the audit committee oversight process

The Audit Committee Oversight Process*

MARK S. BEASLEY, North Carolina State University

JOSEPH V. CARCELLO, University of Tennessee

DANA R. HERMANSON, Kennesaw State University

TERRY L. NEAL, University of Tennessee

1. IntroductionNo one really understands how limited an audit committee is in its work. Inbig companies it is virtually impossible to know what is going on without rely-ing on management, the internal auditor, and the external auditor.

NYSE audit committee chair

Audit committees are increasingly responsible for the quality of financial reportingand oversight of the audit processes in U.S. public companies (e.g., Blue RibbonCommittee [BRC] 1999; New York Stock Exchange [NYSE] 2004; Sarbanes-Oxley Act [SOX] 2002), but as noted in the quote above, it is often challenging toprovide effective oversight, especially in large, complex organizations. The intensefocus on greater audit committee responsibility has led to a number of studies onaudit committee performance (for reviews of the academic literature on audit com-mittees, see Cohen, Krishnamoorthy, and Wright 2004; DeZoort, Hermanson,Archambeault, and Reed 2002; and Turley and Zaman 2004). Much of this

Contemporary Accounting Research Vol. 26 No. 1 (Spring 2009) pp. 65–122 © CAAA

doi:10.1506/car.26.1.3

* Accepted by Michel Magnan. An earlier version of this paper was presented at the 2007 Contem-porary Accounting Research Conference, generously supported by the Canadian Institute ofChartered Accountants. We thank Peter Gleason, Chuck ReCorr, and Hal Shear from theNational Association of Corporate Directors, Ellen Richstone from Financial Executives Interna-tional, Warren Neel from the University of Tennessee’s Corporate Governance Center, and ChrisRossie and Patrick Taylor from Oversight Systems, Inc. for their help in arranging many of ourinterviews. In addition, we appreciate suggestions on the paper and/or interview design fromLarry Abbott, Joe Brazel, Rich Clune, Jeff Cohen, Todd DeZoort, Yves Gendron, Rich Houston,Lisa Koonce, Paul Lapides, Michel Magnan (editor), John McAllister, John Olson, Gary Peters,Steve Salterio, Hal Shear, James Tompkins, Arnie Wright, two anonymous reviewers, and partici-pants at the 2007 Contemporary Accounting Research Conference. We also thank Doug Car-michael, Tom Ray, and other members of the Office of the Chief Auditor at the Public CompanyAccounting Oversight Board for their feedback on the interview questions. We thank Scott Bron-son, Jon Hansen, Katherine Hansen, Beverly Hudler, Shelly Kane, Stacy Mastrolia, FredMuchunu, Hazel Ryon, and Beth Swang for their assistance in transcribing, tabulating, and cod-ing the interview data. Finally, we thank KPMG’s Audit Committee Institute for sponsoring thisstudy, and Scott Reed and Mark Terrell of KPMG for their unwavering support and encourage-ment during the process. Most of all, we thank the audit committee members who were extremelygenerous with their time in talking with us.

66 Contemporary Accounting Research

research examines the relation between audit committee inputs (e.g., characteris-tics such as audit committee member independence, expertise, and diligence) andfinancial reporting outputs (e.g., restatements, fraud, and auditor going-concernreporting).

Although audit committee inputs and their relation to various outputs areimportant, the extant literature largely fails to examine the process used by auditcommittees as a whole or by individual audit committee members when fulfillingtheir oversight responsibilities (Cohen et al. 2004; Gendron, Bédard, and Gosselin2004; Turley and Zaman 2004, 2007). Turley and Zaman (2004, 324) state, “Whilethere is some evidence of a correlation between financial reporting characteristicsand governance arrangements, further research is needed to establish issues relatingto the processes and impact unique to [audit committees].” The authors specificallycall for audit committee research using the interview method to better understandaudit committees’ activities. Cooper and Morgan (2008) note that case studyapproaches are especially well suited to examining complex behavioral processesand addressing questions of how and why, and Ahrens and Chapman (2006) discussthe potential for qualitative research to contribute to theory. Through interviews ofaudit committee members, our study directly responds to such calls for qualitativeaudit committee research and offers the advantage of gathering more detailedinformation than typically is collected in quantitative research (Patton 1990).

