AuditCommitteeResourceGuide.pdf

8/14/2019 AuditCommitteeResourceGuide.pdf

1/56


2/56

This booklet, Public Sector AuditCommittees , Resource Guide, is but oneindication of our commitment to assistyou, our public sector clients and friends,in developing and implementing soundmanagement practices and policies.To learnmore about how Deloitte & Touche canhelp you, please call your Deloitte & Toucheoffice or David Jones,National ManagingPartner for Public Assurance Services (973-683-7125); Mike Fritz, Partner (614-229-4806); or Patrick Hardiman, Partner(203-761-3017).

Thanks to Gerry Fink, Director,Deloitte &Touche, Chicago; Chris McGrath, SeniorManager,Deloitte & Touche,Washington,D.C.; Julia Petty, Senior Manager,Deloitte& Touche,Dallas; and Reem Samra,Director,Deloitte & Touche,Dallas, forupdating this publication.

Special thanks to our IndustryReviewer,Warren Ruppel, AssistantController, Accountancy, City of NewYork, for reviewing Public Sector AuditCommittees, Resource Guide .

Contacts:

Mid-America George Scott 512-691-2397

Midwest Patrick Hagan312-486-3044

Central Atlantic Jon Korol512-691-2397

Northeast David Jones973-683-7125


3/56

October 2005

Dear Clients and Friends of Deloitte & Touche LLP,

With recent developments in the regulatory, legislative, and standard-setting environment resulting from corporate failures andloss of investor confidence, attention has significantly shifted to audit committees and their focus, responsibilities, and importancein an organization.

Audit committees fulfill the governing bodys fiduciary responsibility by overseeing the entire audit and reporting process, ensuringauditor independence, and ensuring that proper and timely attention is paid to control issues and compliance weaknesses. Auditcommittees increase the level of confidence in the financial reporting process.

Events in the public sector over the years have provided clear provocation for the use of audit committees by governments. Asa result of the fiscal crisis in the mid- to late 1970s,New York City was required to establish an independent audit committee.Failures in the quality of government audits caused the U.S.General Accounting Office (GAO) to recommend that entitiesconsider the benefit of using audit committees both to help plan and to oversee the entities audit procurement process.Further, the Government Finance Officers Association (GFOA) in its publications, Governmental Accounting, Auditing, andFinancial Reporting and An Elected Officials Guide to Auditing , encouraged government use of audit committees to ensure theintegrity of the audit process.

The Sarbanes-Oxley Act of 2002, related SEC rulemaking, and the proposed modifications of the NYSE, NASDAQ, and Amexlisting standards expand, codify, and formalize the composition, duties, and responsibilities of audit committees of publiccompanies.

Additionally, on April 1, 2003, the Securities and Exchange Commission voted to adopt rules directing the national securitiesexchanges and national securities associations to prohibit the listing of any security of an issuer that is not in compliance with theaudit committee requirements established by the Sarbanes-Oxley Act of 2002.

Government Auditing Standards, 2003 Revision , published by the GAO, requires that auditors communicate certain informationrelated to the audit to the audit committee or to the individuals with whom they have contracted for the audit.

Statement on Auditing Standards No. 61, Communication with Audit Committees , further clarifies this requirement by definingan audit committee (for the purpose of the required communication) as a group that has been designated to oversee the financial

reporting process such as a finance committee or a budget committee. Clearly, it is essential that each governmental entitydesignate an audit committee or an equivalent body to fulfill this role of financial oversight.

This booklet covers the public sector audit committees principal activities, organization, and conduct of meetings as well asrelationships with the governing body, management, internal auditors, and external auditors. Recent significant developments inthe use and practices of audit committees are also discussed. Finally, tools are provided for the creation and operation of an auditcommittee, including a sample charter and bylaws, sample audit committee chairmans letter for inclusion in the comprehensiveannual financial report, and sample questions to guide the audit committee in discharging its responsibilities.

Throughout this booklet, the discussion refers to public sector entities.These include general purpose governments; federalagencies, including components, public sector utilities, authorities, hospitals, colleges, and universities, and pension plans.Likewise, references to governing bodies may include city councils, boards of trustees, legislatures, or boards of governors.

With the increased emphasis on accountability in the government environment, the role of the public sector audit committee hasbecome increasingly important. An effective audit committee can significantly increase the integrity and efficiency of the systemof internal controls, financial reporting, and the audit process. Audit committees are, indeed, the hallmark of public accountability.

It is for these reasons that Deloitte & Touche is pleased to be able to offer you this useful booklet.We remain dedicated toassisting our clients in successfully implementing reforms and restoring public confidence.

Sincerely,

David JonesNational Managing Partner for Public Sector Assurance Services

Deloitte & Touche LLP Two World Financial CenterNew York, NY 10281-1414

Tel: (212) 436-2000www.deloitte.com


4/56


5/56

Public Sector Audit Committees Resource Guide 2005

1. Emerging Demands on Government Bodies

2. Role of the Audit Committee

3. Importance and Relevance of Internal Control

4. Principal Audit Committee Activities

5. Establishing the Audit Committee

6. Audit Committee Meetings

7. Audit Committee Duties

8. Audit Committee Relationships

Sarbanes-Oxley Act of 2002

1. Sample Audit Committee Charter and Bylaws

2. Sample Audit Committee Schedule and Agenda

3. Questions an Audit Committee Might Ask Auditors About Audit Scope

4. Questions an Audit Committee Might Ask About Financial Statements in General

5. Questions an Audit Committee Might Ask About Assets

6. Questions an Audit Committee Might Ask About Liabilities and Net Assets/Fund Balances

7. Questions an Audit Committee Might Ask About Revenues and Expenses/Expenditures

8. Questions an Audit Committee Might Ask Auditors About Audit Results

9. Questions an Audit Committee Might Ask Auditors About Internal Controls and Compliance

10. Questions an Audit Committee Might Ask in Assessing an Auditors Qualifications

11. Sample Audit Committee Chairpersons Letter

Appendix:

Exhibit:

Section:

Table of Contents

1

3

7

11

13

15

21

25

30

31

34

35

36

3738

39

40

41

43

45


6/56


7/56


8/56

Section One Emerging Demands on Governing Bodies - Page 2

Sarbanes-Oxley Act of 2002

Recent corporate failures have spurred the public torefocus on concepts important to governance.The reformsrequired by the Sarbanes-Oxley Act of 2002 includemany practices that were already present in the businessworld for protecting organizations and their stakeholders.While the Sarbanes-Oxley Act of 2002 does not applyto the public sector, it has created public awareness andencouraged audit committees to challenge their roles andresponsibilities. Additional information about the Sarbanes-Oxley Act of 2002 is presented in the Appendix.

With this refocus on governance and the role of theaudit committee, the following are topics that are beingconsidered by many public sector entities:

Evolving Role of the Audit Committee

Establishing audit committees where the role is performedby an auditor general, internal auditor, or similar role

Setting a culture and tone for promoting full andadequate disclosure

Establishing a code of ethics

Meeting accelerated reporting deadlines

Accessing resources to fulfill responsibilities (e.g., money

to hire appropriate auditors and lawyers)

Promoting and protecting whistleblowers

Minimizing and controlling risky investment policies

Assessing the risks of reliance on information technologies

Measuring performance that links budgetary toproprietary results

Ensuring that accounting policies do not become creative,especially in times of budget deficits

Responding to emergency needs and homeland securityinitiatives

Assessing the impact of the 2003 revisions of Government Auditing Standards and other accounting and auditingpronouncements such as SAS No. 99, Consideration ofFraud in a Financial Statement Audit.

Public Sector Audit CommitteesResource Guide

Determining the adequacy and effectiveness ofinternal controls for compliance with laws andregulations and financial reporting.

