Audit Committees in the M&A Process

Audit committees have been asked to take on more risk oversight responsibilities recently. An example of this is the audit committee’s role in potential mergers and acquisitions. Before the transaction, audit committees can verify that all the necessary risk management policies are in place to increase the likelihood for a successful merger (Deloitte, 2014).

While traditionally, audit committees have focused on providing due diligence for financials, some committees have expanded this due diligence to include other areas of the business including operational, information technology, and vendors. Based on this expanded oversight, the committee can give added insight on risks that could eventually have an impact on company financials. The success of a merger is if the transaction’s actual value added to the company matches the estimated value added. By widening the range of business areas analyzed, audit committees can help add more information when developing estimated financial impacts of mergers and acquisitions (Deloitte, 2014).

When looking at target companies to merge with, the internal control and financial reporting environment must be analyzed. Companies do not want to spend money trying to get all controls up to date or in compliance with regulations. Audit committees can give insight into the condition of internal controls in the target company (Deloitte, 2014).

By having an understanding of the business as a whole, audit committees can also help with synergies after the companies have been combined. Integration of existing operations, logistics, and infrastructure is an important task, and one that can be improved with the input of audit committees (Deloitte, 2014).

When a merger or acquisition takes place, it is always good to have as many eyes on the situation as possible. Since the audit committee should be aware of any potential risks within the business, this gives the committee the opportunity to be a real asset to their company and help to ensure that the many aspects of the merger are in line and the transaction can go smoothly. It is natural for the committee to expand to areas such as this because of their increasing role in risk management processes, in addition to existing SOX compliance work.

Works Cited

Deloitte. (2014, April 28). The Role of the Audit Committee Throughout the M&A Life Cycle. Retrieved from Wall Street Journal: http://deloitte.wsj.com/riskandcompliance/2014/04/28/the-role-of-the-audit-committee-throughout-the-ma-life-cycle-2/?KEYWORDS=audit

Continuous Auditing

Continuous auditing is a recent trend that has gained momentum for both internal and external auditors. Continuous auditing is defined as “the collection of audit evidence…on a continuous basis through a period.” Instead of scheduling periodic audits, technology can be utilized to test certain controls on a regular basis. The process has benefits for both the auditee and the auditor. Figure 1 gives a visual representation of what a traditional audit looks like, in terms of the audit effect on tested controls. After controls are tested, the effectiveness of controls increases to conform to audit guidelines. However, control effectiveness drops shortly afterwards, and systems stay out of control for a long period of time. The control is scheduled to be audited again, and the same cyclical trend takes place. Controls are ineffective, they are audited and become effective, and then become ineffective once more. This is one of the issues that continuous auditing can help address (Handscombe, 2007).

 

Figure from: (Handscombe, 2007)

Figure 2 shows the effect that continuous auditing tends to have on tested controls. The effectiveness of controls does not drop as much since these controls are being constantly tested. In fact, the figure shows that by time “12”, the trend line for control effectiveness is actually above expectations for the control. Continuous auditing has a beneficial impact on the control environment. Control failures are detected and fixed right away, meaning systems will be out of control for a shorter period of time. Continuous auditing also gives the company early warning signs so there are no surprises in an audit.  Continuous auditing also benefits the audit staff, allowing the audit group to utilize its staff more effectively and spread out the workload accordingly (Handscombe, 2007).

Figure from: (Handscombe, 2007)

In my short experience in an internal audit department, I saw a little bit of continuous auditing. We tested business expense reports that met a certain criteria on a quarterly basis. I guess it would not technically be considered “continuous”, but testing these reports four times a year is a lot more often than a typical audit. I think that continuous auditing can give an audit group many benefits and that the approach will become more popular in the coming years. It would benefit shareholders by helping to ensure that recommendations made by auditors are actually implemented and working properly. It would also help thwart fraud attempts because targeted controls would be consistently monitored.  