To enhance our understanding of audit committee oversight, this paper pro-vides extensive information about the audit committee process obtained throughin-depth interviews of 42 individuals actively serving on U.S. public companyaudit committees. Our evaluation of the interview results is framed in part by thetension between the agency theory (e.g., Fama and Jensen 1983; Jensen and Meck-ling 1976) view of the audit committee as an independent monitor of managementversus the institutional theory view that audit committees may often be primarilyceremonial in nature, with a focus on providing symbolic legitimacy but not neces-sarily vigilant monitoring (Cohen, Krishnamoorthy, and Wright 2007b; Spira2002). This study addresses these often competing theories by examining the ques-tion “Do audit committees appear to provide substantive oversight of financialreporting, or do they appear to be primarily ceremonial bodies designed to createlegitimacy?”

We find that many audit committee members strive to provide effective monitor-ing of financial reporting and seek to avoid serving on ceremonial audit committees.However, within six specific audit committee process areas we find evidence ofboth substantive monitoring and ceremonial action, such that neither agency theorynor institutional theory fully explains our results. We also find that many responsesvary with personal and company characteristics, with particularly notable differ-ences related to audit committee members’ accounting expertise and time ofappointment to the audit committee (pre-SOX versus post-SOX).

This paper is organized as follows. The next section provides backgroundinformation and the motivation for the present study. We describe our researchmethod in section 3. Section 4 presents our overall findings, and section 5 describesthe supplemental analyses. In section 6 we provide discussion and conclusions.

CAR Vol. 26 No. 1 (Spring 2009)

The Audit Committee Oversight Process 67

2. Background and motivation

The role of the audit committee

The Sarbanes-Oxley Act (SOX 2002, section 2) defines an audit committee as “acommittee (or equivalent body) established by and amongst the board of directorsof an issuer for the purpose of overseeing the accounting and financial reportingprocesses of the issuer and audits of the financial statements of the issuer”. A com-petent, committed, independent, and tough-minded audit committee has beendescribed as “one of the most reliable guardians of the public interest” (Levitt2000, 5).

Expectations related to audit committees continued to expand throughout the1990s and early 2000s as financial reporting scandals unfolded. Many believethose expectations have sky-rocketed as a result of SOX 2002 and through subse-quent changes in audit committee regulations (e.g., NYSE 2004). KPMG’s AuditCommittee Institute (2003a, 2) states:

Today, as never before, the role, responsibility, and accountability of the auditcommittee continue to be the focus of lawmakers, regulators, and shareholders.The audit committee’s role in overseeing a company’s financial reporting pro-cess, including the audits (and auditors) of the financial statements, is morevisible and demanding.

The importance of process: The Hollinger case

Because we seek to provide insight into the audit committee process, an importantquestion is, “Does the audit committee process truly matter?” We believe that therecent corporate governance disaster at Hollinger International Inc. provides com-pelling anecdotal support for the importance of the audit committee process.Hollinger’s audit committee had three financially literate members, each with signif-icant public company director experience and impressive professional credentials.The members included a former governor/law firm chairman, a former ambassador/investment banking and consulting firm chairman, and a senior fellow of an institute.According to recent trial testimony (United States v. Conrad Black, John Boultbee,Peter Atkinson, and Mark Kipnis [Hollinger case] 2007), each of the audit committeemembers was considered “independent”, and the audit committee met several timeseach year (typically at least four times in person, with additional meetings by phone).

Despite the impressive audit committee membership and meeting schedule, trialtestimony (Hollinger case) and the Hollinger board’s special investigation report(Paris, Savage, and Seitz [Paris report] 2004) reveal apparent deficiencies in the auditcommittee’s oversight process. These deficiencies allowed key executives to “linetheir pockets at the expense of Hollinger almost every day, in almost every way theycould devise” (Paris report 2004, 2). The Paris report (2004, 4) asserts that two keyexecutives stole essentially all of the company’s profits over a seven-year period.

