Three years after the passage of the Sarbanes-Oxley Act of 2002, audit committees continue to face increased responsibilities and a host of legal and regulatory requirements.  The audit committee is expected to play an active role in the relationship with a company's external auditors, and in overseeing the integrity of company financial statements and compliance with legal and regulatory requirements.  What follows are 10 "key issues" for audit committees to consider in discharging their responsibilities.

1. Consider whether your audit committee's practices have been updated to comply with all recent rules and regulations and whether they comply with current views of best practices.

• Audit committees should consider the federal and state laws, securities exchange rules and rules of the Public Company Accounting Oversight Board (PCAOB) that define or affect their obligations.  In particular, audit committees should continue to assess whether their practices and charters continue to comply with listing standards of the New York Stock Exchange and Nasdaq National Market.
  
  
• See Gibson, Dunn & Crutcher's "Audit Committee Checklist and Compliance Timeline" (PDF attached), for detailed description of rules and regulations applicable to audit committees and compliance deadlines.

• Be prepared to spend a significant amount of time on your duties.
  
  
  • Consider whether you have time to deliberate carefully on committee actions/decisions.  Under the new rules, audit committee duties have been expressly expanded.  For example, audit committees must meet separately with management and the company's external auditors and be responsible for the company's whistleblower procedures.  Many cases in which directors are found liable involve situations in which the directors failed to spend even a minimal amount of time considering an issue. 
    
    
  • According to a survey by J.D. Power and Associates of 758 audit committee chairs and 900 CFOs, audit committee chairs generally spend between 50 and 150 hours per year on their audit committee duties.
    
    
  • According to a survey by Deloitte & Touche, the average number of meetings of the audit committee of surveyed companies rose from 4.9 before enactment of Sarbanes-Oxley to 7.9 thereafter.  Twenty-one percent of the surveyed companies' audit committees met more than 9 times per year post Sarbanes-Oxley, compared to 2 percent prior to its enactment. 
    
    
  • Given the breadth of the new audit committee responsibilities, audit committees need to carefully consider priorities and establish agendas in order to use their time and resources most effectively. 
    
    
• Consider limiting the number of other boards/audit committees on which you serve.
  
  
  • Under the New York Stock Exchange listing standards, audit committee members may not serve on the audit committee of more than two other public companies, unless the board has affirmatively determined that such service does not impair the members' ability to serve on the audit committee.  Any such determination must be disclosed in the annual proxy statement to shareholders.
    
    
  • Consider whether, as an officer of another public company or as a "professional" director/audit committee member, you will be capable of spending the requisite amount of time on the duties of each company's audit committee. 

• Familiarize yourself with the company's and its peers'  financial and accounting practices so that the audit committee can exercise its oversight obligations effectively.
  
  
  • Improper expense and revenue recognition, along with measures to "smooth" earnings, are major sources of restatements and SEC investigations; audit committees should understand well their companies' policies and practices in these areas.
    
    
• Continually evaluate whether the disclosure controls and procedures (i.e., procedures designed to ensure that information required to be disclosed is collected and reported within the required time periods) and internal controls over financial reporting (i.e., processes designed to provide reasonable assurance regarding the reliability of financial reporting) are operating effectively.
  
  
  • While management is responsible for evaluating and reporting on the company's controls and procedures, the audit committee should be aware of any significant issues arising out of such evaluations. 
    
    
  • The audit committee should evaluate the company's experience with its first management report and auditor attestation with respect to internal controls over financial reporting pursuant to Section 404 of the Sarbanes-Oxley Act.  The audit committee should consider areas in which the internal controls could be improved, including remediation of identified deficiencies, and the effectiveness of the monitoring and reporting process.
    
    
  • Audit committees should evaluate their companies' readiness to continue internal control evaluations as an ongoing compliance matter.   

4. Consider the relationships and communications among the audit committee, management, internal auditors and external auditors. 

• Audit committees are now directly responsible for the appointment, compensation, retention and oversight of the external auditors, including the external auditors' independence.
  
  
  • Audit committees should familiarize themselves with the auditor independence rules and monitor independence issues.  For example, large multinational corporations should be alert to relationships between foreign subsidiaries and the local representatives of the company's external auditors, which may be less closely supervised and thereby give rise to independence issues.
    
    
  • Audit committees should consider the performance of the external auditors and request changes to the audit team if necessary.  In addition, audit committees should consider every several years whether a rotation of audit firms would be appropriate.
    
    
• Consider whether you are receiving all information necessary for the audit committee to exercise its oversight obligations effectively.
  
  
  • The audit committee should learn promptly about significant events or issues relating to the company, particularly if they relate to financial performance or auditing or accounting matters, whether as result of the whistleblower hotline or through other channels.
    
    
  • Consider whether management is fostering an appropriate "tone at the top" of the company: one that encourages employees to raise concerns as appropriate.
    
    
  • Audit committees should ensure that there is an open line of communication between the audit committee and the external auditors, even between audit committee meetings.
    
    
• Meet regularly in separate sessions with the company's external auditors, members of management, internal audit team and general counsel. 
  
  
  • Consider separating the internal audit function from reporting to the chief financial officer of the company.  Increasingly, companies have their chief audit executives report directly to the audit committee. 
    
    
• Make sure the audit committee is "asking the tough questions."
  
  
  • It is no longer sufficient for audit committees to listen passively to management/auditor presentations.  Audit committee members must actively probe analyses to ensure they will hold up when viewed with 20/20 hindsight.
    