The public perception of governance now gives

the legislative branch, executive branch, governingbody, management, audit committee, and auditors apublic mandate to fulfill their vital role of producingreliable financial information. It is clear that auditcommittees are an increasingly important elementof public sector entities that promote effectiveaccountability and governance.

Deloitte & Touche LLP


9/56


Role of the AuditCommittee

In this light, the audit committeeis an integral element of publicaccountability and governance. Itplays a key role for the governingbody in carrying out its legal andfiduciary responsibilities, especiallywith respect to the integrity of thegovernments financial information,system of internal control, and legaland ethical conduct of managementand employees.

Varying Roles

The roles and responsibilities of anaudit committee can be as broad ordeep as the governing body wishes.Both the Government Finance OfficersAssociation (GFOA) and the Officeof Management and Budget (OMB)recommend the establishment ofaudit committees or the equivalent.

With this mandate, audit committeesare finding a new power to take onadditional oversight roles. Today,typical audit committee responsibilitiesinclude:

Approving the overall audit scope

Helping to ensure that the auditis conducted in an efficient andcosteffective manner.

Overseeing the organizations

financial statements and internalcontrols

Recommending to the governingbody the approval of theorganizations financial statements

Recommending the appointmentof the external auditor and theappropriate fee

Directing special investigations forthe governing body

The roles will vary from entity to entitydepending on the complexity and sizeas well as the requirements of thegoverning body. However, the onecommon responsibility for all auditcommittees, among all their potentialroles, is risk management oversight.

Risk Management Oversight

Every organization faces a variety ofpotential risks, such as:

Loss of key staff

Loss of funding or reduction ofrevenue sources

Disruption in investment marketsthat undermines an organizationsfinancial assets

Erroneous financial reporting

Regulatory noncompliance

Conflict of interests

Fraudulent activities resulting fromweaknesses in internal controls

Within the public sector, an audit committee is anextension of the governing body. Committees are formedto fulfill the governing bodys responsibilities, not expandthem. Officials are able to increase their oversight of specificissues by assigning various matters to committees.

Section Two Role of the Audit Committee - Page 3

Section Two

Accountability and Governance



10/56


11/56


Section Two Role of the Audit Committee - Page 5Deloitte & Touche LLP

Public sector financial reporting, accounting, auditing, andinternal control processes require specialized knowledgefor effective administration. Public sector financial officersare expert professionals in their disciplines. Communication

between governing bodies and public sector financialmanagers can therefore be difficult at times. For example,budgets and expressions of policy conform to a basis ofpresentation unique to the circumstances of the localorganization and jurisdiction. External financial reporting,however, follows generally accepted accounting principles,a basis often very different from the budget basis.Both bases are pertinent and meaningful within theirrespective contexts. Communication may, nevertheless,be complicated when the governing body votes on and

approves a budget but does not approve the financialstatements and independent auditors reports.

Other communication problems may arise because ofdifferent concepts of materiality. Control weaknessesmay be important to governing officials but may not bematerial to the financial reporting process. This difference inperspective is magnified in Single Audits of federal financialawards, where the materiality threshold is usually muchlower than that of financial reporting.

The GAO has indicated that audit committees can providethe broadest perspective and greatest range of assistanceif they possess technical skills in accounting and auditing.Some experts believe that audit committees lose theireffectiveness if committee members do not have sufficientspecialized training or if any are perceived as not beingindependent.

Accordingly, the audit committees outside members should:

Possess the technical skills necessary to oversee thetechnical and complex financial reporting and audit

processes Be able to communicate with public finance officers and

auditors on complex issues

Possess communication skills to advise the governingbody and assist the governing body in its oversightresponsibilities of the financial reporting and audit process

Communication

Accountability

The combination of independent oversight of the financialreporting and audit process and the technical expertise ofthe independent audit committee members will significantlyenhance accountability. Independent audit committees willhelp establish the proper tone at the top, contributeto the integrity of the financial reporting process, andpositively influence the control environment and culturewithin which it occurs.

Active oversight by the audit committee can help toreinforce managements commitment to creating a culturewith zero tolerance for fraud. An entitys audit committeeshould also ensure that management has implementedappropriate fraud deterrence and prevention measures.Theaudit committees evaluation and oversight not only helpensure that management fulfills its responsibility, but alsocan serve as a deterrent.

The Treadway Commission notes:

The mere existence of an audit committee is notenough. The audit committee must be vigilant,

informed, diligent and probing in fulfilling its oversightresponsibilities.The audit committee must, of course,avoid unnecessary or inappropriate interaction with theprerogatives of management; but the oversight must beeffective.


12/56


13/56


Importance of Relevanceof Internal Control

Definition of Internal Control

The COSO of the TreadwayCommission in its Internal ControlIntegrated Framework defines internalcontrol as a process, effectedby an entitys board of directors,management, and other personnel,designed to provide reasonableassurance regarding the achievementof objectives in the following

categories: Effectiveness and eficiency of

operations

Realiability of financial reporting

Compliance with applicable laws andregulations

An organizations internal controlsconsist of the policies and procedures

in place that provide a reasonable levelof assurance that these objectives areachieved. Not all of the policies andprocedures employed by an entitywould be relevant to an independentauditor performing a Single Audit,Chief Financial Officers Act Audit, oraudit of the organizations financialstatements. Certain controls governingthe efficiency of operations, while

significant to the ultimate success ofthe entity,would not necessarily beconsidered in an audit.

Although Government AuditingStandards, 2003 Revision does notprescribe additional internal controlstandards for financial statementaudits, it does emphasize severalaspects of internal controls that are

important to the judgment auditorsmake about audit risk and about theevidence needed to support theiropinion on the financial statements:

Controls over the safeguarding ofassets

Controls over compliance with lawsand regulations

Controls over environment and riskassessment (how effective are thecontrols that are in place?)

It is important to understand thatthe objective of internal controlsis to provide reasonable, but notabsolute, assurance that an entityscontrol objectives have been met. Anentitys success in achieving its controlobjectives is limited by circumvention,breakdown of existing controls, poormanagement oversight, the ability

to override the system, and the highcost of implementing certain controls.Despite the existence of adequateinternal controls, the reliability offinancial reporting and compliancewith laws and regulations are notensured.

Weaknesses in internal controls have been the root causeof many problems, including fraudulent activities, errors,and noncompliance with laws and regulations. Accordingly,the adequacy of internal control should be the primaryconcern of the governing bodies and audit committees.Understanding an organizations internal controls willhelp audit committees understand the organizations riskmanagement and the processes used to mitigate risks.

Section Three Importance and Relevance of Internal Control - Page 7

Section Three



14/56


Section Three Importance and Relevance of Internal Control - Page 8

Components of Internal Control

COSO is the most widely used framework in the UnitedStates for establishing an internal control structure. Theframework that COSO describes encompasses both

disclosure and financial reporting controls.The COSO framework categorizes effective internal controlinto five interrelated components. By dividing internalcontrol into these elements, the COSO framework simplifiesmanagements task of administering and supervising allthe activities that contribute to a successful internal controlstructure:

Control environmentThe control environment encompasses every facet of the internalcontrol framework; it is the universe in which all other elements

exist.The control environment includes such concepts as tone,attitude, awareness, competence, and style. It derives much of itsstrength from the tone established by the organizations governingbody and higher management.

Risk assessmentRisk assessment involves managements identification and analysisof relevant risks to achieving business objectives. The goal of arisk assessment is to document each business objective, from thehighest level (such as limit budgetary growth to 5 percent) tothe lowest level (such as collect property tax receivables within 30days), and identify every risk that could undermine or block the

objective.

Control activitiesControl activities are developed to address each control objectivein order to mitigate the risks identified.They are the specificpolicies, procedures, and practices that are designed to ensurethat business objectives are achieved and risk mitigation strategiesare implemented.The range of controls is broad, and activitiesfor a particular organization will vary according to the nature ofthe business. Some general examples of control activities includesegregation of duties, account reconciliation, use of authorizationsignatures,matching of invoices to purchase orders, and physicalsecurity of assets.