The trial testimony and the Paris report reveal numerous apparent concernsregarding the audit committee process that are relevant to certain audit committeeprocess areas examined in the present study (see section 3, “Method”):



1. Acceptance and continuance of due diligence processes: According to trial tes-timony, the Hollinger chief executive officer (CEO) “bumped into” an individualhe knew on a New York City street and invited him to the join the Hollingerboard. That person joined the board and audit committee. As part of the subse-quent Hollinger trial, that audit committee member testified that before joiningthe board, he did “not really” receive any information about what his boardduties would entail. The Paris report (2004, 28) asserts that the board wasselected by the CEO and “functioned more like a social club or public policyassociation”.

2. Selection of audit committee nominees: According to trial testimony, althoughall three audit committee members were financially literate, no committeemember was considered to be an audit committee financial expert.

3. Audit committee meeting processes: According to trial testimony, (a) in oneinstance, the portion of an audit committee meeting devoted to complexrelated-party transactions lasted for only a few minutes, and the committeemembers had no comments or questions whatsoever; (b) audit committee meet-ing agendas were not always prepared, and if they were, they were prepared bya member of management; (c) one audit committee member testified that thecommittee did not always receive materials before an audit committee meet-ing; and (d) the audit committee relied on management to bring related partytransactions to the committee’s attention. The audit committee chair reliedheavily on management, testifying that he relied “on the members of manage-ment who dealt with the Audit Committee to advise us of anything that shouldbe brought to our attention” (Thompson testimony, May 1, 2007, 30). Anothermember testified, “we would really rely to a great deal on management in dis-cussing [public filings] with management to point out important elements ofthose disclosures to us” (Burt testimony, April 24, 2007, 9). The audit commit-tee chair testified that he reviewed draft financial filings by “skimming” themand admitted that he should have read the filings. Similarly, the Paris report(2004, 14–5) asserts that the audit committee approved management fees with-out understanding the effect on top executives’ compensation, yet the auditcommittee failed to demand the information necessary to evaluate the situation.The audit committee failed to ask questions, failed to be skeptical, and failedto gather independent information (Paris report 2004, 33–4).

4. Audit committee oversight of the financial reporting process: The audit com-mittee chair testified that he “trusted” management. Another member testified,“It never occurred to me to check [the truthfulness of management’s state-ments] … I always assumed … that management was giving us a full andcomplete description of the affairs of the company” (Burt testimony, April 24,2007, 10). The Paris report (2004, 36) asserts that the audit committee put toomuch faith in management’s integrity and did not “Trust, but verify”. The auditcommittee continued to rely on management’s assertions even after there wasevidence of questionable management integrity (Paris report 2004, 505).



On the basis of the information above, it appears that the Hollinger audit com-mittee, despite its impressive membership and meeting schedule, had a deficientprocess in place. Specifically, there are fundamental concerns with the selection ofaudit committee members (the role of the CEO, the lack of accounting expertise),the audit committee meeting process (time spent on important issues, agenda set-ting, information flow, reliance on management, and review of information), andthe propensity to trust management. We believe that such process characteristicscan contribute to corporate disasters, and each of these process elements isaddressed in our interviews with audit committee members.

Theoretical foundations

There are several, often competing but sometimes complementary, theories withregard to corporate governance and audit committees (e.g., Cohen, Krishnamoor-thy, and Wright 2002, 2007b; Kalbers and Fogarty 1998). The finance (agency)view (e.g., Fama and Jensen 1983; Jensen and Meckling 1976) holds that the boardand audit committee are in place to monitor management, who otherwise may actin their personal best interest and not in the interests of the principal (e.g., share-holders). Thus, the board and audit committee’s independent members monitormanagement to prevent opportunistic behavior by management. This perspective isthe predominant view of the role of corporate governance in the academic account-ing literature.

Alternatively, an institutional theory (e.g., Scott 1987) view of governance inthe academic accounting literature considers changes in organizational processesover time (Cohen et al. 2002, 2007b) and how governance structures “fulfill ritual-istic roles that help legitimize the interactions among the various actors within thecorporate governance mosaic” (Cohen et al. 2007b, 11). Under this view of gover-nance, audit committee processes may become more similar over time (Barretoand Baden-Fuller 2006; Dacin 1997; DiMaggio and Powell 1983), as organizationsare coerced to become similar through regulation (such as SOX), by following“best practices”, or by mimicking other organizations to enhance their legitimacy(Cohen et al. 2007b).

