Adapted with permission. This article was published by Bank Director in June 2015.
It’s more important than ever for financial institution audit committees to be engaged and effective – these three characteristics can help.
As regulatory scrutiny intensifies, it’s more important than ever that financial institution audit committees are highly engaged. Regulators are continuing to focus on corporate governance – including the effectiveness of audit committees. Effective audit committees are likely to have the following critical attributes.
Trait 1: Proactive involvement with internal audit
Greater audit committee participation in the internal audit process should be the norm. In the past, audit committees typically took a more passive role – receiving reports from the internal audit department, entering them in the minutes, and asking questions. But today, regulator criticism increasingly cites lack of detail in audit committee oversight of internal audit.
Regulators expect audit committees to have a better understanding of how the department operates on a daily basis and to be more involved with developing the risk assessment and the internal audit plan, including determining the scope of work for the institution. Rather than simply functioning as a rubber stamp, the audit committee should push back and challenge management when appropriate and ensure that internal audit has sufficient resources.
The challenge for some audit committees is achieving the necessary composition of members to provide effective internal audit oversight. The membership of audit committees, after all, is drawn from boards of directors, which might lack the requisite diversity in backgrounds and expertise. Financial institutions should address any such inadequacies.
Trait 2: Extensive communication with external auditors
The auditing standards by which external auditors work call for more detailed communications and discussions between external auditors and the audit committee. However, the communication required by the standards is sometimes more complex than the information the audit committee wants to hear or can process. An effective audit committee needs to include at least one financial expert (preferably two) and allow an appropriate amount of time for the sharing and understanding of vital information.
Trait 3: Comprehensive understanding of risk
Regulators continue to place greater emphasis on how financial institutions are managing risks currently and how risks will be managed in the future, such as what steps financial institutions are taking to identify risk earlier and respond appropriately. Consequently, the audit committee must satisfy a higher standard regarding its understanding of the entire organization when it comes to risk.
Regulators expect that a financial institution’s overall strategy strongly influences the level of risk it is willing to assume, along with the level of controls required to monitor and mitigate that risk. In turn, the board and the audit committee are subject to substantially higher expectations related to their understanding of the institution’s risk profile, risk appetite, and mitigation and management of risk factors.
If the financial institution has a formal board risk committee, the audit committee should coordinate with it; if not, the audit committee often is delegated the responsibility for addressing risk management issues. In either case, the committee should stay on top of the financial institution’s chief risks (including understanding risk probability and potential magnitude), the measures management is taking to combat those risks, and the amount of financial or reputational risk that management and the board have agreed is tolerable.