Best Practices

Audit Committees

Establish audit committees, made up of appropriate audit committee members, that are responsible for review, oversight, establishing procedures, and providing a written report.

Three main groups are responsible for the quality of financial reporting: the governing body,1 financial management, and the independent auditors. Of these three, the governing body must be seen as first among equals because of its unique position as the ultimate monitor of the financial reporting process.2 An audit committee is a practical means for a governing body to provide much needed independent review and oversight of the government's financial reporting processes, internal controls, and independent auditors. An audit committee also provides a forum separate from management in which auditors and other interested parties can candidly discuss concerns. By effectively carrying out its functions and responsibilities, an audit committee helps to ensure that management properly develops and adheres to a sound system of internal controls, that procedures are in place to objectively assess management's practices, and that the independent auditors, through their own review, objectively assess the government's financial reporting practices.3

GFOA makes the following recommendations regarding the establishment of audit committees by state and local governments:

  • The governing body4 of every state and local government should establish an audit committee or its equivalent;
  • The audit committee should be formally established by charter, enabling resolution, or other appropriate legal means and made directly responsible5 for the appointment, compensation, retention, and oversight of the work of any independent accountants engaged for the purpose of preparing or issuing an independent audit report or performing other independent audit, review, or attest services.6 Likewise, the audit committee should be established in such a manner that all accountants thus engaged report directly to the audit committee. The written documentation establishing the audit committee should prescribe the scope of the committee's responsibilities, as well as its structure, processes, and membership requirements. The audit committee should itself periodically review such documentation, no less than once every five years, to assess its continued adequacy;7
  • Ideally, all members of the audit committee should possess or obtain a basic understanding of governmental financial reporting and auditing.8 The audit committee also should have access to the services of at least one financial expert, either a committee member or an outside party engaged by the committee for this purpose. Such a financial expert should through both education and experience, and in a manner specifically relevant to the government sector, possess 1) an understanding of generally accepted accounting principles and financial statements; 2) experience in preparing or auditing financial statements of comparable entities; 3) experience in applying such principles in connection with the accounting for estimates, accruals, and reserves; 4) experience with internal accounting controls; and 5) an understanding of audit committee functions;9
  • All members of the audit committee should be members of the governing body. To ensure the committee's independence and effectiveness, no governing body member who exercises managerial responsibilities that fall within the scope of the audit should serve as a member of the audit committee;
  • An audit committee should have sufficient members for meaningful discussion and deliberation, but not so many as to impede its efficient operation. As a general rule, the minimum membership of the committee should be no fewer than three;10
  • Members of the audit committee should be educated regarding both the role of the audit committee and their personal responsibility as members, including their duty to exercise an appropriate degree of professional skepticism;
  • It is the responsibility of the audit committee to provide independent review and oversight of a government's financial reporting processes, internal controls and independent auditors;11
  • The audit committee should have access to the reports of internal auditors, as well as access to annual internal audit work plans;
  • The audit committee should present annually to the full governing body a written report of how it has discharged its duties and met its responsibilities. It is further recommended that this report be made public and be accompanied by the audit committee's charter or other establishing documentation;
  • The audit committee should establish procedures for the receipt, retention, and treatment of complaints regarding accounting, internal accounting controls, or auditing matters. Such procedures should specifically provide for the confidential, anonymous submission by employees of the government of concerns regarding questionable accounting or auditing matters.12 The audit committee also should monitor controls performed directly by senior management, as well as controls designed to prevent or
    detect senior-management override of other controls13;
  • The audit committee should be adequately funded and should be authorized to engage the services of financial experts, legal counsel, and other appropriate specialists, as necessary to fulfill its responsibilities14; and
  • In its report to the governing body, the audit committee should specifically state that it has discussed the financial statements with management, with the independent auditors in private,15 and privately among committee members,16 and believes that they are fairly presented, to the extent such a determination can be made solely on the basis of such conversations.

Notes:

  1. For the purposes of this recommended practice, the term "governing body" should be understood to include any elected officials (e.g., county auditor, city controller) with legal responsibility for overseeing financial reporting, internal control, and auditing, provided they do not exercise managerial responsibilities within the scope of the audit. The term governing body also is intended to encompass appointed bodies such as pension boards.
  2. Report and Recommendations of the Blue Ribbon Committee on Improving the Effectiveness of Corporate Audit Committees, Overview and Recommendations.
  3. Securities and Exchange Commission (SEC) Regulation 33-8220, Background and Overview of the New Rule and Amendments.”
  4. For the purposes of this recommended practice, the term "governing body" should be understood to include any other elected officials (e.g., county auditor, city controller) with legal responsibility for overseeing financial reporting, internal control, and auditing, provided they do not exercise managerial responsibilities within the scope of the audit. The term "governing body" also is intended to encompass appointed bodies such as pension boards.
  5. Nothing in this recommended practice should be interpreted so as to limit the full governing body from exercising ultimate authority.
  6. Sarbanes Oxley Act, Section 301.
  7. Report and Recommendations of the Blue Ribbon Committee on Improving the Effectiveness of Corporate Audit Committees, Recommendation 4.
  8. Report and Recommendations of the Blue Ribbon Committee on Improving the Effectiveness of Corporate Audit Committees, Recommendation 3. Continuity typically is a positive factor in achieving this goal, a fact that should be kept in mind when considering the appropriate length of service for audit committee members.
  9. Sarbanes-Oxley Act, Section 407.
  10. In certain limited instances, as noted later, the audit committee will need to meet privately to achieve its goals. If the audit committee constitutes a majority of the governing body, such private meetings may be hampered by sunshine laws and similar open meetings” legislation.
  11. SEC Regulation 330-8220, Background and Overview.”
  12. Sarbanes Oxley Act, Section 301.
  13. Internal Control Integrated Framework: Guidance on Monitoring Internal Control Systems (Discussion Document of the Committee of Sponsoring Organizations COSO, 2007), page 10.
  14. Nothing in this recommended practice should be interpreted so as to limit the full governing body from exercising ultimate authority.
  15. It is important that the audit committee be able to meet privately with the independent auditors, as needed, to ensure a full and candid discussion. Governments are urged to amend sunshine laws and similar open meetings legislation to permit such encounters in these limited circumstances.
  16. It is important that audit committee members be able to meet privately among themselves, as needed, to ensure a full and candid discussion. Governments are urged to amend sunshine laws and similar open meetings legislation to permit such an encounter in these limited circumstances.
  • Board approval date: Friday, October 17, 2008