Kalbers and Fogarty (1998, 131) state that under this view, “organizationalstructures … become symbolic displays of conformity and social accountability”(also see Spira 1999 and DiMaggio and Powell 1983). In other words, some gover-nance activities and structures may be primarily driven by a desire to fosterlegitimacy; therefore, the activities and structures are primarily ceremonial andserve as symbols of effective oversight. Cohen et al. (2007b) note that the auditorbears great responsibility for reliable financial reporting when the audit commit-tee’s role is primarily ceremonial, although the committee’s symbolic efforts canlead to effective questioning of management.

Ceremonial efforts may not be closely related to how a given task is actuallyaccomplished (e.g., to the extent that true monitoring and oversight take place,these activities may not occur during the ceremonial meetings) — that is, there isonly a “loose coupling” between the ceremonial actions and claims of audit com-mittee effectiveness (see Fogarty and Rogers 2005). Scheid-Cook (1990, 189)



states, “Loose coupling in organizations implies that structure and process areloosely connected with organizational goals.” Scheid-Cook (1990, 190) also statesin her study of ritual conformity in community mental health centers, “any controlsover the output of [community mental health centers] that do exist are largely ritual.That is, existing output controls serve to legitimate the [community mental healthcenter’s] use of [outpatient commitment], but have little or no bearing on organiza-tional effectiveness.” In other words, the formal control structures of the commun-ity mental health center are only loosely coupled with its technical activities.Returning to the audit committee setting, under the institutional theory view, auditcommittee activities may be only loosely coupled with claims of audit committeeeffectiveness, such that the formal audit committee activities are primarilyceremonial/ritualistic and designed to create legitimacy outside the organization.

A third view of governance, resource dependence, asserts that the board’sprimary role is to assist management with strategy and resource acquisition(Cohen et al. 2007b; Nicholson and Kiel 2007). The board’s role is that of helper orpartner, rather than monitor of management. Cohen, Krishnamoorthy, and Wright(2007c) find that auditors consider both traditional agency variables and resourcedependence variables when evaluating corporate governance for the purpose ofaudit planning.

Fourth, stewardship theory presumes that managers are honest, capable stew-ards of the company’s resources (Nicholson and Kiel 2007). Accordingly, the focusis on inside directors’ ability to promote shareholder value through their superiorknowledge of the company.

Finally, the managerial hegemony theory asserts that management simplychooses friends to serve as passive directors who derive all of their informationfrom management (Cohen et al. 2007b). The board then becomes purely symbolicand consistently supportive of management, even when the members appear to beindependent directors. Under such a view, the audit committee is completely undermanagement’s control and offers virtually no monitoring at all.

To summarize, agency theory emphasizes directors as independent, vigilantmonitors of management; institutional theory emphasizes the symbolic/ceremonialrole of governance structures where legitimacy is paramount and formal processesare only loosely coupled with true monitoring; resource dependence theory focuseson the board’s efforts to assist management with strategy and resources; steward-ship theory presumes that managers are honest; and managerial hegemony assertsthat the audit committee will be weak and under management’s control. Consistentwith Kalbers and Fogarty 1998, of primary interest as we consider the interviewresults below, are agency theory (the audit committee as a strong, substantive, activemonitor) and institutional theory (the audit committee as a ceremonial entity withless substantive monitoring). Given the nature of the audit committee’s oversightrole (SOX 2002), we expect the audit committee to be most heavily focused onactual monitoring (agency theory) or on creating legitimacy by engaging in appro-priate ceremony and ritual (institutional theory, Spira 2002).1



Research on audit committees

Much of the research on audit committees examines the relation between auditcommittee inputs (e.g., independence, expertise, or diligence) and financial report-ing outputs (e.g., abnormal accruals) (Klein 2002; Bédard, Chtourou, and Courteau2004); restatements (Abbott, Parker, and Peters 2004; Agrawal and Chadha 2005);fraudulent financial reporting (Beasley, Carcello, Hermanson, and Lapides 2000);going-concern reports (Carcello and Neal 2000); auditor changes (Carcello andNeal 2003); and stock price reaction (DeFond, Hann, and Hu 2005)). These studiesgenerally find that a more independent, expert, and diligent audit committee isassociated with higher quality financial reporting and auditing. However, becausethese studies examine publicly available measures of audit committee inputs(mainly through corporate proxy statements) and outputs (available in publishedfinancial statements, Securities and Exchange Commission [SEC] filings andenforcement actions, or quoted stock prices), the process by which the audit com-mittee contributes to improvements in financial reporting and auditing has beenlargely unexamined.

