ICAEW.com works better with JavaScript enabled.
Exclusive

I'm an audit chair - get me out of here!

Author:

Published: 30 Sep 2024

Exclusive content
Access to our exclusive resources is for specific groups of students, subscribers, users and members.
In years gone by, the Audit Committee was firmly a finance domain. Audit Committee Chairs were predominantly accountants, often former external audit partners or CFOs, tasked with ensuring the financial results and the Annual Report reflected the performance of the organisation.

This model is still widespread today, but the world around the Audit Committee has fundamentally changed. The scope of responsibility for Audit Committee Chairs has evolved dramatically. Today’s Chairs are expected to oversee not only financial accuracy but also areas that fall beyond traditional audit boundaries: ethics, sustainability, fraud prevention, and risk management across the enterprise. The question for internal audit leaders: how can you best support Audit Committee Chairs in navigating this expanding remit?

The expanding role of the Audit Committee Chair

Historically, Audit Committees focused on external audit relationships and ensuring compliance with financial reporting standards. Chairs were well-versed in challenging financial judgments but are now faced with newer, complex areas where their experience might be limited. From environmental risks to emerging corporate governance standards, today’s Audit Committee Chairs need to ask the right questions about risks beyond the balance sheet.

Four key drivers are reshaping the responsibilities of Audit Committee Chairs:

Environmental and societal reporting: Boards are under increasing pressure to assess non-financial risks such as climate change, sustainability, and ethical conduct. As internal audit leaders, your ability to provide assurance on the accuracy and relevance of non-financial data becomes invaluable. It is no longer enough for Audit Committees to review financial controls; they must also provide oversight for these new, evolving areas of risk.

What does this mean for you? Internal audit needs to take the lead in developing robust frameworks for auditing environmental, social, and governance (ESG) risks. You should be prepared to offer insights into the quality of sustainability data and provide assurance on its integration with financial reporting.

Enhanced corporate governance expectations: The updated UK Corporate Governance Code requires companies to attest to material controls over not just financial reporting, but also compliance and operational risks. Audit Committees must now engage in deep discussions on materiality through the lens of multiple stakeholders – from investors to regulators and customers. The upcoming Audit & Assurance Policy and the Resilience Statement add further layers of complexity.

Internal audit’s role here is critical. Chairs will rely on you to provide assurance that these broader corporate governance obligations are being met. This is your opportunity to highlight how internal audit can bridge the gap between governance and operational risks, contributing to robust board-level discussions.

Fraud risk is now front and centre: With increasing regulatory focus on fraud prevention, Audit Committee Chairs are expected to oversee controls designed to mitigate fraud risks that extend beyond financial fraud. The UK Corporate Governance Code and the forthcoming Economic Crime and Corporate Transparency Act will significantly raise the stakes. Large companies face the prospect of criminal offenses for failure to prevent fraud, along with unlimited fines.

How can internal audit add value? Fraud prevention and detection require a holistic approach that considers financial, operational, and reputational risks. Internal audit should be prepared to guide the Audit Committee in designing robust fraud prevention frameworks, helping to test controls and evaluate how well fraud risk is managed across the organization.

Public failures in risk management: Recent high-profile failures in risk management, from the Post Office to the NHS, serve as stark warnings. The reputational damage of ignoring known risks can be devastating, not just for organisations but for their leaders as well. Audit Committee Chairs are on the front lines of ensuring that risk management is prioritised and transparent. In financial services, where risk is often handled by a separate committee, the Chair may also act as the Whistleblowing Champion.

Your opportunity as an internal audit leader lies in helping the Audit Committee identify and assess emerging risks. Internal audit has a unique line of sight across both financial and operational risk areas. By providing early warnings and highlighting areas where risk management may be falling short, you ensure that critical issues are addressed before they escalate into public failures.

Internal audit: the strategic partner Audit Committees need

The expanding remit of Audit Committees presents a significant opportunity for internal audit to position itself as an indispensable partner. Now, more than ever, Audit Committee Chairs need internal auditors who bring more than technical expertise. They need professionals who understand the broader strategic risks facing the organisation, who can communicate these risks effectively, and who have the courage to call out emerging issues before they turn into a crisis.

Internal audit’s value proposition is clear:

  • Holistic risk oversight: With visibility across both financial and operational areas, internal audit is ideally positioned to provide assurance that risks – both financial and non-financial – are being managed effectively.
  • Courage and commerciality: It’s not enough to highlight compliance failures; internal audit must engage with senior leaders on strategic risks and opportunities. This requires tenacity, commercial acumen, and a willingness to engage in difficult conversations.
  • Interpersonal skills: Audit Committee Chairs need auditors who can not only identify risks but also influence change. Success is determined by your ability to engage, to listen both to what is being said and not said, and to communicate effectively with senior stakeholders.

A call to action for internal auditors

As the challenges faced by Audit Committees continue to grow, so too does the demand for high-quality internal audit. Internal audit functions must embrace this expanded role and equip their teams with the right skills, knowledge, and perspectives.

Audit Committees need your perspective now more than ever. By stepping up to support with insight, strategic foresight, and the courage to address tough issues head-on, internal audit can play a pivotal role in helping organisations navigate this complex and evolving landscape.