    
  • The AICPA Audit Committee Toolkit (available at www.aicpa.org) offers sample questions that an audit committee may want to ask various constituencies, including senior management, the internal audit team, the external auditors and the general counsel. 

5. Make sure members of the audit committee receive continuing education as to developments in accounting, finance, laws and regulations and other issues relevant to the audit committee.  The New York Stock Exchange requires boards of directors to address this issue in their corporate governance guidelines.

• There are a number of resources available for director continuing education. 
  
  
  • Major accounting firms and business schools offer programs designed specifically for audit committee members.  The National Association of Corporate Directors gives directors of member companies access to a variety of information relevant to continuing education.
     
  • Major accounting firms offer resources, such as the KPMG Audit Committee Institute, designed specifically for audit committee members. 
    
    
• Consider asking the company's external auditors to give regular presentations to update the audit committee on accounting developments, particularly those relevant to the company's "critical" accounting policies and estimates.
  
  
  • A survey of participants in KPMG's 2004 Audit Committee Institute found that nearly 45% of participants with sales of more than $1 billion were planning to provide a company-specific educational session to audit committee members in the next year. 

6. Understand your company's directors' & officers' insurance policies and indemnification provisions.

• Recent corporate scandals and resulting litigation have had an adverse impact on the D&O market. 
  
  
  • In the last few years, the cost of  insurance coverage has increased while the scope of coverage has decreased (in recent months, this situation seems to be improving somewhat).  In addition, existing policies may be more difficult to collect under as a result of insurance company insolvency and stronger efforts by insurance companies to contest claims based on allegations of fraud. 
    
    
• In the future, there may be increased pressure for directors to bear some personal liability in connection with breaches of their fiduciary duties.  Recently, former non-management directors of Enron and Worldcom agreed to bear substantial personal liability to fund a portion of federal class action litigation settlements.
  
  
• Audit committee members should periodically evaluate their company's D&O insurance coverage and indemnification and expense reimbursement policies. 
  
  
  • New policies may contain exclusions for claims involving "insured vs. insured" claims, improper personal benefit or deliberate fraud by the insured, regulatory proceedings and securities law claims.  Some companies are exploring alternative funding mechanisms, such as dedicated indemnification trusts, captive insurance companies, finite risk policies or fronting arrangements.
    
    
  • Become familiar with the mechanisms of coverage: the relation of insurance to indemnification, coverage in bankruptcy, limitations on settlement, allocation, defense costs, and severability and possible rescission.

7. Consider developing policies concerning how the audit committee and the company will approach issues when they arise.

• Policies should be appropriate to the size and complexity of the company and flexible enough to deal with different situations.  Rarely is one set approach appropriate for all scenarios.
  
  
  • Consider how complaints and concerns will be processed and investigated, whether by the general counsel, a chief ethics or governance officer, or outside advisors. 
    
    
  • Consider when the audit committee should be informed or involved. 
    
    
  • Consider when the external auditors should be informed. 
    
    
  • A 2004 survey by KPMG revealed that 40% of participating audit committee members either were unsure about or had not addressed the level of detail the audit committee would review in their whistleblowing procedures.   
    
    
• Make sure the management team feels free to approach the audit committee with potentially significant issues as they arise, even before they are "solved".

8. Consider obtaining independent advice.

• Changes to listing standards mandated by the Sarbanes-Oxley Act make it clear that audit committees have the authority to directly engage independent advisors at the company's expense. 
  
  
• Audit committees should consider establishing relationships with independent law firms, forensic accountants or other advisors, so the audit committee can obtain advice quickly when necessary. 

9.  Consider record retention issues with respect to audit committee meetings. 

• Committees must strike a balance between the need to create a record to document the topics discussed and items that require follow up and the risk that notes and other unofficial records of meetings will present a fragmentary and inaccurate picture of what occurred at meetings and, as such, could be misconstrued in a subsequent legal proceeding.
  
  
• Consider implementing a formal records retention policy that is strictly followed by members of the committee. 

10.  Conduct evaluations of audit committee performance.  The New York Stock Exchange requires boards and committees to conduct annual performance evaluations. 

• Consider whether the membership of the audit committee continues to be appropriate in terms of number of members, experience and term of service on the audit committee.
  
  
• Audit committees may want to consider evolving views on independence that may develop outside of SEC regulations and listing standards.
  
  
  • Recent Delaware case law suggests that social, educational and community ties may call into question a director's independence.  In addition, shareholder activists such as ISS have opposed election of directors based on their own heightened independence standards.  Audit committees should consider these issues as well as the standards enumerated by the New York Stock Exchange or Nasdaq National Market listing standards, as applicable, when considering the independence of their members.
    
    
• Management and external auditors are required to evaluate audit committee effectiveness as part of their assessment of the company's internal controls.  See PCAOB Auditing Standard No. 2 for guidelines external auditors consider in evaluating audit committee effectiveness.

Gibson, Dunn & Crutcher lawyers are available to assist in addressing any questions you may have regarding these issues. Please contact the Gibson Dunn attorney with whom you work, John F. Olson (202-955-8522, jolson@gibsondunn.com), Amy L. Goodman (202-955-8653, agoodman@gibsondunn.com), Gregory J. Conklin (415- 393-8263, gconklin@gibsondunn.com), Stewart L. McDowell (415-393-8322, smcdowell@gibsondunn.com) or Gillian McPhee (202-955-8230, gmcphee@gibsondunn.com).

© 2005 Gibson, Dunn & Crutcher LLP