Information and communicationInformation and communication support internal control byconveying directives from management to the employees in aform and a time frame that allow them to perform their controlactivities effectively. The process should also work in reverse,communicating information on results and deficiencies from theground levels of an organization to executives and the board ofdirectors.


MonitoringMonitoring is a process to assess the quality ofinternal control over time through ongoing and specialevaluations.Monitoring can include both internal andexternal oversight of internal control by management,employees, or outside parties (such as outsourced internalaudit functions).

Each of these components can be applied to thesecategories of objectives listed aboveeffectivenessand efficiency of operations, reliability of financialreporting, and compliance with applicable lawsand regulations. In fact, all five of the componentsshould be present and functioning effectively toconclude that internal controls are effective for each

category of objectives.

Responsibility for Internal Control

Audit committees can help ensure that each ofthe five preceding components of internal controlare present in their organization and are operatingeffectively. As part of their responsibilities, auditcommittees should be actively involved in setting anappropriate control environment, the assessment ofrisk, the implementation and operation of controlactivities, the collection and dissemination ofpertinent information, and the monitoring of criticalcontrols.

Everyone in an organization has a responsibility inthe internal control structure.The COSO designateseach partys role and responsibility as follows:

ManagementThe chief executive officer (such as governor,mayor,county executive, legislative auditor, or entitypresident) is ultimately responsible and should assumeownership of the system. More than any otherindividual, the chief executive sets the tone at the topthat affects integrity and ethics and other factors of apositive control environment. The chief executive fulfillsthis duty by providing leadership and direction to seniormanagers and reviewing the way that they are controllingthe organization. Senior managers, in turn, assignresponsibility for establishment of more specific internalcontrol policies and procedures to personnel responsible

for each departments functions.



15/56


Section Three Importance and Relevance of Internal Control - Page 9Deloitte & Touche LLP

Governing BodiesManagement is accountable to the governing body,which provides governance, guidance, and oversight.Effective governing body members are objective,capable, and inquisitive.They also have a knowledgeof the governments activities and environmentand commit the time necessary to fulfill theirresponsibilities.Management may be in a position tooverride controls and ignore or stifle communicationsfrom subordinates, enabling dishonest managementthat intentionally misrepresents results to cover itstracks. A strong, active audit committee, particularlywhen coupled with effective upward communicationsand capable financial, legal, and internal auditfunctions, is best able to identify and correct such aproblem.

Internal AuditorsInternal auditors play an important role in evaluatingthe effectiveness of control systems and contributeto ongoing effectiveness. Because of organizationalposition and authority, an internal audit function playsa significant monitoring role.

Other PersonnelInternal control is, to some degree, the responsibilityof everyone in an organization and thereforeshould be part of each persons job description.

Virtually all employees produce information usedin the internal control system or take other actionsneeded to effect control. All personnel should beresponsible for communicating problems in operations,noncompliance with the code of conduct, policyviolations, or illegal acts.


16/56


17/56


Principal AuditCommittee Activities

Traditionally, audit committees havethe following duties:

To recommend the selection ofoutside independent auditors

To assess and monitor theindependent status of the outsideindependent auditors

To approve the overall audit scope

To oversee the review of theadequacy of internal controls,including:

Internal audit activities

Fraud prevention and detectionactivities

To review the annual financialstatements and audit report

To direct special investigations forthe governing body

Traditionally, audit committees havethe following duties:

These traditional duties remainrelevant. Indeed, given todaysenvironment, the diligence with whichthey are pursued has taken on an evengreater importance.

With the current focus on internalcontrols, as evidenced by the COSOreport and the 2003 revisions toGovernment Auditing Standards ,public sector audit committees musttake special care in their role ofreviewing the systems and controlsthat ensure compliance with laws andregulations.

As discussed in Chapter 3,Importance and Relevance of Internal Control, everyone in an organizationhas a responsibility for the entitys internal controls and compliance with laws and regulations.Management is directly responsible for the entitys financial statements, internal controls, andcompliance with laws and regulations.The audit committee should oversee and monitor howmanagement carries out these functions. Through this oversight role, the audit committee must alsosatisfy itself that the responsibilities of the outside independent auditors are effectively discharged.Outside auditors are responsible for attesting to the fairness of the presentation of the financialstatements in accordance with generally accepted accounting principles and, if applicable to theengagement, for satisfying the reporting requirements related to local budget ordinances, the SingleAudit Act, Chief Financial Officers Audit Act, and/or Government Auditing Standards, 2003 Revision..

Section Four Principal Audit Committee Activities - Page 11

Section Four



18/56


Section Four Principal Audit Committee Activities - Page 12

Furthermore, audit committees are now expected tounderstand:

Critical accounting policies and practices used by entities

Alternative accounting treatments within GAAP relatedto material items that have been discussed withmanagement

The ramifications of the use of alternative treatments anddisclosures and the treatment preferred by the audit firm

The activities related to oversight of management andinternal controls are discussed below. Activities relevant tothe conduct of the audit are further discussed in Chapters 6and 7.

Internal Control and Compliance ReviewOversight of an organizations internal controls hastraditionally been part of the audit committees function.The audit committee should ensure that managementmaintain appropriate internal controls.Therefore, thecommittee should:

Understand how the internal control objectives areachieved within the government

Have knowledge of the risk control areas and the activitiesneeded to be performed by the entity to address thoserisks

Consider whether the control environment and specificcontrol procedures could reasonably be expected toaccomplish their specific objectives

Be satisfied that appropriate monitoring devices arein place to detect dysfunctions, including fraudulentactivities

Ensure corrective action is taken, as necessary

To carry out this responsibility, the audit committee mustunderstand how decisionmaking authority is delegatedbetween management and the governing body. It shouldconsider whether management measures the adequacyof controls to identify and correct exceptions or out-of-pattern items. The audit committee should be satisfiedthat management continually challenges its controls andorganization structures to ensure proper alignment withestablished policies and procedures.


Other Activities

The governing body may assign special projects tothe audit committee to ensure that the organizationsdisclosure obligations are satisfied.These projects mayinclude:

Investigating questionable payment or lapses of internalcontrol and compliance

Understanding how compliance with laws andregulations is monitored and achieved

Monitoring compliance with the governments code ofconduct or ethics provisions

Assessing the adequacy of internal control over dataprocessing operations or computer-accessible data,which is even more important with the proliferation ofmicrocomputers and client/server technology

Measuring the likely impact of changes in accountingstandards proposed by the appropriate standards board(e.g., GASB, FASB, FASAB) or other regulatory bodies

Most audit committees devote some of their meetingtime to their own education, selecting certain aspects ofthe governments internal controls, accounting principles,compliance requirements, and financial reporting

requirements.This education may also address legalconsiderations and the impact of new nonfinancial lawsand litigation.The audit committees educational effortsmay reveal areas and issues that should receive greaterattention from them and from the governing body.



19/56


Establishing the AuditCommittee

At a minimum, the charter should:

State the mission or objectives of theaudit committee

Establish its authority Define its organization and

methodology

Identify how independent membersare appointed

Prescribe terms of members

Establish voting and quorumrequirements

Establish liability indemnification

Be goal-oriented and not beso detailed as to restrict thecommittees scope of operations

The formation of audit committeesdoes not relieve governing bodies ofresponsibility for matters consideredby audit committees. In most entities,there are legal restrictions on whatcan be delegated to committees.The audit committee should use the

responsibilities outlined in the charterto develop a responsibility checklistand meetings agenda that aredesigned to ensure that the provisionsof the charter are executed in anappropriate and timely manner.

