Deciding to form an audit committee

4.1
Having a formally constituted, empowered, and independent audit committee demonstrates an organisation’s commitment to good governance, risk management, and internal control practices.

4.2
People appointed to an audit committee do not, by virtue of the appointment, become members of the governing body. As a group of advisers working for a public entity, they are subject to the normal public sector disciplines. For example, where applicable to the public entity on whose audit committee they serve, they are subject to the Local Government Official Information and Meetings Act 1987 and the Cabinet Office Fees Framework for Members of Statutory and Other Bodies Appointed by the Crown (CFF).¹

4.3
A public entity may determine that it is too small to set up an audit committee. In our view, these public entities need to be able to demonstrate to stakeholders that they have other appropriate systems and processes in place to support the governing body or departmental chief executive to discharge their governance and accountability responsibilities, particularly for overseeing risk management and the control environment.

Membership

Independence

4.4
Most of the members of the audit committee should be independent of management.

4.5
To achieve the benefits associated with audit committee independence, most of the audit committee members for government departments should be external appointments.

Determine the skills and experience required

4.6
When selecting members of the audit committee, a public entity should refer to the audit committee’s mandate, as set out in the audit committee’s charter (see paragraphs 4.38-4.40), to determine the skills and experience required.

4.7
If a public entity is seeking members for a new audit committee, a draft charter should be prepared setting out the expected role and responsibilities of the audit committee. The public entity could seek independent advice at this stage to help it consider how the audit committee could best fit into the overall governance framework. The audit committee can then consider the draft charter once members are appointed, and the charter can be amended if necessary.

4.8
The recommended combination of experience is:

• financial reporting (which should be emphasised in public entities with more complex financial reporting requirements);
• broad governance experience;
• familiarity with risk management disciplines (identification, evaluation, and management);
• understanding of internal control and assurance frameworks;
• a good understanding of the roles of internal and external audit; and
• industry or sector expertise.

4.9
For an “advisory-oriented” audit committee, particular emphasis should be placed on strategy, performance management, and associated risk management disciplines.

4.10
In determining the composition of the audit committee, the combined experience, skills, and personal qualities of audit committee members is critical. Members should bring:

• the ability to act independently and objectively;
• the ability to ask relevant and pertinent questions, and evaluate the answers;
• the ability to work constructively with management to achieve improvements;
• an appreciation of the public entity’s culture and values, and a determination to uphold these;
• a proactive approach to advising the governing body and chief executive of matters that require further attention;
• business acumen;
• appropriate diligence, time, effort, and commitment; and
• the ability to explain technical matters in their field to other members of the audit committee.

Size of the audit committee

4.11
An audit committee would normally have between three and five members. This ensures that a sufficient range of skills and experience is available while avoiding having an audit committee that is so large that it becomes ineffective.

Appointing members

4.12
The chairperson of the governing body or departmental chief executive should appoint the chairperson of the audit committee first.

4.13
The chairperson of the governing body or chief executive should then consult the audit committee chairperson before making further appointments to the audit committee.

4.14
Public entities with appointed or elected boards should specify in their audit committee charters whether audit committee members can be appointed from outside the governing body.

Remunerating members

4.15
Independent audit committee members not already remunerated by virtue of their being a member of the governing body should be paid at a level that reflects the time it takes to properly carry out their duties.

4.16
Allowance should be made for the particular skills and expertise the member will bring to the audit committee, and the time they need to prepare for and attend meetings.

4.17
The considerable additional responsibilities of the chairperson should also be recognised.

4.18
Where the governing body of a public entity is subject to the CFF, then those rules also apply to committees of the governing body.² The CFF applies to committees set up to advise a government department and therefore applies to audit committees. For public entities that are statutory entities under the Crown Entities Act 2004, section 47 and clause 15 of Schedule 5 of that Act make it clear that the CFF applies.³

4.19
Some public entities questioned whether external members of the audit committee could be regarded as providing consultancy services and therefore could be remunerated outside the CFF. In our view, this interpretation is inconsistent with the status of an audit committee as a committee of the public entity.

