ROLE OF THE AUDIT COMMITTEE
IN LOCAL GOVERNMENT

Presentation to
Local Government Audit Committee Chairs

By Wayne Cameron
Auditor-General of Victoria

28 July 2004

Opening comments

Thank you for inviting me to your forum. The Municipal Association of Victoria (MAV) is to be congratulated for facilitating such a forum – particularly given the currency of the subject and noting the recognition of the role of the audit committee in recent amendments to the Local Government Act.

The role and membership of the audit committee in local government was one of the matters brought to my attention on my appointment as Auditor-General in September 1999. Since that time some, (far too many) spectacular corporate collapses both here in Australia and overseas have forced the subject back onto the broad governance agenda. Inquiries such as the Ramsey review and the report of the HIH Royal Commission, CLERP 9 and the Sarbanes-Oxley legislation in the US has included a re-examination of the role of the audit committee.

All of these influences have a common theme. In all cases, the effectiveness of oversight mechanisms has come under scrutiny – particularly the accounting and auditing profession, as well as oversight bodies. This, in turn, has surfaced issues about audit independence and audit effectiveness. Independence is influenced by

• the appointment process (CEOs have in the past often recommend which audit firm should be appointed in the private sector)

• the objectivity of the audit activity (i.e. no scope restrictions or fee pressures)

• unimpeded reporting arrangement.

Many of these issues are not present in the public sector, because parliament, on behalf of the citizens, has appointed the auditor and granted him reporting autonomy.

Having said that, the introduction of audit committees into the public sector has been a very positive adjunct to the governance framework for the sector. Because of the different governance models applied in the public sector, there has always been a risk that the governing body may not contain the full range of particular professional skills necessary to monitor the activities of the entity.

Appointing independent persons to the audit committee represents an opportunity to bring particular skills to the table. From my experience, being able to discuss the results of audits or special investigations with an audit committee that comprises a majority of independent persons has been at times essential – particularly when the subject of the investigation was holding a senior office.

It is at such times that the results of such inquires have to be managed carefully, as well as responsibly.

But more about this later. It might, at this juncture, be useful to quickly touch on some of the key aspects on the subject.

Background

The accounting profession defines an audit committee as: “A Committee comprising a majority of independent/non-executive members of the governing body of an entity to which has been assigned, amongst other functions, the oversight of the financial reporting and auditing process”.

Role of the audit committee

An audit committee is a mechanism established to coordinate the activities of management, the internal audit process and the Auditor-General, with a view to achieving overall organisational objectives in an efficient and effective manner.

Its role is to assist the governing body in the discharge of its responsibilities for financial reporting, maintaining a reliable system of internal controls and fostering the organisation's ethical environment.

Benefits

An audit committee provides the governing body with many benefits:

• The existence of an audit committee helps the governing body fulfill its duties and responsibilities - for example, in establishing and maintaining a reliable system of internal control.

• The governing body is seen as being committed to high-quality, objective financial reporting.

• Routine audit matters are filtered at the audit committee level, freeing the governing body's time for other matters.

• Communications between the internal and external auditors and the governing body are enhanced.

• Liaison between auditors and the committee leads to a more efficient and effective audit. Cooperation in the planning stage gives the auditor (external and internal), additional insights into the workings of the organisation, including the risks and exposures considered significant by the governing body.

• Such liaison improves the understanding of the organisation's financial statements and awareness of the nature and scope of the audit. This increased awareness of auditing issues may, in turn, lead to a greater focus on the risk profile of the organisation.

• An organisation's internal audit function is strengthened through reporting to the audit committee.

• The internal auditor's independence is enhanced. Without an audit committee, the internal auditor may be required to report directly to line management and divisional heads. The closeness of the internal auditor/management relationship may, in certain circumstances, jeopardise audit independence. An audit committee increases the independence of the internal auditor to encourage a diligent audit and open communication from the auditor.

Functions and objectives

The key function of an audit committee is assisting the governing body in adequately discharging its duties.

Formal information sources are:

• Management

• internal auditors

• external auditors.

The audit committee must understand the fundamental accounting and risk issues facing the organisation, and be able to advise the governing body about the impact of these issues on information reported and policies adopted by the organisation.

The objectives of an audit committee vary for each organisation but, as a minimum, include the following:

• to improve the quality of financial reporting

• to ensure the governing body makes informed decisions regarding accounting policies, practices and disclosures

• to provide a safeguard from exposures

• to overview the scope, quality and outcome of the internal and external audit

• to monitor action taken by management to resolve issues raised by the internal and external auditor.

Regular reporting by the internal auditor to the audit committee means that the former is reporting at the highest level within the organisation. As with external auditors, internal auditors need to be able to have frank and independent communication at this level.

Duties

The duties of any audit committee vary to meet the needs of the particular organisation, but generally include:

• helping to establish an environment in which internal controls can operate effectively

• overseeing the monitoring of the organisation's systems of financial reporting and internal control to obtain early warning of systems weaknesses

• reviewing the organisation's accounting policies and reporting requirements

• assessing the adequacy of management reporting

• reviewing the organisation's compliance with its defined corporate morality and the law

• discussing the intended scope of the internal and external audit, and satisfying itself that no unjustified restrictions have been imposed by management

• inviting the regular communication of findings from both the internal and external auditors throughout the year

• monitoring the implementation of recommendations made by the internal and external auditors

• regularly reporting to the governing body on its findings.