The bylaws establish the rules andprocedures under which the auditcommittee operates.The bylawsshould:

Be adopted by the committeemembers themselves

Guide how the audit committeewill discharge its mission anddecisionmaking authority

Identify the specific activities of thecommittee and organization andwho will control meetings

Specify reporting and documentationrequirements

Set quorum and voting procedures

A written charter setting forth the duties and esponsibilitiesof the audit committee is recommended.The chartershould be approved by the governing body and periodicallyreviewed and amended as necessary.

Section Five Establishing the Audit Committee - Page 13

Section Five


Charter and Bylaws

Exhibit 1 presents a sample auditcommittee charter and bylaws.

Committee MembershipSkillsMembers of the audit committee shouldcollectively have:

Political, governing, andcommunication skills

A knowledge of the needs, interests,and concerns of the constituency

Accounting, financial reporting, andauditing expertise and experience

Administrative experience thatwould allow the audit committeeto be able to relate to the pressuresand demands of the public financeofficer and management


20/56


Section Five Establishing the Audit Committee - Page 14

Usually, outside members are sought to have the technicalexpertise and experience. The audit committee shouldinclude a financial expert who is determined by thegoverning body to possess the following attributes:

An understanding of financial statements and generallyaccepted accounting principles

An ability to assess the general application of suchprinciples in connection with the accounting of estimates,accruals, and reserves

Experience preparing, auditing, and analyzing orevaluating financial statements

An understanding of internal controls and procedures forfinancial reporting

An understanding of audit committee functions

QualitiesMembers should be vigilant and probing. They should be able andwilling to ask the hard, penetrating questions sometimes necessaryto discharge their oversight responsibility. They should also be ableand willing to deal with controversial matters and make difficultcomments and recommendations when necessary.

Number of membersThree to six members are usually recommended. The committeeshould be large enough to accommodate the breadth of skills andexperience pertinent to local circumstances and yet not so largethat dialogue and communication are restricted.

TermsThe terms of the members should be long enough to maintaincontinuity and provide an institutional memory but not so longthat parochial interests intrude. It is important to maintain auniform level of interest of the members and yet provide for newperspectives and fresh insight. Terms less than two years are tooshort and more than eight years are too long. Terms should also bestaggered.

Chair and staff supportA chairperson should be designated either by the governingbody or by the committee members. The chair is the focal pointof communication with the committee and is responsible for theorganization and proper flow of meetings.

Staff support should come from management, including anindividual designated by the committee to maintain the minutesand records of the committees activities.


Voting and quorumVoting and quorum requirements should be established in thecharter or bylaws and should seek to maintain the committeesindependence. A majority of members should be required forconducting official meetings and casting votes.

It is also important to require the presence and participation ofmanagement and the auditors. The committee cannot operateeffectively without their participation. Questions and commentsof the committee can thereby be exchanged with the responsibleindividuals.



21/56


Audit CommitteeMeetings

Number

Factors that determine the number oftimes an audit committee meets and

what specifically needs to be discussedat each meeting include:

The preparation, knowledge,and experience of the committeemembers

The nature of the committeesspecific responsibilities

Characteristics of the jurisdiction,such as the complexity and size ofoperations

Quality of the control environmentThe average number of auditcommittee meetings is four per year.At a minimum, separate meetingsshould be held to discuss:

Internal and external audit scopeand plans

Financial statements and disclosures

Internal control and complianceresults

Meetings are often open for public

observation. This reinforces theappearance of independence of thecommittee and reinforces publicconfidence in the audit committeeprocess. Nonpublic executive sessionsshould also be held with the internaland external auditors at least once peryear.

Committee Agenda

One of the most important topics forthe audit committee to consider is itsown agenda in light of evolving publicand governing body expectations andproposals. The committee may makerecommendations to the governingbody concerning matters that shouldcome within its purview, be transferredto other committees, or be dealt withby the governing body as a whole.

This section addresses some basic elements of auditcommittee meetings, such as the number to be held eachyear, agendas, suggested meeting types and topics, andminutes.

Section Six Audit Committee Meetings - Page 15

Section Six


The outside auditors knowledgeand experience give them a uniqueperspective and an obligation to advisethe governing body on its oversight offinancial matters.

The auditors may suggest topicsfor the audit committees agendabased on current developments thataffect the committees duties orresponsibilities.

Exhibit 2 presents a sample auditcommittee schedule and agenda. Itpresumes the committee requires fivemeetings each year and schedules themeetings to coincide with the financialreporting cycle, e.g.,March throughFebruary for June 30 fiscal year-endentities.

Audit Scope Meeting

The principal purpose of this meeting,which normally occurs beforesignificant audit work has begun, is toapprove the intended audit scope andplan. The meeting usually addressesthe outside auditors planned approachto the annual audit and may includea summary of critical dates and plansfor engagement timing. It should alsoinclude important aspects of staffing,


22/56



such as the competence and relevant expertise of individualmembers of the audit team.

To focus on important phases of the audit, it is helpful tohave the auditors engagement letter (or a written audit

plan) in advance of the meeting.The engagement letter oraudit plan summarizes the auditors understanding of theterms and objectives of the engagement, including theestimated fees and the basis on which they are determined.

Topics covered should include:

Issues affecting the planned scope of the audit, includingfinancial and compliance risks

Evaluation of managements identification of fraud risks

The basis for determining audit scope, covering such

matters as the audit process, financial reportingrequirements,materiality levels, and adequacy of internalcontrols

The audit scope for the current year, including the basisfor selecting certain units for testing

Areas subject to audit testing and how sampling isemployed to arrive at the satisfactory level of confidenceabout the overall financial statements

The coordination of the audit work with internal auditactivities

Other areas to be covered, such as audits of grants,contracts, and compliance with rules and regulations

Issues from the prior years engagement that bear on thecurrent years audit scope

Time will not permit the outside auditor to explain all detailsof the engagement, especially when the organizationsoperations are complex. Instead, some audit committeesexplore one phase of the audit in depth each year, mostcommonly by having the auditor explain the approach to

auditing transactions processed through one of the majoraccounting cycles or systems. This indepth review allowscommittee members to understand more fully the majorinternal control systems and the audit methodology used.Exhibit 3 is a list of questions about audit scope that anaudit committee might ask auditors. These questions, aswell as those in later exhibits, are illustrative rather thancomprehensive.


Another topic often discussed at this meeting is anoverview of new developments in accounting andauditing. New standards that have been issued orproposed by the GASB, FASB, FASAB, GAO, or other

regulatory agencies that would affect the organizationshould be discussed with the outside auditors ormanagement and their impact considered.

Financial Statements Meeting

The audit committees purpose at this meeting, usuallyheld at the conclusion of the audit, is to approve formallythe draft financial statements. The committee mustascertain whether the responsibilities of management forthe preparation of the financial statements and of theoutside auditor for attesting to the fair presentation of the

financial statements have been effectively discharged.Management should present the draft financial statementsfocusing on the major items disclosed in the statements orfootnotes:

Significant management judgments and estimates,such as estimates for judgments, claims, self-insuranceliabilities, allowance for doubtful accounts, or pensions

Trends or changing patterns

Managements discussion and analysis (MD&A) section

of the financial statementst Important changes in the format or account

classifications

Disclosure of commitments and contingencies

Exhibits 4 through 8 illustrate questions an auditcommittee might ask both management and the auditorsabout the financial statements and questions an auditcommittee might ask auditors about audit results.

The audit committee should devote significant attention to

the disclosures in the footnotes to the financial statementsand significant changes from the prior year. The discussionusually will begin with the organizations accountingpolicies. The committee should understand the reasonsfor a change in accounting principles or in methods oftheir application and assure itself of the concurrence ofthe outside auditors. The committee may also ask for acomparison of the organizations accounting methods withthose of similar organizations.



