A-9: Audit Committee Effectiveness Renée W. Jaenicke, CPA, CIA Renown Health 2011 AHIA Annual Conference www.ahia.org
Renown Health and Internal Audit Our Journey Sources and Presentations Please ask questions at any time. Please use your further information requested handout for areas we will be unable to cover during today s presentation. What we will cover 2011 AHIA Annual Conference www.ahia.org
2 acute care facilities (884 licensed beds) 1 inpatient rehab (62 licensed beds) 1 skilled nursing facility 6 Urgent Care locations 16 Medical Group locations 6 Outpatient Imaging Centers 10 lab draw locations Various joint ventures and specialties Institutes for neuroscience, chest pain, heart and vascular, robotic surgery, cancer Children s hospital Renown Health Locations
Internal Audit Department - Use of Productive Time 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% < FY 2009 FY 2009 FY 2010 FY 2011 FY 2012 (budgeted) Financial Operational Consulting Fraud IT
s Annual reports Policies and procedures Intranet site Approved risk-based internal audit plan CAAT Monthly follow-up Engagement and governance surveys Risk management by audit and leader education Compliance program effectiveness Fraud policies and reporting form Fraud risk management leader education Audit Committee reporting Internal Audit Department Accomplishments to Date
Audit reports Consulting projects Executive sessions Off-site CAE meeting Education presentations to the Audit Committee Internal audit overview Charge capture program Effectiveness Audit Committee Then and Now
Internal Audit charter: Keep the Audit Committee informed of emerging trends and successful practices in internal auditing. Audit Committee Charter Our mandate: Provide education to the Audit Committee that will help them fulfill their responsibilities. Our approach: Research leading practices based on Audit Committee Charter. Audit Committee Education Presentations
American Institute of Certified Public Accountants (AICPA), Audit Committee Self Evaluation, December 2009. AICPA, Audit Committee Toolkit for Not-for-Profit Organizations, 2010 AICPA, Management Override of Internal Controls, The Audit Committee Oversight of Financial Reporting, 2005 AICPA, AU Section 316, Consideration of Fraud in a Financial Statement Audit, 2002. Blue Ribbon Committee of the NYSE, Improving the Effectiveness of Corporate Audit Committees, 1999 Deloitte, Audit Committee Brief, July 2009 Sources Used
Institute of Internal Auditor (IIA), Institute of Internal Auditors Professional Practices Framework 2010 IIA Audit Executive Center, Knowledge Report: Audit Committee Trends and Activities, November 2009 IIA Research Foundation, Audit Committee Effectiveness What Works Best, 2005 IIA Research Foundation, Characteristics of an Internal Audit Activity, 2010 KPMG Audit Committee Institute, The Audit Committee Journey, 2010 John F. Morrow and Joan Pastor, Eight Habits of Highly Effective Audit Committees, Journal of Accountancy, September 2007 United States Congress, Sarbanes Oxley Act, Sections 201, 202, 204, 301, 302, and 406 Sources Used
Audit Committee Charter brought into alignment with Board of Directors Bylaws and Compliance Committee charter Added verbiage in Audit Committee Charter about informing Audit Committee should Management seek a second opinion on financial statements Semi-annual (formerly annual) meetings with external auditors IT Auditing Private sessions with CAE on each agenda Audit Committee receives external audit engagement letter CAE provided list of questions to ask external auditor Upcoming: Audit Committee event matrix (handout) More will be considered Results to Date
Quarter 1st Composition Meetings Topics Covered 2nd 3rd 4th Next Year Financial Statements External Audit Internal Control Internal Audit Compliance Reporting Responsibilities Other Responsibilities Audit Committee Event Matrix Audit Committee Charter
Each member serves for one year. Leading Practice Consider both continuity and desirability for a fresh perspective Staggered terms of service Defined in charter Charter Each member will be independent and financially literate. Leading Practice Financial literacy required by National Association of Securities Dealers NYSE Rules on independence available Composition
At least one member will be designated as the financial expert. Leading Practice Financial expertise of one member required by SEC. Definition available. Some boards require > 1 due to potential liability of financial expert. Other Leading Practices Written qualifications for Audit Committee members, including core competencies and critical success factors List of Audit Committee Member attributes available Steps potential committee members are taking before accepting appointment are available. Composition
Meet as needed Leading Practice Four times/year Special meetings as needed Additional meetings via telephone or videoconferencing Meetings
Other Leading Practices Agenda Annual calendar with topics for each meeting Schedule meeting topics based on responsibilities in charter Agenda finalized by chair in advance of meeting, in collaboration with management. Member monitors events reported in the media for issues of concern and asks management to find someone to address the issue at the meeting. Timed agenda. Meetings
Other Leading Practices Materials Briefing materials supplied in advance of meetings with enough time for each member to review and note questions. At least a week prior to meeting Audit Committee to determine level of detail One Audit Committee stated if a document is > 3 pages long, provide a summary. Identify whether materials are for information, advice, or approval. Meetings
Other Leading Practices Participants Internal Audit and External Audit every meeting CEO every meeting or on call Operations management whose departments have significant risks or who have not addressed outstanding action plans Other members of the Board as their time allows Other Leading Practices Private Sessions Part of agenda at each meeting Meetings with Internal Audit External Audit Financial Management Others (CEO, CIO, Compliance Officer, Risk Officer) List of questions to ask is available Meetings
Other Leading Practices Audit Chair Pre-meetings with Internal Audit, External Audit, and Financial Management Other Leading Practices Minutes High level summary of meeting discussions Ensure follow-up actions identified are addressed. Summarize key decisions, actions to be taken, who will perform them, and by when. Meetings
