The list of possible topics that shareholders may raise at an annual meeting compiled by BDO USA includes many that companies would expect, such as questions about strategic business decisions, global economic concerns, cybersecurity and executive compensation. Perhaps surprisingly, however, the firm advises companies to also be prepared for questions about the new COSO framework.
As summarized in this March Deloitte briefing, in May 2013, the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) updated the Internal Control-Integrated Framework. The older framework from 1992 is expected to be transitioned out by the end of 2014, and the SEC staff has publicly stated that they are monitoring the changes to the new model since SEC rules require the use of a “suitable, recognized control framework” in companies’ internal control over financial reporting.
Several of the 17 principles under the 2013 framework relate to the board’s, or audit committee’s, role in implementing an effective control environment and overseeing a robust risk assessment process for oversight of internal control, including a clear commitment to integrity and ethical values and acceptance of oversight responsibilities at the board level, as well as the establishment of structures and authority, policies regarding a commitment to competence that involves having the right individuals at the organization and enforcing accountability with evaluating employee performance in managing controls.
The responsibilities of the audit committee was also the focus of Paul Beswick, the SEC’s Chief Accountant’s, discussion at a recent conference, where his PowerPoint serves as an excellent primer for many of the SEC’s basic expectations about the role of the committee. He emphasized the need for the audit committee to critically oversee the selection and evaluation of the auditor, and not “rubber stamp” management’s recommendations, and regular and direct contact between the auditor and the audit committee. Ongoing monitoring of auditor independence by the committee is also key, especially at global companies, in light of the SEC’s recent report, which we discussed here. He also stressed that audit committees should not use “fee hunting” as the main driver for hiring an auditor and finally, that the required audit committee report in proxy statements should be viewed as an opportunity to explain the committee’s processes for overseeing the auditor rather than containing “boilerplate” disclosure.