23/56


24/56



In addition to the above, the auditor is required tocommunicate whether management consulted with otheraccountants with regard to accounting pronouncements ortheir applications and major issues management discussed

with the auditor prior to the auditors retention.

Internal Control and Compliance Meeting

The purpose of this meeting is to present the outsideauditors comments and recommendations concerningthe organizations internal accounting, administrative,and compliance controls. Relatively minor deficiencies areusually not discussed with the audit committee, althoughsummaries of such deficiencies may be provided to thecommittee through a letter from the auditors reportingtheir summary findings on internal control and compliance.

Exhibit 9 lists questions an audit committee might askauditors about internal controls and compliance.

In addition to the professional standards with respect tocommunication to audit committees at the conclusionof a financial statement audit, Government AuditingStandards, 2003 Revision imposes additional requirementsrelating to the scope of internal control and compliancework performed. The auditor is required to communicatethe following to the individuals responsible for overseeingfinancial reporting:

The auditors responsibilities for testing internal controlsand compliance with laws and regulations in a financialstatement audit

The nature of any additional testing of internal controlsand compliance with laws and regulations

The options for additional testing of internal controlsand compliance through agreed-upon procedures orexamination

Possible weaknesses in internal controls of which auditors

may be aware prior to undertaking the specific auditengagement

The effect that possible weaknesses in internal controlscould have on the accuracy and sufficiency of financialinformation used for management decisionmaking,safeguarding of assets, or compliance with laws andregulations


Internal control weaknesses constitute a condition inwhich the auditor believes the specific control procedures,or the degree of compliance with them, are not sufficientto achieve a relatively low risk that errors or irregularities

would be presented or detected within a timely periodby employees in the normal course of their assignedfunctions. Such conditions may be reported to the auditcommittee as a material weakness, a reportable condition,or another matter involving internal control over financialreporting.

In addition to the requirements of the Generally AcceptedAuditing Standards (GAAS) and Government AuditingStandards, 2003 Revision , Circular A-133 requires theauditor to:

Perform procedures to obtain an understanding ofinternal control over compliance for federal programsthat is sufficient to plan the audit to support a lowassessed level of control risk for major federal programs

Plan the testing of controls over compliance for majorprograms to support a low assessed level of control risk

Perform testing of controls over compliance as planned

Report on internal controls over compliance

The GAO/PCIE Financial Audit Manual has similar

requirements.The committee members should have a basicunderstanding of the organizations controls overcompliance and review the findings and recommendationsmade by the independent auditor.

Other Meeting Topics

Other meetings may be held to consider.

Activities and plans of the internal auditort

Major lawsuits filed against the organization

Significant changes in new accounting and auditingstandards or other regulatory requirements

Major organizational changes

The audits of financial statements of related entities,such as major component units



25/56


Section Six Audit Committee Meetings - Page 19Deloitte & Touche LLP

Events that raise questions about the integrity of amember of senior management

Form and content requirements for Single Audit or ChiefFinancial Officers Act Audit reports

Education of audit committee members on organizationalmatters or technical developments

Executive Sessions

Audit committees should meet with each of the majorparticipantsoutside auditors, internal auditors, andmanagementwithout the others present. In such asession, the committee may raise questions with each groupto encourage candor.

An audit committee meeting with the outside auditors inclosed session by no means indicates that managementsor the auditors credibility is in doubt or that managementor the auditor is not meeting its responsibilities. To conducttheir audit, the outside auditors must maintain an open andcandid relationship with management. Their obligation todiscuss sensitive matters with the governing body need notoverride this. Management and the auditors must use good

judgment and tact to avoid misunderstandings.

Committee members should determine whether:

The auditor received the full cooperation of management

Management was satisfied with the competence of theauditors and the timing and scheduling of audit work

Any weaknesses in controls or inefficiencies occurred thatcould not be brought to the committees attention in thepresence of management

The auditor believes that management is knowledgeable,conscientious, and competent

Any instances of errors, irregularities, or illegal actsoccurred that the auditor could not discuss in thepresence of management

Minutes

Minutes are the formal record of the committees activitiesand are a source of input for the committees annual report.hey should therefore include:

A copy of the meeting agenda

The date, attendance, and location of the meeting

A brief discussion of the salient topics discussed; atranscript of the committee meeting is not necessary

Transcript of formal resolutions

Copies of materials discussed or presented at the meeting

Identification of the end of the minutes and meetingadjournment

These minutes should be circulated to the members whowere in attendance for their comments and corrections.Corrected minutes should be formally approved by thecommittee no later than the following meeting and besigned by the committee secretary. In this manner, theapproved minutes will reflect the consensus of the membersrather than the recollections of one or more individuals.


26/56


27/56


Audit CommitteeDuties

Selection of Independent Auditors

The audit committee may beempowered by the governingbody to select the outside auditorsor, as is more often the case, torecommend an independent auditfirm to the full governing body, whichformally approves the selection. Inits evaluation, the audit committeeshould consider a firms:

Independence

Reputation

Range of services

Persons who would be responsiblefor the services provided to theentity and their experience withpublic sector and Single Audits

Level of public sector and otherrelevant technical expertise

Ability to serve the entitysgeographic location

Quality control standards, includingreports on recent peer reviews

Fee estimates

The GAO in its report CPA AuditQuality: A Framework for Procuring

Audit Services also recommends,regarding audit procurement, that theaudit committee:

Participate in the entitys

procurement process, includingplanning the procurement andidentifying and evaluating potentialbidders

Participate in evaluating audit firmsusing preestablished technicalfactors

Provide active oversight of theentitys procurement process

When considering the annual

reappointment of the existing auditors,in addition to evaluating the foregoingfactors, the audit committee shouldreview:

Quality of services rendered

Efficiency and effectiveness achievedin the audit and other services

Benefits obtained fromrecommendations for improvements

Overall strength of the relationship

This evaluation is based partlyon the interaction between theoutside auditors and the committee,but it is principally dependent onan assessment by management.In making its evaluation, theaudit committee must remaincognizant of the AICPA and GAOrequirements dealing with auditorsindependence on an ongoing basis,

not just in conjunction with an initialappointment.

Previous chapters have provided an overview of theprincipal committee activities and discussed key topics thatshould be covered at each meeting. This chapter providesfurther guidance for the committee in the areas of selectionof independent auditors, audit scope assessment, and thereview of the audit results.

Section Seven Audit Committee Duties - Page 21

Section Seven



28/56



An occasional practice in the public sector arena ismandatory rotation of the independent audit firm.Although there is a perceived benefit to the governmentalentity of this practice, in reality there is no credible evidence

that mandatory auditor rotation improves audit quality orreduces fees. In fact, the risk of audit failure increases witheach change of auditors. Audit quality suffers when a newauditor is unfamiliar with a clients business and specificoperations.

The AICPA has indicated that mandatory audit firm rotationis not necessary or appropriate for the following reasons:

Audits are strengthened by institutional continuity. It isa significant benefit to be well acquainted with a clientsbusiness, operations, and controls.

Audit firm rotation is disruptive and time-consuming andincreases overall audit costs.

Key individuals involved in the audit processaudit firmpersonnel, client management, and audit committeemembersall typically change in the normal course ofevents.

Audit committees are in the best position to evaluate thedesirability of changing auditors.

Growing public expectations, regulatory changes, andrecent professional initiatives have served to improve theauditing and financial reporting processes as well as tocreate an environment for ongoing improvement withoutthe undesirable consequences of mandatory rotation.

Another reason cited for rotation of audit firms is to ensureindependence from management. An active, diligent auditcommittee does far more to ensure auditor independencethan a policy of mandatory rotation. Exhibit 10 listsquestions an audit committee might ask in assessing thequalifications of independent accountants.