Review significant accounting and reporting issues, including complex or unusual transactions and highly judgmental areas, and recent professional and regulatory pronouncements, and understand their impact on the financial statements. Leading Practices Areas communicated by external audit annually New and upcoming standards and how they impact financial statements Management s degree of aggressiveness or conservatism. Areas involving estimates Discuss reasons for significant period-to-period changes in accounts Understand how Management defines materiality. Considerations available. Financial Statements
Review with Management and the external auditors the results of the external audit, including any difficulties encountered. Leading Practices These are required communications from the external auditors and are presented to the Audit Committee annually. Financial Statements
Review the annual financial statements and consider whether they are complete, consistent with information known to Committee members, and reflect appropriate accounting principles. Leading Practices Brainstorm to identify fraud risks and inquire of Management and external audit how these risks are mitigated. Specifically inquire of Management and external auditors how unique transactions and financial relationships are reported Understand reasons for changes to accounting policy. Questions available. Financial Statements
Review with Management and the external auditors all matters required to be communicated to the Committee under Generally Accepted Auditing Standards. Leading Practices Required communications per Generally Accepted Auditing Standards were included in the last report from external auditors. Financial Statements
Understand how Management develops interim financial information, and the nature and extent of internal and external auditor involvement. Leading Practices Determine level of inquiry to apply based on reporting requirements. (No current requirements to provide interim financial statements to regulatory agencies.) Financial Statements
Review and approve the external auditors proposed scope and approach, including any subsequent changes thereto and coordination of audit effort with internal audit. Leading Practices Review engagement letter. Tool is available. Questions to ask about audit approach and scope are available. External Audit
Review the performance of the external auditors and recommend to the Board of Directors approval of the appointment or discharge of the external audit firm. Leading Practices Chair meets with lead partner quarterly to discuss status and issues Factors to consider when selecting or reappointing are available. All were considered in RFP. Meet privately with CFO (97%), Chief Audit Executive (84%), CEO, and CAE to discuss external auditor performance. List of questions to use for evaluation is available. External Audit
Review and confirm the independence of external auditors by obtaining statements from the auditors on relationships between the auditors and Renown and its related entities, including non-audit services, and discuss these relationships with the external auditors. Leading Practices Pre-approve all audit and non-audit services provided by external auditors, ensuring compliance with Sarbanes Oxley, Sections 201 and 202. External auditor communicates independence annually. External Audit
Meet separately with external auditors to discuss any matters that the Committee or external auditors should be discussed privately. Leading Practices List of suggested questions available. External Audit
Review the external auditor Management letter, which suggests areas of improvement to the accounting and financial reporting practices and internal accounting controls, and Management s responses thereto. Leading Practices Discuss with Management its remediation plan and ensures completion if significant deficiencies are identified. Other Leading Practices Charter includes the responsibility to be familiar with situations in which management seeks a second opinion on significant accounting or auditing issues and assesses results. External Audit
Review Management s evaluation of the adequacy of the organization s internal control structure and the extent to which significant recommendations made by external and internal auditors have been implemented. Leading Practices Review and understand the framework used to evaluate internal control and the extent and results of Management s evaluation of the internal control structure. Review and understand external audit Management Letter comments and responses. Internal Control
Review Management s evaluation of the adequacy of the organization s internal control structure and the extent to which significant recommendations made by external and internal auditors have been implemented. Leading Practices (continued) Review and understand outstanding internal audit recommendations Meet with individuals who have not implemented corrective actions from significant audit issues. Internal Control
Consider the effectiveness of the company s internal control system, including information resources security and control. Leading Practices Define scope of oversight. Internal Control Framework defines three areas Effectiveness and efficiency of operations Internal Audit Reliability of financial reporting External Audit Compliance with applicable laws and regulations Compliance, Quality, Safety, HR, and more Internal Control
Consider the effectiveness of the company s internal control system, including information resources security and control. Leading Practices (continued) Meet periodically with individuals responsible for internal control in various areas throughout the organization. Understand areas of greatest risk and mitigation plans. Become informed of threats, incidents, vulnerabilities exploited, and corrective measures. Define level and timing of involvement based on severity of issue. Internal Control
Understand and approve the scope of internal and external auditors review of internal control over financial reporting, and obtain reports with significant issues and recommendations, along with Management s responses. Leading Practices Review and approve external audit scope and approach. Review and understand external audit Management Letter comments and responses. Internal Control