Contracts for independent members

4.20
When accepting an appointment to serve on an audit committee, independent members should ensure that they have a contract that clearly outlines the terms and conditions of their appointment. This should include any requirements about hours to be worked, professional indemnity insurance, signing of conflict of interest declarations, remuneration, and any specific requirements, so members fully understand their obligations.

4.21
Arrangements for managing conflicts of interest need to be in place - for example, to manage situations where audit committee members may be asked to provide other services to the public entity for which they serve as an audit committee member.⁴

Rotation of members

4.22
The charter should set out fixed terms of appointment (see paragraphs 4.38- 4.40) to ensure that audit committee membership changes over time. Regularly changing the membership of an audit committee strengthens its independence and introduces fresh perspectives.

4.23
Generally, an individual’s tenure on the audit committee should be two to three years, with an option for reappointment for a further term (particularly for independent members). Any reappointment of a member should be approved only after the member’s performance as an audit committee member has been assessed (see paragraph 6.5).

4.24
Changes to the membership of the audit committee should be staggered to prevent a significant reduction in the knowledge and skills of the audit committee occurring at one time.

Induction

4.25
Public entities should have a formal process to induct new audit committee members to provide them with enough information to understand the role and responsibilities of the audit committee and the expectations of them as members.

4.26
The public entity should tailor the information it provides to new members to meet their individual needs. Examples of appropriate induction material include:

• an outline of the public entity’s governance framework and how the audit committee operates within that framework;
• a copy of the audit committee’s charter, recent audit committee papers, and minutes (including details of outstanding issues);
• copies of the public entity’s enabling legislation (where applicable);
• a copy of the public entity’s most recent financial statements;
• copies of the public entity’s annual report, other accountability documents, code of conduct, and business and risk management plans;
• a briefing (supported by written materials) from management and internal auditors on the risk, control, compliance, audit, and external accountability frameworks, as well as details of current issues on those topics;
• a briefing on government policies or priorities that affect the public entity; and
• a copy of the internal audit charter, annual work plan, and recent internal and external audit reports.

4.27
The extent of each member’s induction will vary depending on whether they are an internal or external member, their role (if any) within the public entity, and their particular skills and experience. At the very least, all new members should meet and be briefed by the chief executive or chairperson of the board, and the chairperson of the audit committee. They should be introduced to the head of the internal audit team and the external auditor.

4.28
When an external member joins the audit committee, it may be appropriate for various managers within the public entity to provide more detailed information or presentations to help the new member gain the necessary understanding of the business. This could include site visits.

Role and responsibilities

Role of the audit committee

4.29
In determining the role and responsibilities of an audit committee, the governing body or departmental chief executive should consider such factors as the:

• organisation’s mission and objectives;
• nature and structure of the public entity’s governance arrangements, including the roles and responsibilities of any other committees within the organisation;
• size and complexity of the organisation; and
• mix of assurance and advisory services that the governing body or chief executive is seeking.

4.30
It is important to determine whether the audit committee will have decision-making powers or be purely advisory. Audit committees are usually advisory in nature. However, in a Crown entity, local authority, or State-owned enterprise environment, the governing body may also delegate executive or decision-making powers to the audit committee, as long as any such delegations comply with legal requirements.

Responsibilities of the audit committee

4.31
The core responsibilities of an audit committee should include, at the very least, overseeing the effectiveness of:

• the risk management framework;
• the internal control environment;
• legislative and regulatory compliance;
• internal audit and assurance;
• external audit; and
• financial reporting.

4.32
Other areas that could be included in the audit committee’s mandate are:

• the effectiveness of governance arrangements;
• all external accountability reporting, including non-financial performance and the clarity of links between non-financial performance measures and strategy; and
• overseeing the management of significant projects.

4.33
Management should also keep the audit committee fully apprised of all independent sources of assurance.

4.34
For public entities with significant service performance reporting obligations, we would expect the audit committee to apply the same level of scrutiny to reported non-financial performance information as it does to reported financial information. This encompasses the related governance, risk management, and control frameworks for performance reporting and gathering performance information. Public entities should consider whether the audit committee should be responsible for overseeing this area. If not, then we would expect the public entity to have other suitable governance arrangements for reported performance information in place.