To the best of our knowledge, the only studies that examine audit committeeprocesses for overseeing financial reporting are Gendron et al. 2004; Gendron andBédard 2006; Spira 1999, 2002; Turley and Zaman 2007; and Cohen, Krishna-moorthy, and Wright 2002, 2007a. Gendron et al. (2004) examine the activities inaudit committee meetings for three Canadian public companies by interviewingnine audit committee members and 13 other individuals in 2000 and 2001 (e.g.,CEO, chief financial officer [CFO], internal auditor, external auditor). They findthat audit committee members place significant attention during their meetings onfinancial statement accuracy and appropriate wording, internal controls, and auditquality. They also conclude that a key role of the audit committee is to ask chal-lenging questions of management and auditors.

Gendron and Bédard (2006) explore the process by which audit committeemembers develop a definition of “audit committee effectiveness”. The authors sup-plement the data from Gendron et al. 2004 with interviews of three audit committeechairs in 2004. Gendron and Bédard (2006) find that audit committee members’notions of effectiveness come from their reflecting on audit committee processesand results, with variation across individuals in the definition of effectiveness andin the confidence that effectiveness is being achieved in a certain area. The authorsalso find that post-SOX, the “chairpersons’ sense of audit committee effectivenesswas not fundamentally fractured” (2006, 235).

Spira (1999, 2002) interviews 21 individuals, including audit committeechairs, finance directors, and auditors, in the United Kingdom during 1994–96.She focuses particular attention on the ceremonial nature of audit committee activ-ities and on the audit committee as a seeker and provider of comfort regardingfinancial reporting. Comfort is obtained from various parties, such as the financedirector and auditors, and comfort is provided to financial statement users.

Turley and Zaman (2007) use a case study approach, interviewing nine indi-viduals at one U.K. company, including the audit committee chair, internal andexternal auditors, and management. They find that the audit committee’s greatest



impact comes through informal processes and the committee’s effect on powerrelationships among other governance participants. For example, this particularaudit committee tends not to ask difficult, probing questions during committeemeetings, but it influences governance outcomes through informal meetings withauditors and through serving as an ally to the auditors.

Cohen et al. (2002) interview 36 auditors regarding the influence of corporategovernance on the audit process, including the role played by the audit committee.They find that auditors perceive management to be “the primary driver of corporategovernance” (573). Many of the auditors view audit committees as weak and inef-fective.2 Cohen et al. (2007a) update their 2002 study by interviewing 38 auditorsin the post-SOX period. They find that auditors perceive audit committees to bemore diligent, active, expert, and powerful post-SOX.

Motivation

Spira (2002) and Turley and Zaman (2004, 2007) specifically call for additionalqualitative research on the audit committee process to increase our understandingof the linkages between audit committee inputs and outcomes, particularly thoserelated to financial reporting and internal control. Patton (1990, 14) states that rela-tive to large-sample quantitative research, “[Q]ualitative methods typically pro-duce a wealth of detailed information about a much smaller number of people andcases. This increases understanding of the cases and situations studied.”

Gendron et al. (2004), Gendron and Bédard (2006), Spira (1999, 2002), andTurley and Zaman (2007) offer important insights into the audit committee process(and Cohen et al. (2002, 2007a) examine auditor perceptions of audit committees),and many of these studies are based on pre-SOX data from Canadian or U.K. compa-nies. Our paper is based on interviews with 42 U.S. public company audit committeemembers in the post-SOX environment. DeZoort, Hermanson, and Houston (2008)indicate that certain audit committee members in the post-SOX period are moreconservative (more supportive of the auditor in auditor–management disagree-ments) and more concerned about financial reporting accuracy than in the pre-SOXperiod. In addition, Cohen et al. (2007a) find that auditors believe that audit commit-tee members are more diligent, active, expert, and powerful post-SOX. As a result,the nature of audit committee oversight may be different post-SOX than pre-SOX.

