Document Actions

Appendix 4: Example of a performance assessment

Audit committees in the public sector.

Audit committee effectiveness evaluation checklist

An audit committee can evaluate its performance by:

self-review;
self-review with input from senior management and/or the external auditors; or
independent review.

This checklist is designed to be used as a self-review tool, with input from management and the external auditor. It has been designed in keeping with the principles outlined in this guide.

Independence
Are most of the audit committee either external members (for government departments) or non-executive governing body members?
Is the chairperson of the audit committee a different person to the chief executive of the entity or the chairperson of the governing body (or equivalent, such as the Mayor or departmental chief executive)?
Is the size of the audit committee conducive to effective audit committee performance? (The optimal size is usually 3-5 members.)
Is the composition of the audit committee conducive to maintaining continuity and ensuring a fresh perspective? (That is, is there an appropriate rotation schedule for members?)

Competence
Does the audit committee have relevant expertise and experience?
The committee should include members with a range of appropriate skills. As a minimum these would normally comprise: financial expertise; risk management and assurance expertise; relevant industry/sector expertise; and experience in governance.




Does the mix of skills on the audit committee allow it to effectively perform its assigned responsibilities?
Has the audit committee been able to analyse and critically evaluate information presented to it by management?
Has the audit committee been sufficiently probing and challenging in its deliberations?
If the appointed governing body members do not have the depth of skills and experience necessary, has the entity sought these skills from outside the organisation by appointing independent members to the audit committee?
Is an induction programme provided for new audit committee members, covering the role of the audit committee, its terms of reference, expected time commitment, and overview of the organisation including key strategies and risks?
Do the audit committee members keep abreast of wider developments relevant to their role and responsibilities?
Consider whether members are informed about developments in: corporate governance; financial reporting; internal controls and assurance; risk management; and sector issues and developments, including the expectations of the Auditor- General, the Treasury, the State Services Commission, and the Crown Company Monitoring Advisory Unit.

Clarity of purpose
Is there clarity about the role of the audit committee within the overall governance structure?
Is there a written and approved terms of reference (such as an audit committee charter)?
Do the terms of reference clearly distinguish the role of the audit committee from other committees?
Do the audit committee’s responsibilities include: reviewing the adequacy of the organisation’s risk management processes? reviewing the adequacy of the organisation’s system of internal controls? reviewing the integrity of reported performance information, including financial and non-financial information? reviewing the effectiveness of the internal audit function? if there is no internal audit function, considering each year whether there is a need for an internal audit function? reviewing the effectiveness of external audit arrangements? reviewing the adequacy of the organisation’s systems for monitoring compliance with legislative and regulatory requirements? reviewing the effectiveness of ethics and values programmes? reviewing the arrangements by which staff may confidentially raise concerns about possible fraud/impropriety?









Where the audit committee is largely advisory, does it also consider: the effectiveness of governance arrangements? external accountability reporting, including the clarity of links between non-financial performance measures and strategy? the integrity of systems and processes that record non-financial performance information? overseeing the management of significant projects?

Execution of responsibilities
During the past 12 months, did the audit committee adequately address all of its responsibilities as detailed in its terms of reference?
If not, are arrangements in place to rectify this in the next 12 months?
Risk management and controls
Does the audit committee have enough understanding and appreciation of the entity’s risk management framework?
Consider the audit committee’s knowledge of:
who within management has responsibility for the risk management framework; whether a formal risk management framework exists; how the entity identifies and assesses risks, including fraud risks; how the entity records new and emerging risks; whether controls are in place to effectively manage the highest inherent risks; and how management ensures that risk mitigation strategies, controls, or improvements are implemented.





Does the audit committee have enough understanding and appreciation of the effectiveness of the entity’s internal control environment?
Consider the audit committee’s knowledge of: what the critical internal control areas are that warrant the attention of the audit committee, and why they are important; whether the entity’s key controls are reflected in, or addressed by, its policies and procedures; the extent to which internal audit provides the audit committee with a level of assurance over controls that mitigate key risks; whether there are processes to review the adequacy of financial and other key controls for all new systems, projects, and activities; and whether the entity controls its information technology operations effectively.