4.35
As many organisations have separately constituted risk or finance committees, the roles, responsibilities, and accountabilities of all governance arrangements should be clearly defined to ensure that there are no overlaps or gaps. However, regardless of these other arrangements, the audit committee should oversee the main risks facing the public entity to ensure that its activities align with its risk profile.

4.36
When determining the extent of the audit committee’s mandate, it is important to ensure that the audit committee is not overburdened. An effective audit committee is able to perform its core responsibilities well. It does not have such a broad range of responsibilities that it is unable to pay enough attention to those issues of greatest importance to the public entity.

Role and responsibilities of the chairperson

4.37
The chairperson plays a pivotal role in the effective functioning of any committee, with particular responsibilities to set the tone and direction of the committee’s deliberations. The chairperson of the audit committee should have a good knowledge of the public entity’s business, governance structures, risk management framework, financial reporting environment, and control environment. They should be responsible for:

• setting and approving the agenda of the audit committee meetings;
• holding meetings with the chief executive, internal auditors, and external auditors; and
• leading the discussion and encouraging the participation of other members.

Audit committee charter

4.38
A written charter should formally document the accountability, authority, duties, membership, role, and responsibilities of the audit committee. The charter should be approved by the governing body or chief executive, and reviewed and confirmed each year.

4.39
The charter is an important document that clearly sets out the audit committee’s terms of reference as mandated by the governing body or chief executive. The annual review should seek input from the governing body or departmental chief executive, to ensure that the charter is consistent with the audit committee’s responsibilities and meets the expectations of both the governing body or chief executive and the audit committee. If the audit committee recommends significant changes to the charter, then the governing body or chief executive should approve the revised audit committee charter.

4.40
At the very least, the charter should include the audit committee’s:

• objective (its role or purpose, the governance framework/context within which it operates, and how it relates to other governance mechanisms/committees);
• authority (the power or authority it has to fulfil its objectives);
• composition and tenure of members (the size of the audit committee, the sort of members it has, how new members are appointed and reappointed, how long members remain on the audit committee, and how members (including the chairperson) are removed in the event of non-performance);
• responsibilities;
• administrative arrangements (meetings, attendance and quorums, decision-making and voting, secretariat, conflict of interest provisions, induction);
• performance assessment arrangements; and
• system and schedule for reviewing the charter.

1: See paragraphs 44-46 of the CFF, and paragraph 11 of Annex 4 Cabinet Office Circular CO (06) 08, latest edition November 2006.

2: See paragraphs 10 and 12-14 and paragraphs 31-32 of Annex 2 of the Cabinet Office Fees Framework (available on the website of the Department of the Prime Minister and Cabinet, www.dpmc.govt.nz).

3: Several entities raised with us specific concerns about the remuneration levels set by the CFF. Many felt that remuneration levels within the CFF are too low for an entity to be able to secure the necessary skills and expertise for their audit committee to provide proper scrutiny, advice, and insight. We share this concern. In our view, even allowing for an element of public service, the fees paid under the CFF are low. There is a limited pool of people who are willing and able to provide services at the level required for the current rates.
If government departments consider that the fees payable are too low to attract people with the required skills, they can seek advice from the State Services Commission (SSC). A Crown entity should pursue the question through its monitoring department. For departments, the CFF allows for exceptional fees (up to a prescribed limit and where clearly justified) for the chairperson and members of audit committees, subject to consultation with the responsible Minister and the Minister of State Services in each case. The SSC has advised us that such approval is rarely sought. Based on comments made in the interviews we conducted, some may see the approval process as unduly difficult, while others are unaware that it exists. If government departments consider that an exceptional fee above the CFF limit is justified, they should discuss the matter with the SSC.
The SSC has advised us that the CFF is reviewed biennially and that our concerns will be noted during the next review (in June 2008).

4: See our 2007 guidelines, Managing conflicts of interest: Guidance for public entities.