Meeting frequency

Some of the above duties continue throughout the year, while other duties are less frequent, for example, when the internal or external auditors have a matter to raise with the committee, but as a minimum I would expect about 4 meeting a year. One to discuss the scope of internal and external audits for the year, and accounting policies. Typically, this would occur about Easter each year. The second, not long after the interim audit was completed, say July. The third, at the conclusion of the financial audit as a precursor to making recommendations to council about the accounts and the audit results. And the fourth, say in December as a follow-up on internal audit work and on the external audit management letter matters.

Role of non-executive members

Independent people, referred to as non-executives, are highly desirable members of an audit committee as they are not involved in the governance of the organisation. They bring to the committee:

• an independent viewpoint and the ability to ask incisive questions

• additional skills which might not be otherwise available to the organisation

• a wider network of contacts.

Non-executive members also act as a confidential and impartial sounding source for the governing body on such matters as executive classification, succession and management structure.

Senior executive managers, such as the chief executive officer and the principal accounting officer, should not be members of the audit committee because their role will include many duties of interest to the audit committee. However, such executives will often attend audit committee meetings, by invitation, in a non-member capacity.

Possible matters for discussion by an audit committee

The following is a list of matters which might be discussed at an audit committee meeting:

• the planning and scope of the internal and external audits

• areas of concern and risk

• reporting considerations: do any changes in accounting standards or legislation affect the organisation?

• matters arising from the internal and external audits: have they reported any internal control weaknesses or made comments on the figures contained in the financial statements?

• a review of management's remedial action to correct problems raised by the internal and external auditors

• a review of monthly and quarterly management reports

• a review of the annual accounts, including discussion of any major transactions and accounting issues, adopted accounting policies, and the proposed external auditor's opinion report

• a review of the performance of the internal auditor

• matters which might be raised with the council.

Relationship and responsibilities

Interaction of responsibilities

The responsibilities of the governing body, the audit committee and the external and internal auditors are:

• The governing body is primarily responsible for the preparation of the financial statements of the organisation and the establishment and maintenance of a system of internal controls. It also manages the organisation's affairs, in compliance with applicable laws and regulations.

• The Audit Committee assists the governing body in the fulfillment of its duties by overseeing the financial reporting process, and interacting with the external and internal auditors on behalf of the governing body.

• The Auditor-General, as the external auditor, expresses an opinion on the financial statements prepared by management and may conduct performance audits and other special inquiries of activities of the organisation.

• The internal auditor forms part of management's system of internal control.

Responsibilities of the audit committee

The primary values of an audit committee are its independence and objectivity in relation to management. The committee should not assume any of management's functions or it forgoes these values; nor should management exert undue influence over the work of the committee.

To fulfill its supervisory function, the audit committee should be familiar with the roles of management and the internal and external auditors.

The committee liaises with the external auditor on behalf of the governing body and, therefore, should have a detailed understanding of the audit process. The committee should ask the auditor if they are experiencing any difficulties with management (for example, in the provision of adequate supporting evidence and schedules, adherence to the agreed timetables, and liaison with the internal auditor) and should ask management for its views on the efficiency of the audit process. The committee should be able to conduct separate discussions with both management and the auditors.

The committee should meet regularly; the agenda should be set in consultation with management and the auditors. Meetings should be minuted and a report to the governing body should be compiled after each meeting.

Reports to the governing body over the year could include such matters as:

• the adequacy of the internal control systems

• fraudulent or illegal activities

• disagreements between the auditors and management

• compliance with the organisation's own code of conduct

• evaluation of the internal and external audit function, and management processes associated with financial reporting

• the approval of the financial statements.

Internal audit role

The internal audit function forms part of management's system of internal control. To be fully effective, the internal auditor should report to the highest level possible within the organisation, such as the audit committee. The committee should review and approve the internal audit plan, progress results and the implementation of the recommendations.

The audit committee can assess the effectiveness of the internal audit function by examining:

• the scope of the internal auditor's work, including formal risk assessment and prioritisation of audit coverage

• the quality of their reports

• to whom they report within the organisation and monitoring the implementation of their recommendations

• their qualifications and training

• their relationship with the Auditor-General

• their independence from the areas reviewed.

The internal auditor should attend committee meetings and be encouraged to air any concerns he or she has before the committee.

Auditor-General's (the external audit) role

The Auditor-General has wide powers in relation to the audit of a public body. As well as the financial audit undertaken by the Auditor-General, he or she also has the power to conduct performance audits and other inquiries of organisations to establish whether they are achieving their objectives effectively and doing so economically and efficiently, and in compliance with relevant Acts.

The audit committee should invite the Auditor-General, or his or her representative, to meet with the committee to discuss proposed audit objectives with a view to eliminating duplication of audit activities, from an internal audit perspective, and to discuss the outcomes of the external audit process.