Financial reporting
Does the audit committee consider the clarity and completeness of disclosures in the financial statements, whether disclosures made are set properly in context, and whether they comply with financial reporting standards?
Does the audit committee review related information presented with the financial statements, including the operating and financial review and statements relating to corporate governance, culture and values, and the independence of the external auditors?
Does the audit committee review and approve the statements included in the annual report in relation to internal control and the management of risk?
Internal audit
Does the audit committee ensure that the internal audit function has the necessary resources and access to information to enable it to fulfil its mandate and is equipped to perform in accordance with appropriate professional standards for internal audit?
In assessing the effectiveness of the internal audit function, does the audit committee consider: if there is free access to the governing body’s chairperson or the chief executive and the audit committee? the role and effectiveness of the internal audit function in the overall context of the organisation’s risk management system? (That is, is there a clear link between the audit programme and the organisation’s risk management framework?) management’s responsiveness to internal audit’s findings and recommendations?



Did the audit committee review the internal audit charter to ensure that appropriate structures, authority, access, and reporting arrangements are in place?
Has the audit committee enquired as to whether the internal audit function has had its activities reviewed and whether a quality improvement plan exists?
Does the audit committee consider whether internal audit has made progress in implementing its quality improvement plan?
External audit
Has the audit committee developed and recommended a policy in relation to the provision of non-audit services by the external auditor to ensure that the provision of such services does not impair the external auditor’s independence or objectivity?
In determining the policy, has the committee taken into account the relevant guidance (for example, the Auditor-General’s independence rules)?
Does the audit committee meet with the external auditors before the start of the annual audit to communicate matters of relevance to the audit and review and confirm the areas of audit focus?
When the audit committee reviews with the external auditors the findings of their work, does the committee make enquiries about: major issues that arose during the course of the audit and have subsequently been resolved, and those issues that have been left unresolved? key accounting and audit judgements? the errors identified during the audit, obtaining explanations from management as to why certain errors remain unadjusted?



Does the audit committee formally assess the effectiveness of the audit process and the performance of the external auditors?

Open and effective relationships
Management
Does the audit committee ensure that its requests of management to do further work or provide further information are reasonable?
Consider: the cost/benefit of the request; linking the request to key risks faced by the organisation; an relative priority in management’s work programme.



Did information presented by management (not the internal auditor) meet the audit committee’s expectations (nature, clarity, quality, and timeliness)?
Internal audit
Does the audit committee meet with the internal auditor without management being present?
Is there a standing invitation for the internal auditor to regularly attend audit committee meetings?
Has the internal auditor been able to raise matters of concern with the audit committee in an open and frank manner?
External audit
Does the external auditor have unrestricted access to the chairperson of the audit committee?
Is there interaction between the audit committee chairperson and the external auditor outside the committee meetings?
Does the audit committee meet with the external auditor without management being present?
Is there a standing invitation for the external auditor to regularly attend audit committee meetings?
Meeting administration and conduct
Has the audit committee had the appropriate number of meetings at the appropriate times to properly discharge its duties?
Is sufficient time allowed between meetings to allow any work to be carried out?
Does the agenda-setting process allow for all necessary items to be included?
Does the audit committee have input into setting the agenda?
Is the agenda structured to allow sufficient time to discuss the most complex and critical issues?
Does the audit committee receive agenda items and supporting papers in enough time before meetings?
Are audit committee members given the opportunity to be briefed before meetings?
If so, are these briefings useful?
Are the audit committee agenda and supporting papers of sufficient clarity and quality to make informed decisions?
Are audit committee meetings well run and productive?
Are audit committee minutes appropriately maintained and of good quality?
Are audit committee minutes circulated and approved promptly?
Does the audit committee have time without management present to discuss key issues it would like to hear from management on?
If not, has the audit committee considered if this would be useful?
Effectiveness considerations
In which of the areas outlined below has the audit committee added value to the organisation? improved the organisation’s policies and practices? improved the organisation’s risk management? improved the organisation’s control environment? improved the organisation’s legislative compliance? improved the organisation’s accountability model, including where applicable accountability for non-financial performance/achievement of results? improved understanding by the organisation as a whole of its strategic, operational, financial, and compliance risks? strengthened internal assurance mechanisms, including internal audit? improved the effectiveness and efficiency of the processes and controls? improved transparency of organisational accountabilities? supported/advocated alignment of audit resources to address the areas of highest risk or critical performance?