they align with the committee's goals can provide a solid framework. Conducting joint training sessions or workshops can help both parties gain a mutual understanding of each other's expectations and priorities.

When the parties do not have a shared understanding of the role and expectations related to the outcome differ, it is almost impossible for internal audit to add value to the audit committee or likewise. Audit committee may focus on compliance and assurance, while internal audit is focusing to deliver insights into strategic risks and performance improvements. Misaligned expectations can lead to confusion and frustration, reducing the effectiveness of both internal audit and the audit committee. This misalignment may also result in duplicated efforts, overlooked risks, or gaps in assurance, ultimately hindering the organization's ability to achieve its strategic objectives. Furthermore, it can damage trust and collaboration between the two parties, making it challenging to address critical issues effectively. Therefore, the parties should clearly discuss the goals of their work with each other in order to avoid misunderstandings and enable both parties to add value in their respective roles.

The second challenge related to the Audit Committee's role is limited meeting time. I previously highlighted this challenge on my blog, but since I believe it is still highly relevant, I cannot avoid bringing it up again. Limited meeting time (between Audit Committee and Business/Internal auditors)  can hinder thorough discussions and decision-making, as participants may not have enough opportunity to voice their opinions or address concerns. This constraint often leads to rushed conclusions and unresolved issues. Furthermore, it can create frustration among stakeholders who feel their contributions are not adequately considered.

I would argue that the importance of interaction and discussion between internal audit and the audit committee (and how much time should actually be allocated to it) is not fully understood. Not to mention its actual impact on value creation between the parties. The audit committee's time is often very limited, and the content and schedule of the meetings are carefully defined in advance.  When setting schedules, it is rare to accurately estimate how much time handling of matters actually require, and the schedule is often unrealistic. As a result, there may not be  time for the matters that should be discussed. In many organizations, this area requires development.

Last but not least, I would like to emphasize the audit committee's expertise (and competence). There should be a sufficient understanding of business operations and risk management among Audit Committee members. Exactly how Audit Committee members are required to meet this requirement is an intriguing question that cannot be answered straightforwardly. Demonstrating competence is ultimately challenging. Of course, to ensure appropriate competence, requirements related to the audit committee's expertise have been defined in regulations. These regulations are intended to ensure adequacy, at least when individuals are appointed to the role.

As regulations change rapidly, experts within the organization have their hands full ensuring these are integrated into the company's practices. I believe that rapid legislative changes require a special set of skills from Audit Committee members as well. Organizations often provide ongoing training programs and workshops for Audit Committee members to keep them updated on the latest regulatory changes. These sessions are sometimes led by external experts who specialize in compliance and risk management. Additionally, some companies implement regular briefings and distribute detailed reports to ensure members are fully informed and can effectively apply new regulations in their oversight roles.

As a result of this, I believe that, with the operating environment and its risks changing rapidly, organizations should reconsider how they can best support the Audit Committee in fulfilling its defined responsibilities. In my view, this means more active collaboration between the audit committee, internal audit, and company management than before. In this context, even the well-established practices to ensure sufficient information exchange should be critically reassessed.

What steps has Your company taken to ensure the competence of the Audit Committee? Does the possible annual training provided to the Audit committee suffice to ensure that the committee is competent considering the rapidly changing operating environment, risks, and regulations?