Review with Management and the Director of Internal Audit the charter, activities, staffing, and organizational structure of the internal audit function. Leading Practices 81% of privately held organizations reviewed the above. Review each item listed above on an annual basis. Ensures Internal Audit reports to a senior position that allows it to retain its objectivity. Checklist for evaluation of Internal Audit is available. Internal Audit
In consultation with Management and the Director of Internal Audit, review and approve the annual audit plan and significant changes to the plan. Leading Practices Ensure plan covers key areas such as IT, compliance with laws and regulations, risk of fraud, specialized businesses, and major geographical areas. Enquire about the degree of coordination with external audit. Evaluate and concur with Internal Audit involvement with special projects requested by Management. Internal Audit
Ensure there are no unjustified restrictions or limitations, and review and concur in the appointment, replacement, or dismissal of the Director of Internal Audit. Leading Practices Candidate interview questions available (hopefully you won t need to use them). Periodically review Chief Audit Executive job description. 83% of Audit Committees surveyed review Internal Audit Department budget annually and concur on Chief Audit Executive compensation. Internal Audit
In consultation with Management, review the effectiveness of the internal audit functions, including compliance with the Institute of Internal Auditors International Standards for the Professional Practice of Internal Auditing Leading Practices Annual reporting to the Audit Committee. Quality Assurance Review every five years (required by Institute of Internal Auditors Professional Practice Framework). Internal Audit
On a regular basis, meet separately with the Director of Internal Audit to discuss any matters that the Committee or internal audit believes should be discussed privately. Leading Practice Quarterly private meetings. Establish clear protocol for immediate reporting to Audit Committee. Internal Audit
Risk Management Understand and define its oversight role in the organization s risk management efforts. Strategic Plan Risk identification at various levels of the organization Other Leading Practices
Review the effectiveness of the system for monitoring compliance with laws and regulations and the results of Management s investigation and follow-up (including disciplinary action) of any instance of non-compliance. Leading Practices 82% of Audit Committees surveyed had compliance responsibilities. Approve or review policies and procedures established by Compliance Officer. Internal Audit performs Compliance Program Effectiveness review annually. Compliance
Review the findings of any examinations by regulatory agencies. Leading Practices Recommend defining which regulatory agencies, timing, and extent of review. Suggestions available. Compliance
Review the process for communicating the Code of Conduct to company personnel, and for monitoring compliance therewith. Leading Practices Compliance Hotline allows for complaints from both inside outside the organization and this is communicated on intranet and public web site. Receive information on hotline calls and timely disposition. Sample log available. Sarbanes Oxley section 406 requires an additional code of ethics for senior financial officers. Compliance
Obtain regular updates from Management and company legal counsel regarding compliance matters. Leading Practices 87% of Audit Committees surveyed receive: A copy of the company s key compliance requirements and who is responsible for each. Nature of the violations that arise and concerns reported to hotlines. Define level and timing of involvement based on severity of offense. Considering alignment with Compliance Committee charter. Compliance
Meet in executive session with the Compliance Officer to discuss any matters that the Committee or the Compliance Officer believes should be privately discussed. Leading Practices Suggested questions available. Considering alignment with Compliance Committee charter. Compliance
Regularly report to the Board of Directors about Committee activities, issues, and related recommendations. Provide an open avenue of communication between internal audit, external audit, and the Board of Directors. Review from any other reports of Renown and its related entities, issues that relate to Audit Committee responsibilities. Leading Practices Generally addressed by: Audit Committee report to the board. Internal and external audit attendance at meetings. Considering clarifying requirement to review from other reports. Reporting Responsibilities
Oversee special investigations as needed. Leading Practice Both oversee and agree upon hiring independent counsel or other advisors if needed for special investigations. Generally relates to Accounting issues. Updated charter requires Audit Committee to be informed. Leading practice is that Audit Committee hires. Develop crisis management plan for formal investigations. Considerations available. Reporting Responsibilities
Review and assess the adequacy of the Audit Committee Charter annually, requesting Board approval for proposed changes. Confirm annually that all responsibilities outlined in this Charter have been carried out. Leading Practice Audit Committee Event Matrix to address. Other Responsibilities
Evaluate the Committee s and the individual member s performance on a regular basis. Perform other activities related to this charter as requested by the Board of Directors. Leading Practice Audit Committee specific self-assessment tools available. Other Responsibilities
Training Initial and ongoing education to include: Board and Audit Committee orientation. Receive electronic newsletters from the organization. Attend leadership meetings and management training. Regular updates from Management on areas of Audit Committee interest, scheduled in advance, based on areas of interest requested in annual committee member evaluation or as requested throughout the year. Topic suggestions available. Other Leading Practices
Understanding Fraud Risks Understand types of fraud, who monitors, and determine extent of reporting to review. Evaluate implementation of response to fraud risks. Educational Materials available. Other Leading Practices
? RJaenicke@Renown.org
Save the Date: August 26-29, 2012 31 st Annual Conference in Philadelphia Pennsylvania 2011 AHIA Annual Conference - www.ahia.org