3. Method

The goal of our study is to provide detailed insights into the audit committee pro-cess. We use the interview method to gather such insights, because this methodallows us to explore issues that are difficult to examine using archival methods. Forexample, archival research provides insights into obvious threats to audit committeemember objectivity, such as those revealed by the member’s employment history.However, the interview method can reveal more subtle threats to objectivity, suchas those arising from personal friendships with management that may not be iden-tified through archival methods.

We organized our interviews around six audit committee process areas (see theappendix for the six areas and for the specific research questions). These process



areas are consistent with several elements of the KPMG Audit Committee Insti-tute’s Building a Framework for Effective Audit Committee Oversight 2003b.3 Weexplore audit committee member responses to specific questions surrounding thesix audit committee process areas. We used several sources of information todesign our questions, including (a) our prior experiences working with auditorsand audit committees, (b) the professional literature (e.g., auditing standards, SOX,SEC rules), (c) the academic literature (e.g., DeZoort et al. 2002), (d) discussionswith two sitting members of one or more public company audit committees, and(e) discussions with standard-setters and regulators.4

Following the approach used in Graham, Harvey, and Rajgopal 2005, wesolicited feedback on our interview questions from several academic researchersand current audit committee members. We pilot tested the questions and our inter-view approach on three sitting audit committee members. We modified theresearch instrument and our interview approach on the basis of feedback from ourpre-test and our pilot testing.

Our study is based on interviews with 42 individuals currently serving on at leastone public company audit committee.5 Several individuals were identified throughthe assistance of the KPMG Audit Committee Institute, the National Association ofCorporate Directors, and the Boston chapter of Financial Executives International(sometimes through emailed solicitations to their members). Others were identifiedthrough our personal and university-related contacts.6

Interviewees are located in cities across the United States. As a result, 20 ofthe interviews were conducted in person, while 22 interviews were conducted bytelephone.7 We used a standardized interview script to guide all of the interviews:this script was designed so that questions were asked in relatively short parts, thusmaking it easy to record the details of the responses. There were no differences ininterview questions for those conducted in person versus those conducted bytelephone.

In performing the interviews, we drew heavily from the approaches used byHirst and Koonce 1996 and Cohen et al. 2002. Generally, one member of ourauthor team made the inquiries and took detailed notes of responses, while a secondauthor or graduate student created a separate set of detailed notes (Nicholson andKiel 2007).8 The audit committee members were told that their responses would beheld in strict confidence. In order to encourage candid responses and to fully protectthe anonymity of the interviewees, we did not tape record the interviews (consistentwith Nicholson and Kiel 2007), nor did we record the names of the audit committeemembers or the companies they serve in our data set. We believe that these measureswere necessary to allow us access to public company audit committee members inthe immediate post-SOX period, a time of great focus on audit committees and sig-nificant concerns about audit committee member liability. All of the intervieweesprovided their informed consent. Given the specificity of many of the responses wereceived, we believe that the audit committee members were candid in theirresponses.

Despite the use of a script to guide our interviews, the interview approach wassemi-structured — that is, “when questions took us down an important path, we



pursued them before returning to the planned interview materials” (Hirst andKoonce 1996, 460). We began by collecting demographic data and then proceededwith questions related to our six process areas. Our first set of questions addresseddue diligence processes performed by individuals before they agreed to join orstand for reelection to a board, given that board and audit committee service areinterconnected. The second set of interview questions was specific to a particularaudit committee and addressed the other five areas of audit committee processexamined in this study. For this set of research questions, we generally asked theaudit committee members to base their responses on the largest public company auditcommittee on which they currently serve (and had served for at least one year).