Communication between the Auditor-General and the committee is vitally important and the Auditor-General’s staff will make sure that the committee understands the difference between the role and responsibilities of the external and internal auditor on the one hand, and those of management on the other. This communication should include such issues as:

• the plan for the current audit cycle across all aspects of the Auditor-Generals mandate

• the fees to be charged for the external audit

• perceived or identified weaknesses in internal control

• fraudulent or illegal acts

• areas of disagreement with management, both resolved and unresolved

• the Auditor-General's view on any accounting issues which may impact on the financial statements

• any difficulties encountered in the performance of the audit.

Reports to parliament

We have, in recent times, sought to involve audit committees in all of our interests. This includes discussion on proposed performance audits and special inquiries as they relate to local government. This decision has been taken to respond to concerns expressed by some audit committees that they were not clear about their role in respect of these other audit activities – having traditionally concerned themselves with the financial audit activities.

Where such an audit has been completed and the local government council has been the subject of that audit, starting this year my staff have been asked to involve the audit committee of the relevant local government council in the report clearance processes. This has already begun and the practice has been seen by those affected as a positive move.

Other audit material

From the beginning of this year, my Office has commenced producing a series of good practice guides. Guides produced to date cover:

• Chief Finance Officer: Role and responsibilities

• Managing risk across the public sector

• Managing internet security.

Others will be developed as and when necessary. For example, following my recent audit of the quality of performance reports submitted to councils each month, I am giving consideration to preparing a guide on what regular performance reports to council might be expected to cover.

These guides are especially useful for audit committees since they are designed to assist senior management, governing bodies and audit committees to check their internal processes to ensure best practice is followed in key areas and minimise the risk of poor outcomes or lost opportunities.

Specific further comment

I indicated at the commencement of this address the heightened interest in, and role of, audit committees. This is as true for the public sector as it is for the private sector. Recent amendments to the Local Government Act specifically require the establishment of an audit committee. That same section (139) signals that the minister may make guidelines in support of that requirement. Although that has yet to occur, undoubtedly the minister will be guided by a number of forces in developing the guidelines. Those influences will include:

• the experience of local government since the introduction in 2000 of the Best Practice Guidelines on the Role of the Audit Committee and Internal Audit, issued by the department.

• the directions issued in 1 July 2003 by the Minister of Finance on audit committees.

• the expectations of the community of each council in following best practice

• the experience of my Office in the practices adopted by councils to date.

To that end, I have already reported in November 2003 on observations made following a review of practices in local government last year. That report commented more broadly on the quality of control structures, including internal control and audit committees. Some of the key findings are of interest:

• Most local governments have now established an audit committee.

• Some councils operate with a committee membership as low as 2, others with over 8! – the average is between 4 and 5 members.

• Some audit committees include staff – they shouldn’t in my view. I believe there remains a lack of clarity in agencies about the membership and, therefore, the role of audit committees, since I all too frequently see staff on audit committees who must clearly at times be placed in a position to have to comment, or examine at least, their own part of the organisation’s performance. I don’t believe staff should be placed in this position.

• Some members lacked requisite financial literacy skills.

• The committee’s role was at times too narrowly defined, and it didn’t meet frequently enough.

• Attendance by the external auditor varied enormously – in too many cases the auditor met with the committee only once a year, or not at all. For example, in 11 councils, the external auditor was not offered the opportunity to present the results of the financial audit to the audit committee prior to the financial statements being certified by the council.

These findings suggest that although audit committees are now an integral part of the governance landscape of local government, there remains some lack of understanding in some councils in their dealings with external audit and the financial reporting process.

To get a better feel for practice since then, I have asked all auditors across all public sector agencies to complete a review of audit committee arrangements and their effectiveness at 30 June 2004. It would be my hope that the results of that fieldwork would be available in time to provide appropriate positive input to the practice framework to be applied by local government in implementing the intent of section 139 of the Local Government Act.

Concluding remarks

Increasingly, the charter of audit committees is being broadened to encompass the oversight of risk management. This involvement invariably leads to better governance and oversight of risk management at council and executive management level. In a study on risk management by my Office in March 2003, audit committees actively take a risk management leadership role in about 40 per cent of Victorian public sector organisations¹. This needs to increase.

Audit committees are a crucial part of any accountability model. Audit committees should be chaired by an independent member and have a majority of independent persons as members. All members must possess sufficient skills to undertake their responsibilities.

One of the greatest challenges we face in the public sector is finding people who are independent of the organisation, who can serve as audit committee members but who have sufficient knowledge of the organisational arrangements and risks bearing on the organisation to make an effective contribution and assessment of those risks.

In future, members of audit committees will have to increase their understanding of the nature of the risks within their organisation to discharge their responsibilities effectively.

As I said at the outset, you are to be congratulated in committing the time and thought into this important subject. It is important for 2 reasons. The first is simply that gained from sharing insights into the experiences pooled here today. The second is that of shaping the agenda in a fashion that best fits your purposes.

In closing I should like to thank you for the opportunity to share some thoughts about making audit committees effective.

¹ Victorian Auditor-General’s Office 2003, Managing risk across the public sector, Government Printer, Melbourne.