One of the Audit Committee’s responsibilities is to oversee internal control. The Audit Committee enquires of the monitoring mechanisms used by Senior Management to ensure the effectiveness of internal control.
The systems include policies, regulations, delegations and all IT controls. It assesses their adequacy with respect to the nature, scope and complexity of the company’s operations. It assesses the company’s control culture. It periodically monitors the improvements made to processes in order to remedy significant or repeated deficiencies.
Twenty years ago, the subject of internal control received a major boost with the implementation of the Sarbanes-Oxley regulations. The scope was internal control over financial reporting, i.e. internal control in the accounting and financial spheres.
In practice, internal control improvement programs have been extended to peripheral areas such as purchasing, production, sales, human resources, IT security, etc. Understanding internal control has become a complex activity due to the number and diversity of areas covered. Companies have created an Internal Control Department or entrusted this matter to the Internal Audit Department.
What does the Audit Committee do in order to be able to declare that the monitoring mechanisms used by the Senior Management are adequate to ensure the effectiveness of internal control?
- The Audit Committee reviews the program established by the Control Department, if it exists. It ensures that the approach adequately covers the company’s activities, that the main risks are taken into account and that actions to strengthen internal control are implemented by operational management;
- The Audit Committee examines the Internal Audit Department’s program of assignments. It verifies that the internal auditors devote a sufficient amount of time to verifying the effectiveness of internal control. The Audit Committee ensures that the auditors’ recommendations are effectively implemented by management.
- The Audit Committee reviews the long-form report issued by the Statutory Auditors, whose audit work includes assessing the effectiveness of internal control in the accounting and financial areas. The certification of the true and fair view of the financial position and results is based, in part, on the assessment of the robustness of the internal control system.
The Audit Committee therefore turns to a control professional, in consultation with Senior Management, to monitor internal control and assess its effectiveness. This will be the Internal Controller, the Internal Auditor and/or the Statutory Auditor, as appropriate.