A question as to whether the external auditors want an executive session can be one of the most awkward moments of an audit committee meeting.
“If the auditors say yes, the hairs on the back of the neck of every CFO or CEO go straight up at that point,” Mark Oster, the national managing partner for Not-for-Profit and Higher Education for Grant Thornton LLP, said Thursday at the AICPA Not-for-Profit Industry Conference in Maryland.
Rather than ask, Oster believes an audit committee executive session with the external auditors should be held as standard course at both the preaudit and post-audit meetings of the audit committee.
Many times, everything said during the executive session could have been shared with everyone at the larger meeting. But Oster said it’s good for the auditors to speak in the absence of management, and the more intimate environment may encourage the audit committee to speak out.
“It not only provides that conduit for when there are hard conversations to have, but it somehow engages the committee,” he said. “It takes them out of this passive role of receiving the presentation, and it actually gets them talking.”
The audit committee’s role in not-for-profit governance has grown more prominent as technological advancements and regulatory scrutiny have led donors to become more sophisticated in their philanthropy.
Audit committee members are responsible for oversight of accounting policies and controls, overseeing business risk, and overseeing compliance. In a role that’s critical to the organization, the audit committee recommends and oversees the external auditors with a goal of making sure the organization can execute to achieve its mission and sustain itself for the future.
“Everybody is looking to the audit committee to manage and maintain the fiduciary discipline of the organization,” Oster said.
In addition to making use of executive session, Oster suggested that audit committees make use of the following best practices:
- Keep information for the board at the appropriate level. The audit committee needs to report to the board on the process and considerations it used to recommend the external auditor. But there comes a point when providing information about every detail defeats the purpose of having a committee. “The trustees’ role is to say, ‘Was a good process followed by the committee?’” Oster said. “Am I confident that the committee exercised its responsibilities and authority appropriately? And if they did, that’s as much as I need to know.”
- Know the difference between oversight and overstepping. The audit committee’s role is to oversee management in areas such as risk management and compliance, but it’s easy to get overzealous. Oster said overeager audit committee members often have good intentions, but they overstep their boundaries when they start to execute and perform tasks rather than acting as oversight for management. “As soon as you start doing, who is overseeing the doer?” he asked.
- Ask the external auditor’s opinion on the organization’s staff. “When it’s done right, they’re asking, do we have the right people with the right skills in the right roles?” Oster said. “The issue is not about giving a bad performance review. It’s about, is the organization well-served with the people we have in place? And, if not, what do we need to do to raise our game?”
- Encourage a wide range of feedback on the hotline. One university that is a client of Oster’s makes its anonymous whistleblower hotline available to students as well as employees. That enables reporting on things such as hazing that university employees may not be aware of. Organizations can also make hotlines available to vendors and volunteers to get additional feedback.
- Keep the finance and audit committees separate. Because financial expertise is difficult to recruit, it may be tempting to have one or more people serve on both the finance and audit committees. This may not be the best strategy because a dual member may discourage the audit committee from pursuing concerns within the finance committee’s purview. “There is plenty for a finance committee member to do on their own committee in terms of budget and financial reporting [oversight],” Oster said.
- Encourage management to give the unvarnished truth. It’s natural for management to want to present an optimistic or encouraging outlook to an oversight body. But keeping the audit committee in the dark about challenges and concerns robs the organization of some of the governance expertise that’s intended to help overcome those challenges. “Those engaged, challenging discussions are really the purpose of good governance,” Oster said.
- Don’t make price your top consideration. Price is one factor to consider when choosing an external audit firm, but simply awarding the audit to the lowest bidder may be a mistake. A lower price may mean the audit will be less thorough or performed by personnel with less experience and exposes the organization to risk.
- Conduct a self-assessment. Each year, the audit committee should evaluate its performance. “I think it’s really important to ask, ‘Are we living up to our standards?’” Oster said. He said the assessment should be done by survey and consider the overall performance of the audit committee as well as individuals’ performance.
Ultimately, Oster said, the audit committee needs to be the organization’s conscience. Whether that requires an executive session with the external auditors or candid assessments of staff and even audit committee members themselves, it’s a job that needs to be done right to help not-for-profits thrive.
—Ken Tysiac (Kenneth.Tysiac@aicpa-cima.com) is a JofA editorial director.