Responsibilities of the audit committee
This is the second part in a series of articles on the 1-2-3 of audit committees. In the first part, we gave an overview of the recommendations
The Institute of Directors in Southern Africa issued the King IV Report on Corporate Governance for South Africa, 2016 (King IV Report) on 1 November 2016. Part 1 of this series of articles provided an overview of the requirements of the King IV Report in relation to the audit committee, with a focus on who should have audit committees; the composition of the audit committee and required qualifications; and enhanced disclosure requirements.
Other than the statutory duties of the audit committee, the governing body of an organisation can delegate additional responsibilities to the audit committee. The governing body does, however, remains ultimately accountable for such delegated responsibilities. These responsibilities include, but are not limited to, the oversight of the organisation’s assurance services and functions, annual financial statements, the internal audit function, and risk management – all of which are briefly explored in this article.
Assurance services and functions
The governing body should ensure that the organisation has effective assurance services and functions based on the combined assurance model, which enables an effective internal control environment in the organisation.1 The combined assurance model should be designed and implemented to address the significant risks and the material effects of the risks in the organisation. The combined assurance model includes service providers such as the independent external auditors, internal auditors, specialists involved in the risk management of the organisation, and other assurance providers that focus on sustainability and environmental matters, actuaries and external fraud investigators.2 The audit committee’s oversight over the arrangements for assurance services and functions contribute to ensuring that an effective control environment is enabled, supporting the integrity of information used for internal decision-making, as well as the integrity of external reports issued by the organisation.3
Annual financial statements
The governing body should ensure the integrity of the annual financial statements and other external reports issued by the organisation, for example the integrated report and sustainability report, by setting the direction for how assurance of these external reports should be approached and addressed.4 In addition to statutory assurance requirements, such as the audit of a company’s annual financial statements in terms of the Companies Act 2008, the governing body should consider whether assurance should be applied to the underlying data used to prepare certain other external reports, or to the process for preparing and presenting a report, or both.5 Furthermore, they should consider whether the nature, scope, and extent of the assurance are suited to the intended audience and purpose of a particular report, as well as the specification of the criteria to be used for measurement or evaluation of the subject matter of the report.6
Internal audit function
The governing body should ensure responsibility for the direction and arrangements of the organisation’s internal audit function and should delegate oversight of internal audit to the audit committee.7 In particular, the governing body should approve an internal audit charter, which defines the role and responsibilities of the internal audit function.8 This charter should ensure that the internal audit function has the necessary skills and resources to address the complexity and the volume of risk the organisation faces. The internal audit function should also be supported by specialist services such as forensic fraud examiners and auditors, safety assessors and statutory actuaries – to name a few.9 The governing body should also ensure that an external independent quality review of the internal audit function is performed at least once every five years.10
Chief Audit Executive
Interestingly, the King IV Report does not require a Chief Audit Executive (CAE) as part of the arrangements for internal audit. Instead, principle 15, paragraph 51, states that if an organisation decides to appoint a CAE, this individual should function independently from management and should have the competence and skills that are deemed necessary to perform his or her duties.
In enhancing the independence of the internal audit function, the CAE should have unlimited access to the chairperson of the audit committee in reporting on the performance of the duties and functions relating to internal audit.11 The CAE should, on an annual basis, report to the governing body that internal audit conforms to a recognised industry code of ethics.12 A detailed discussion of the duties and functions of the CAE is outside the ambit of this article.
The King IV Report recommends that the governing body consider allocating the oversight of risk governance to a specific committee responsible for risk.13 The audit committee should be satisfied that it dedicates sufficient time to the governance of risk if this responsibility is delegated to the committee. Principle 8, paragraph 54, recommends that the audit committee should oversee the management of financial and other risks affecting the integrity of external reports issued by the organisation, whether or not the governance of risk is delegated to this committee. When an organisation has separate audit and risk committees, the King IV Report recommends that at least one or more members should have joint membership of both committees to ensure effectiveness. 14
The evaluation of the performance of the governing body and its sub-committees are more prominent in the King IV Report. A formal process should be implemented whereby the performance of the governing body and that of its committees, including the audit committee, and the individual members should be evaluated every second year.15
Every alternate year, the governing body should schedule as part of its work plan an opportunity to reflect and discuss its performance and that of its committees, its chair and members as a whole.16
Details of the performance evaluations should be disclosed as part of enhanced disclosure recommendations contained in the King IV Report. These include a description of the performance evaluations undertaken, an overview of the evaluation results and remedial actions taken, and whether the evaluation process is improving performance and effectiveness.17
The governing body and its committees, including the audit committee, will therefore have to spend sufficient time on defining their roles and responsibilities and that of their members to enable the performance evaluations as envisaged by the King IV Report.
The King IV Report has introduced additional requirements that audit committees need to consider, the most significant being the shift regarding explaining how the recommendations in the King IV Report were implemented rather than explaining which recommendations were not implemented, as was recommended by the King III Report.
When governing bodies and audit committees in South Africa follow the principles and recommended practices of the King IV Report, they will contribute to reaffirming, enhancing and growing good governance in South Africa and the obvious benefits associated with it, including advancing responsible leadership.
Author: Cornelie Crous CA(SA), Senior Lecturer: School of Accountancy at the University of the Free State
1 Principle 15, paragraph 41.
2 Principle 15, paragraph 42.
3 Principle 15, paragraph 40.
4 Principle 15, paragraph 44.
5 Principle 15, paragraph 45 (a).
6 Principle 15, paragraph 45 (b)-(c).
7 Principle 15, paragraph 48.
8 Principle 15, paragraph 49.
9 Principle 15, paragraph 50.
10 Principle 15, paragraph 60.
11 Principle 15, paragraph 53.
12 Principle 15, paragraph 61 .
13 Principle 8, paragraph 62.
14 Principle 8, paragraph 63 .
15 Principle 9 , paragraph 73.
16 Principle 9, paragraph 74.
17 Principle 9, paragraph 75