Audit Scope AssessmentSome determinants of audit scope include key areas ofcontrol and compliance risk, adequacy of the entitysinternal controls, and controls to ensure compliance withlaws and regulations and financial reporting requirements.Committee members may want to discuss:

Allocation of audit procedures among the entitys units


Significant transaction cycles

Significant controls over compliance with laws andregulations

Individual financial statement balances or disclosures

Nature of audit tests

Extent of reliance on internal controls

Materiality levels

Levels of assurance obtained

Viewing the audit in terms of a conceptual model maybe helpful to the audit committee. In reviewing the auditscope, the audit committee typically considers:

External financial reporting requirements

Accounting policies followed by the jurisdiction

Organizational, operational, and complianceconsiderations (including their impact on processing andinterpreting accounting information)

Requirements and needs of financial information users(citizen groups, investors and creditors, the GAO,cognizant agencies, and other regulatory bodies)

The audit committees objective is satisfaction that thescope of the audit contemplated by the outside auditor

adequately considers the important reporting needs andquestions.

The committee may also request the outside auditorsto perform special or supplementary reviews of certaincontrol and compliance areas not required for auditpurposes. Such reviews help monitor compliance withspecific organizational policies and objectives. Outsideauditors might, for example, review an operational unitspurchasing practices for compliance with organizationalpolicy. Ordinarily, additional reviews are considered alongwith the audit requirements in order to integrate them

into the audit logistics efficiently.The committee membersshould have a basic understanding of the organizationscontrols over compliance and review the findings andrecommendations made by the independent auditor.

Audit Results ReviewUnderstanding the issuesAudit committees acquire the knowledge they need toreview the results of the audit by:



29/56


Section Seven Audit Committee Duties - Page 23Deloitte & Touche LLP

Reading the financial statements, the comprehensiveannual financial report, and other reports

Briefings from management and the independentauditors on the impact of accounting principles importantto the entity

Reading financial press and newsletters preparedby accounting firms and public sector professionalorganizations that summarize new accounting, auditing,and regulatory compliance developments

Once the issues are understood, audit committee memberscan define their specific information needs and obtainexplanations from management, the independent auditors,and the internal auditors and isolate the sensitive areasrequiring in-depth attention. They then can devote time toobtaining a more thorough understanding of the issues insensitive or important areas and to discussing the way theseissues should be handled.

Internal control and complianceThe audit committee should:

Review the auditors reports on internal control andcompliance with laws and regulations

Determine whether material weaknesses, reportableconditions, or other findings were reported

Fully understand the reasons underlying anyreportable conditions,material weaknesses, findings ofnoncompliance, and questioned costs (Even when thescope of the audit did not include reports on internalcontrol and compliance with laws and regulations, theaudit committee should satisfy itself that managementmaintains appropriate internal controls by makinginquiries of the auditor.)

Review the management letter of recommendations in

which suggestions for improvement to internal controlsare made (The committee should fully understand theissues raised and the related recommendations; thecommittee should also satisfy itself that managementis diligent in following up and correcting previouslyidentified weaknesses in internal control and instances ofnoncompliance.)

If an agreed-upon procedures engagement was performedin accordance with Statements on Standards for AttestationEngagements (SSAE) No. 3, Compliance Attestation, inwhich management provides written assertions about the

entitys compliance with specified requirements or theeffectiveness of the entitys internal control structure, theaudit committee should obtain managements assertions,which should be reviewed and fully understood by theaudit committee. The assertions and the criteria usedto measure the assertions should be reviewed and fullyunderstood by the audit committee. The criteria usedmust be established by a recognized body or stated in theassertion in a sufficiently clear and comprehensive mannerfor a knowledgeable reader to understand it.Managementsassertions must be capable of measurement using such

criteria..

Annual reportA primary responsibility of the audit committee is toreview the financial statements and, if appropriate, thecomprehensive annual financial report and the underlyingaudit results with management and the outside auditors.This review considers:

Reasons for nonstandard audit opinion

Changes in accounting policies or principles during theyear

Important differences in financial accounting andreporting compared with other organizations

Significant areas of judgment in the financial statements,such as receivables collectibility and other accountingestimates

Unusual or significant commitments or contingencies

Material noncompliance with laws, regulations, and grantprovisions

Significant accounting and auditing problemsencountered during the audit, including differences ofopinion or disagreements between management and theauditors

Unexpected adjustments or additional disclosuresproposed by the outside auditors

Changes in report format or the nature of footnotedisclosures from the prior years financial statements


30/56



Oversight of Internal Audit

The internal audit function is an important element inproviding assurance to an organization that its internalcontrols are adequate and functioning properly. Internal

audit activities should be focused to address the risks of lossof financial resources, instances of noncompliance, or othercontrol risks. Examples of areas on which internal auditmight focus are:

Risk assessment as it relates to risk of misappropriation ofassets due to fraud

Internal control reviews

Independent audits of various accounts and financialactivity

Federal program compliance reviews Accounting policy compliance reviews

Operational reviews and special projects

Performance audits

The audit committee should maintain direct oversight of theinternal audit function. Responsibilities may include:

Ensuring that the internal auditor has direct access to theaudit committee

Reviewing the risk assessment prepared by internal auditor an outside party

Identifying areas of organizational risk or concern

Reviewing and approving the annual internal audit plan

Reviewing and taking action on internal audit reports

Ensuring that management is addressing issues raised ininternal audit reports

Assessing the organizational structure, qualifications, andstaffing of the internal audit function

Assessing the effectiveness of the internal audit function

Periodically reviewing with the internal audit director anysignificant difficulties, disagreements with management,or scope restrictions encountered in the course of thefunctions work




31/56


Audit CommitteeRelationships

Interaction With Outside Auditors

Independent accountants are requiredby generally accepted auditing

standards and by Government Auditing Standards to bring certainmatters to the attention of thegoverning body and audit committee.

Where an audit committee exists, itis the appropriate vehicle for auditor-governing body communications.Audit committees may properly viewthe outside auditors as a fact-findingarm and as surrogates in makingevaluations requiring accounting and

auditing expertise.See Exhibits 3-9 for a sample ofquestions an audit committee mightask the outside auditor.

The outside auditor has to be sensitiveand alert to the needs of the auditcommittee:

The importance of issues varies fromorganization to organization.

In cases where committee discussionis necessary, issues presented to thecommittee should be simplified totheir essence.

Auditors should also be sensitive to theneeds of management:

Matters should be discussed withmanagement prior to presentationto the committee..

A written report to the auditcommittee highlighting the subjectsto be raised at any meeting shouldbe prepared by the auditorsand distributed to managementbeforehand.

Interaction With Internal Auditors

Most audit committees regularlyreview the internal audit function as apart of their consideration of internalaccounting control and operatingefficiency, anticipating that the internalauditors will cover areas not includedin the outside auditors scope.

Many organizations have taken steps

to ensure that the director of internalaudit has access to the governing bodythrough its audit committee on botha scheduled and as-needed basis andthat management hierarchy does nothamper internal audit effectiveness.Ordinarily, much of this liaison isachieved by having the director ofinternal audit present at all regularaudit committee meetings and byhaving a report on internal audit

activities and scope presented at thosemeetings.

The Treadway Commissionrecommends that the chief internalauditor should:

Have direct and unrestricted accessto the audit committee.

Meet privately with the committeeon a regular basis.

Attend all audit committeemeetings.

Report to the committee at regularintervals on the activities of theinternal audit function.

The roles and responsibilities of the audit committee,management, internal auditors, and outside auditorsare so interrelated that open lines of communicationare important. Careful planning and coordination arecharacteristics of an effective audit committee.