Works Cited

Handscombe, K. (2007). Continuous Auditing From a Practical Perspective. Retrieved from ISACA: http://www.isaca.org/Journal/Past-Issues/2007/Volume-2/Pages/Continuous-Auditing-From-a-Practical-Perspective1.aspx

CEO Power and Audit Committee Effectiveness

The audit committee is in place to prevent manipulation of the audit function by management. Both the internal audit function and the external audit firm have reporting lines to the audit committee to remain independent and avoid undue influence and pressure by management. In order to help increase the effectiveness of the audit committee, a regulation was included in the Sarbanes-Oxley Act that stated that CEOs were no longer permitted to nominate board members.

A 2011 study showed that although an independent nominating committee is now required, powerful CEOs could still have an impact on the effectiveness of the audit committee. The study used financial restatements of a measure of how well an audit committee performed. CEO power is ranked as either low, moderate, or high. By comparing financial restatements with CEO power, trends became apparent. Having a financial expert on the audit committee does not lead to a more effective monitoring process. When CEO power is high, financial misstatements are more common. In addition, the market reacts less negatively when restatements occur for companies with low-powered CEOs leading the company, compared to companies with high-powered CEOs in charge (Lisic, Neal, & Zhang, 2011).

I think the results of the study are interesting and unfortunate. While SOX attempted to limit CEO power and regulations were adopted to try to accomplish this, the study suggests that CEO power still has a detrimental effect on the effectiveness of the audit committee. The audit committee was put into place to protect shareholder interests, but perhaps additional measures need to be taken to ensure that CEO power does not have an impact on audit committee effectiveness. It will be interesting to see what (if anything) will be done to try to limit the impact that CEOs still have over the audit function of their companies. We live in a remarkable time where studies are being done on the effectiveness of SOX regulations. The bill was massive and imposed many regulations on public companies. It is ridiculous to believe that 100% of regulations are going to be successful. Will there be another large bill or an amendment to address these issues?

Works Cited

Lisic, L. L., Neal, T. L., & Zhang, Y. (2011, August 26). The Continuing Impact of CEO Power on Audit Committee Effectiveness in the Post-SOX Era. Retrieved from http://kelley.iu.edu/feaconference/papers/Paper_Upload_Neal__T_76510.pdf

The Shift Away From SOX Compliance

I had lunch with my former boss this winter, and the topic of his previous time in the internal audit department came up in the conversation. He was on the audit team from 2002-2005 and had firsthand experience in making changes to the company’s audit plan to comply with the new SOX regulations concerning internal audit groups. He described how during the first year the company was required to comply with SOX, the audit program was completely overhauled. Essentially every part of the company had to be examined to pinpoint key controls that could then be tested. In the beginning, there was a lot of guesswork. For example, some key controls were established, but had to be adjusted after it was found that an adequate test could not be run on the controls.

He explained how the first two years were extremely stressful, as staff members put in long hours to try to bring the company’s internal controls into compliance. These two years were dedicated almost exclusively to this cause, putting the company’s traditional audits on the backburner for the time being. Over time, the internal audit department has grown accustom to balancing the audits required for SOX compliance with audits that provide value to the company. There is actually an entire department dedicated to updating and adjusting SOX internal controls.

So now, over a decade after SOX was passed, it is anticipated that internal audit groups will begin widening their audit scope to include more risk management audits. The thought is that audit groups have had the necessary time to ensure all SOX regulations are being followed. Resources can now be devoted to additional types of audits to help provide value to the company. Many companies are finding it valuable for their internal auditors to perform risk assessments that help manage the risk of the company. After all, these are employees who are routinely exposed to many different parts of the company, increasing their overall understanding of the many risks that the company faces.

We are living in a unique time in history. We have gotten to see one of the largest accounting bills in the history of the U.S. get passed and put into place in American businesses. It is now interesting to see how companies are beginning to become familiar with SOX regulations and move on from the large amount of work that had to be done to become compliant. It will also be interesting to see how internal audit departments respond and take on new tasks and responsibilities within their respective companies.