Executing Audit Committee Oversight in Turbulent Times: Risk Management and Financial Reporting

Foley & Lardner LLP recently sponsored NACD Northern California’s “Executing Audit Committee Oversight in Turbulent Times: Risk Management and Financial Reporting” dinner. Foley partners Sandy Winer, Lauren Valiente, and Nick O’Keefe were joined by Stephen Parker and Claudia Montgomery from PwC to walk through hypotheticals and to share insights in a tabletop exercise with some of the region’s most forward-thinking board directors.

Foley & PwC’s presentation utilized hypotheticals to spur discussion and provide guidance to public company audit committee members on exercising their core oversight responsibilities, including providing guidance on identifying and addressing legal and financial risks. 

Some key themes and takeaways from the discussion include:

• When evaluating director independence and conflicts of interest, audit committees should:
  • Carefully evaluate the independence of committee members.
  • Even where committee members meet the technical definition of independence, identify and carefully evaluate areas where potential conflicts of interest may arise and develop procedures that would address conflicts.
  • Obtain training on those procedures.

• When evaluating risks, audit committees should:
  • Identify and evaluate potential risks that may arise from any significant change to operations, business strategy, accounting policy, or significant judgements by management.
  • Obtain a thorough understanding of management’s reasons for implementing such changes and any need for disclosure.
  • Consider the propriety of changes in financial or accounting policies and processes, particularly those that may have an impact on management compensation.
  • Follow up on other information that may raise a question regarding the company’s financial reporting.

• To ensure that potential control deficiencies and other significant issues are timely communicated and properly evaluated, audit committees should:
  • Establish communication protocols to ensure that they receive timely notice from management of control deficiencies or other significant issues that may have broad impact.
  • Ensure they fully understand the significant judgments and estimates used in deriving the company’s financial statements.
  • Insist on receiving a detailed report regarding the root cause of control deficiencies determined either individually or when aggregated to be significant deficiencies or material weaknesses.
  • Evaluate whether control deficiencies suggest an inadequate tone at the top.
  • Discuss these issues with the company’s external auditors to obtain their perspective.

• To ensure competence of key finance and accounting personnel, audit committees should:
  • Take steps to evaluate any talent risks posed by the company’s key finance and accounting personnel including the head of the Internal Audit Department. Observation of subordinates can inform the board’s understanding of the competence of more senior management.
  • Consider conducting one on one meetings with key personnel at least on a yearly basis to gain management’s perspectives and insights and asking the company’s external auditors for their opinions on the competency and depth of the company’s finance and accounting team.

• To ensure Compliance with SEC compensation clawback Rules, audit committees should:
  • Familiarize themselves with the SEC’s new clawback rules, which went into effect October 2023.
  • Evaluate management’s clawback analysis upon the issuance of ether a “big r” or “little r” restatement.
  • If the clawback provision is triggered, retain outside legal and financial experts to assist with calculating the amount of any clawback and have in place a protocol for taking such action.

• To ensure that the company’s policies and procedures meet the expectations of federal regulators and the DOJ, boards should understand the recent efforts by federal regulators and DOJ to impose additional oversight responsibilities on boards of directors, such as restricting employee use of off-channel communications for company business.

• To adequately address concerns over questionable management conduct, audit committees should:
  • Understand and oversee management’s fraud prevention and detection program and understand the company’s significant fraud risk areas.
  • Conduct investigations into evidence suggesting potential misconduct or incompetence by the company’s senior management.
  • Retain outside legal and financial experts that do not have any prior relationship with the company to ensure the investigation’s independence from management.
  • Ensure that any investigation into issues that may impact the company’s financial statements are promptly reported to the company’s external auditor.
  • Consider self-disclosure of investigation and prompt remediation to defer a pending investigation by law enforcement and reduction of any resulting sanctions.

NACD members enjoyed the exercise with each other over dinner and drinks hosted by co-sponsors Foley & Lardner and PwC.  They had a lively discussion on the responsibilities of audit committee members that was industry agnostic.

Foley and PwC worked with NACD directors Lisa Spivey and Kate Azima to create an intimate setting over cocktails and dinner to enable honest and authentic conversations, learning, and networking.