Section Eight Audit Committee Relationships - Page 25

Section Eight



32/56


33/56


Section Eight Audit Committee Relationships - Page 27Deloitte & Touche LLP

Review of accounting issues that arose

Description of its relationship with management, internalauditor, external auditor, and governing body

Further, the entitys comprehensive annual financial reportshould include the chairpersons letter reporting on thecommittees responsibilities and activities for the period. TheTreadway Commission recommends such a letter in orderto make the audit committee more visible and improvecommunications to the public.The letter also reinforcesthe audit committee members awareness and acceptanceof their charter responsibilities.The Treadway Commissionrecommends that the letter include discussion of.

The composition and authority of the audit committee

The identification and affiliation of the audit committeemembers

The audit committees purpose, objectives, andresponsibilities

The activities of the audit committee during the period,including such matters as the number of meetings heldand the significant topics discussed with management,internal auditors, and independent public accountant

An example of the chairpersons letter is included as Exhibit11.


34/56


35/56


Appendix & Exhibits - Page 29Deloitte & Touche LLP

Appendix & Exhibits .


36/56


Sarbanes-Oxley Act of2002

The following is a summary of therequirements of the Act as it relates toaudit committees:

The audit committee comprisesdirectors who meet theindependence requirements of theAct.

One member of the audit committeeis a financial expert.

The audit committee has theauthority to engage independentcounsel and other advisors as itdeems appropriate.

Appointment

Compensation

Review of performance

Removal, if appropriate

Resolutions of disagreements withmanagement

Review of any audit problems ordifficulties and managementsresponse

The audit committee shouldhold timely discussions with theindependent auditor regarding:

All critical accounting policies andpractices

All alternative treatments offinancial information within GAAPthat have been discussed withmanagement, ramifications of the

use of such alternative disclosureand treatments, and the treatmentpreferred by the independentauditor

Other material writtencommunications betweenthe independent auditor andmanagement, including themanagement letter and scheduleof unadjusted differences

The audit committee has the

responsibility to review: Certifications by management

Managements report on internalcontrols and the independentauditors attestation onmanagements assertionsr

The audit committee has establishedand maintains procedures for thereceipt, retention, and treatment ofcomplaints regarding accounting,internal accounting, or auditingmatters.

The audit committee has establishedand maintains procedures for theconfidential, anonymous submissionby employees regarding questionableaccounting or auditing matters.

While the Sarbanes-Oxley Act of 2002 (the Act) does notapply to public sector organizations, the reforms enactedby the Act represent a codification of many practices thatwere already present, as well as many new forward-thinkingmeans of protecting investor interests. For this reason,audit committees of public sector entities should take therequirements included in the Act into consideration.

Appendix - Page 30

Appendix



37/56


Exhibit 1

Sample Audit Committe Charter

The Governing Body hereby constitutesand establishes and audit committee.

Composition

The committee shall be composedof five members appointed by theGoverning Body, three of whom aremembers of the Governing Body andtwo of whom are outside members. Allfive members should be independentof management and the independent

auditor.The members terms shall bethree years and staggered so that thecommittee annually includes a newmember and members with one andtwo years of service.The majority ofthe members of the committee shallhave a basic understanding of financeand accounting.The chairman ofthe committee will have accountingor related financial managementexpertise and will be appointed by theGoverning Body.

Authority and Responsibility

The audit committee is to serve asa focal point for communicationbetween the Governing Body, theindependent auditor, the internalauditor, and management.The auditcommittee is to assist the GoverningBody in fulfilling its responsibilities as

to accounting policies and reporting

practices of the Entity and sufficiencyof auditing relative thereto. It is to bethe Governing Bodys principal agentin ensuring the independence of theEntitys independent auditors, theintegrity of management, and theadequacy of disclosures to the public.The opportunity of the independentauditors to meet with the entireGoverning Body as needed, however,is not to be restricted.The committee

shall oversee and advise the GoverningBody and management on theselection of independent auditors.

Sample Audit Committe Bylaws

The audit committee of the Entitywas established by charter approvedby the Governing Body on [date].Thecommittees operational guidelinesare set down herein and may beamended, after consultation with the

Governing Body, by a majority voteof the independent members. Theauthority and responsibility of theaudit committee and the appointmentand terms of members are designatedin the charter and are incorporatedherein by reference.

Meetings

The audit committee is to meet at leastthree times per year and as manytimes as

the committee deems necessary..

Attendance

Members of the audit committeeare to be present at all meetings. Asnecessary or desirable, the chairmanmay request that members of

management, the director of internalaudit, and representatives of theindependent auditor be present at ameeting of the committee. Three outof five members should be present tohave a quorum.

Appendix Exhibit 1 - Page 31Deloitte & Touche LLP


38/56


Appendix Exhibit 1 - Page 32

Specific Duties

Financial Reporting

The audit committee is to:

1 Review with management, the independent auditor,and director of internal audit the Entitys policies andprocedures to reasonably ensure the adequacy of internalcontrols over accounting, administration, compliance withlaws and regulations, and financial reporting.

2 Have familiarity, through the individual efforts of itsmembers, with the accounting and reporting principlesand practices applied by the Entity in preparing itsfinancial statements. Further, the committee is tomake, or cause to be made, all necessary inquiries of

management and the independent auditor concerningestablished standards of conduct and performance, anddeviations therefrom.

3 Review, prior to the start of the annual audit, thescope and general extent of the independent auditorsplanned examination, including its engagement letter.The auditors fees are to be arranged with managementand summarized annually for committee review. Thecommittees review should entail an understanding fromthe independent auditor of the factors considered by theauditor in determining the audit scope, including:

Risk characteristics of the Entity

External reporting requirements

Materiality of the various segments of the Entityscombined activites

Quality of internal accounting, administrative, andcompliance controls

Exttent of the internal auditors involvement in auditexamination

Other areas to be covered during the audit engagement

4 Review with management, the independent auditor,and director of internal audit the Entitys policies andprocedures to reasonably ensure the adequacy of internalcontrols over accounting, administration, compliance withlaws and regulations, and financial reporting.

Review with management the extent of non-auditservices planned to be provided by the independent


auditor in relation to the objectivity and independenceneeded in the audit.

5 Review with management and the independent auditorinstances where management has obtained second

opinions on accounting and financial reporting policiesfrom other accountants.

6 Review with management and the independent auditor,upon completion of its audit, financial results for theyear prior to their release to the public.

The audit committees review is to encompass theEntitys annual financial report, including the financialstatements and footnote disclosures and supplementaldisclosures required by generally accepted accountingprinciples, including:

Significant transactions not a normal part of theEntitys operations

Selection of and changes, if any, during the year in theEntitys accounting principles or their application

Significant adjustments proposed by the independentauditor

The process used by management in formulatingaccounting estimates and the independent auditorsconclusions regarding the reasonableness of thoseestimates

Any disagreements between the independent auditorand management about matters that could besignificant to the Entitys financial statements or theauditors report

Difficulties encountered in performance of the audit

Management consultation with other accountantswith respect to accounting policies or theirapplications

Major issues discussed between auditor andmanagement prior to retention of auditor



39/56



The audit committee shall also:

1 Evaluate the cooperation received by the independentauditor during its audit, including its access to allrequested records, data, and information. Also, elicit thecomments of management regarding the responsivenessof the independent auditor to the Entitys needs. Inquireof the independent auditor whether there have been anydisagreements with management that, if not satisfactorilyresolved,would have caused the independent auditorto issue a nonstandard report on the Entitys financialstatements.

2 Discuss with the independent auditor the quality ofthe Entitys financial and accounting process and anyrecommendations that the independent auditor may

have.Topics to be considered during this discussioninclude improving internal financial controls, controlsover compliance with laws and regulations, the selectionof accounting principles, and management reportingsystems.

3 Review written responses of management to letter ofcomments and recommendations from the independentauditor and discuss with management the status ofimplementation of prior-period recommendations andcorrective action plans.

4 Discuss with management the scope and quality ofinternal accounting, administrative, compliance, andfinancial reporting controls in effect.

5 Apprise the Governing Body, through minutes and specialpresentations as necessary, of significant developments inthe course of performing the above duties.

6 Recommend to the Governing Body any appropriateextensions or changes in the duties of the committee.

7 Recommend to the Governing Body the retention of theindependent auditor..

8 Perform all of the above duties wherever appropriaterelative to the Entitys component units. The committeemay satisfy this duty by relying on the work of acomponent units audit committee.

9 Report annually to the Governing Body on the dischargeof these responsibilities.

System of Internal Controls

The audit committee is to:

1 Review Entitys process for assessing significant risksor exposures and the steps management has taken tominimize such risks.

2 Consider and review with management and theindependent auditors:

The effectiveness of, or weaknesses in, the Entitysinternal controls, including the status and adequacyof management information systems and otherinformation and security, the overall controlenvironment, and accounting and financial controls

Any related significant findings and recommendationsof the independent accountants, together withmanagements response thereto, including thetimetable for implementation of recommendations tocorrect weaknesses in internal controls

3 Review internal processes for determining and managingkey financial statement risk areas.

4 Review the Entitys process for determining risks andexposures from asserted and unasserted litigationand claims and from noncompliance with laws andregulations.

Ethics

Certain audit committees extend their responsibilities tocover ethics issues for an entity. The following are exampleresponsibilities for an audit committee as they relate toethics:

1 Ensure the existence of and approve for recommendationto the Governing Body policies and procedures regardingcompliance with the law and with significant Entitypolicies, including, but not limited to, (a) code of conductexpressing principles of business ethics, including conflictsof interest; (b) legal compliance; (c) environmental, health,and safety issues; (d) outside affiliation statements;and (e) other matters relating to business conduct andprograms of legal compliance designed to preventand detect violations of laws, rules, regulations, andguidelines. The chairman of the audit committee shall actas a publicized conduit for receiving ethics concerns.


40/56


Appendix Exhibit 2 - Page 34 Deloitte & Touche LLP

Exhibit 2

March

First meeting of the committee year Elect chair and secretary, if necessary

Adopt and/or modify bylaws asneeded

Consider selection or reappointmentof independent auditors for the nextfiscal year

Consider potential independenceissues

Develop a workplan, meetingschedule, and tentative agenda forthe ensuing year

Identify potential problem areas oraccounting issues that may ariseduring the year and identify areas forspecific and detailed discussion

June

Review and approve minutes of prior

meeting Review and comment on the audit

plan and scope

Review the internal auditorsfollow-up on the status of prioryears auditor comments andrecommendations

Discuss any significant deficiencies ininternal control.

Discuss any knowledge of instances

fraud Determine the appropriateness of

disclosures in drafts of all publiclydisseminated information andreports

September

Review and approve minutes of theprior meeting

Review the progress of the

audit, interim auditors lettersor suggestions to management,accounting issues that arose, andother relevant topics

Review draft financial statementsand annual report of the Entity andcomponent units

Review a draft of the auditors report

November

Review and approve minutes of theprior meeting

Review auditors management lettersand managements corrective actionplans for the Entity and componentunits (a review of the minutes orreports of component units auditcommittees might be substituted)

Review auditors reports on internal

controls and compliance with lawsand regulations

Review the annual report of theinternal auditor.

Hold an executive session withthe independent auditor withoutmanagement and others present

February

Review and approve minutes of prior

meeting Review audit committee annual

report

Prepare an open items list for nextcommittee year

Sample Audit Committe Charter

(for an entity with a June 30 fiscal year-end)


41/56


Exhibit 3


Questions an Audit Committee Might Ask Auditors About Audit Scope

1 Have all of the Entitys units been considered in formulating your planned audit scope? If not, which ones wereexcluded, and why?

2 Where you rely on the work of other firms, have you participated in setting the scope of their work? How will yousatisfy yourselves as to the scopes adequacy?

3 Has management restricted, or attempted to restrict, your audit scope in any way?

4 Did you plan an audit scope significantly different from last years? Did you plan significant modifications this year inthe nature and extent of procedures to be performed in any major agencies or functions?

5 Have you identified possible changes in the character of the Entitys activities? How have they affected your auditapproach or scope?

6 To what extent will you rely on the Entitys systems of internal accounting, administrative, and compliance controls inconducting your examinations?

7 Which techniques and approach do you plan to employ with respect to data processing systems?

8 How do you plan to collaborate with the internal audit department in your audit approach?

9 Are there any areas in which additional Entity assistance could significantly reduce the planned extent of your work?.

10 Are there changes in accounting principles or auditing standards that affected your audit approach or scope?

11 Explain how your audit would uncover any material defalcations or fraudulent financial reporting, questionablepayments, or violations of laws or regulations.

12 Which areas of the audit deserve special attention by the audit committee, and why?

13 Address issues of audit staffing such as the number of hours and experience of individuals, etc.


42/56


43/56


Exhibit 5


Questions an Audit Committee Might Ask About Assets

1 For what periods are the Entitys time deposits committed? What are the Entitys compensating balance requirements?Are deposits and investments adequately collateralized?

2 Has the Entity complied with the investment reporting and disclosures of GASB (FASB or FASAB, when applicable)accounting standards? What is the level of custodial risk category for the Entitys deposits and investments? Has theentity complied with the internal investment policy?

3 What is the average age of receivables compared to a year ago, and how is that change explained? Is the Entityfollowing an appropriate billing and collection policy? Are there large individual amounts where collectibility is inquestion? Are there receivables from governing body members, management, or other employees?

4 Are there adequate physical controls over inventory? Are inventory levels reasonable?

5 What is the composition of interfund receivables and payables? How has this changed during the year?

6 Are all interfund receivable balances current and collectible?

7 Are capital assets, including infrastructure, adequately accounted for? Has maintenance of capital assets beendeferred?

8 Are there non-operating capital assets or idle facilities? Why have they been retained?

9 Has the decision to utilize depreciation accounting or the modified approach for each infrastructure asset beenadequately explained to the audit committee?


44/56


Exhibit 6


Questions an Audit Committee Might Ask About Liabilities and Net Assets/Fund Balances

1 Has the Entity complied with financially related debt indenture covenants, or have waivers been required?

2 Are there any contingencies of a legal or other nature in which the appropriate treatment is in doubt or which mightsignificantly affect the Entitys financial position?

3 Has the Entity made any unusual commitments, such as the purchase of inventories or the acquisition or constructionof capital assets? Is the Entitys capital budgeting system adequate?

4 What is the relationship between the Entitys funding of pension plans and the accounting provisions charged againstoperations? Has the Entity obtained an actuarial valuation of the pension plan? What were the results and what weresignificant changes since the prior actuarial valuation?

5 Are vendors paid on time?

6 What is the composition and basis for estimating the Entitys judgments and claims liability? How has it changed fromprior periods?

7 Does the entity have postemployment benefits not reported in the financial statements?

8 What is the nature of the Entitys restricted, unrestricted, and/or net assets invested in capital, net of related debt?

9 What funds report deficits, and are management plans to eliminate those deficits adequate?


45/56


Exhibit 7


Questions an Audit Committee Might Ask About Revenues and Expenses/Expenditures

1 Were there any changes in the current year in the basis or method of accounting for revenue or expenses/ expenditures?

2 Were there any significant changes in the trend or pattern of revenue and expenses/expenditures?

3 Were there any significant variations from the budget or from prior period results in revenue or expenses/ expenditures?

4 Are receipts deposited timely?

5 Are revenues and expenses/expenditures accounted for in the appropriate fund?

6 Were all interfund transactions properly authorized?


46/56


Exhibit 8


Questions an Audit Committee Might Ask About Audit Results

1 Did management attempt to or actually

AuditCommitteeResourceGuide.pdf

Documents

Transcript of AuditCommitteeResourceGuide.pdf