The interviews were conducted from February 2004 through February 2005and lasted approximately 90 minutes on average, with the shortest interview being45 minutes and the longest 180 minutes. After each interview, one of the authorstranscribed (typed) our notes. The other author present at the interview checked thetranscription of the notes and compared them with the other set of notes (see Salte-rio and Denham 1997).9

We borrowed heavily from parts of Gibbins, Richardson, and Waterhouse1990 (139–40) in developing a coding scheme to categorize and summarize theinformation gathered during the interviews. We analyzed the interview transcriptsto create a vocabulary for discussing audit committee activities and processes.More specifically, we (a) selected one of the typed transcripts as the first case to beanalyzed, (b) highlighted significant words or phrases in the transcript,10 (c) sortedthe highlighted words or phrases into categories on the basis of similarity, and(d) iterated through the accumulated categories to identify more general categoriespermitting us to combine certain initially identified categories. Using this codingscheme (which was influenced by the nature of the responses we received), we devel-oped 438 unique categories that captured the audit committee members’ responses.Two different graduate students assigned the audit committee members’ responses tothese categories, each working independently. The mean intercoder agreement forthese 438 items is 94 percent, and the mean Kappa statistic is 0.78 (p � 0.01).11

4. Findings

Table 1 presents background information on the interviewees, who have extensivefinancial and public company audit committee (AC) experience. The intervieweesserve on audit committees across a broad range of company sizes (median revenuesare $1.5 billion) and industries.12

To provide an initial overview of the results, Table 2 presents information onthe range of responses within each of the six process areas. Within each of theareas, we find responses reflecting activities that range from substantive, meaning-ful oversight to less substantive, ceremonial action that is only loosely coupledwith claims of audit committee effectiveness.

The remainder of this section provides detailed analyses of audit committeeresponses to our interview questions related to the six key audit committee processareas. The amount of data we obtained through these interviews is quite extensive.As a result, we describe key findings related to each of the six process areas, and



we encourage readers to carefully examine the tables. Where possible, we supple-ment the results with insights from individual audit committee members, relate ourfindings to previous research, and assess whether the results are consistent withagency theory (substantive audit committee monitoring) or institutional theory (theaudit committee as a ceremonial entity whose activities are loosely coupled withclaims of audit committee effectiveness).

TABLE 1Background information on interviewees*

GenderMale 31 74Female 11 26

Professional certificationCertified public accountant 15 36

Professional experience in finance or accountingChief financial officer 19 45Public accounting experience 19 45General management 8 19Accounting professor 4 10Controller 4 10Regulator 4 10

Age 58.5 48 73

Cumulative governance experienceYears of corporate audit committee experience 8.2 1 20Corporate audit committees served in career 3.2 1 9

Current service on public company auditcommittees (ACs)

Number of public company audit committeesnow served 1.8 1 5

Number of audit committees where they are afinancial expert 1.5 0 5

Number of audit committees where they arethe chair 1.1 0 4

Number of years serving as the AC chair(n � 27) 4.4 1 18

Revenues (in millions) of audit committeecompany (n � 41) $6,688 $15 $130,000

(The table is continued on the next page.)

Panel A: Percentages n Percent

Panel B: Means Mean Minimum Maximum



AC process area 1: Acceptance and continuance due diligence processes

Given the legal risk (Veasey 2005) and reputational risk (Srinivasan 2005) faced byboard and audit committee members in the current environment, we examine duediligence processes performed by potential audit committee members in evaluatingtheir decision to serve on a board. As shown in panel A of Table 3, we find thataudit committee members generally perform significant due diligence beforeaccepting a board / audit committee position. Audit committee members oftenreview documents, conduct interviews, and carefully assess management integrityand their personal comfort level:13

Always do some form of due diligence. I first want to determine if I have theknowledge necessary to serve on that particular company’s board (e.g., indus-try) and whether I have the capacity (time) to be able to serve effectively.Often my involvement starts because of some relationship I have with a largeinvestor or senior executive — that is often what initiates contact with me. Iwant to be knowledgeable about senior management — want to know whothey are and what they are like. I want to gain some sense of management’sethical makeup. I also examine recent public filings of the company and talk toone or two other directors currently serving — to gain a sense for the companyand management style as well as how the board actually operates. I also try totalk with large investors.

NASDAQ audit committee chair

I am constantly going through the due diligence process — every meeting, filing,and transaction is a learning process. I ask: (1) Is this a company that I want tobe associated with?, (2) Am I adding value and serving the shareholders well?and (3) Do I want to continue my association with this company?


TABLE 1 (Continued)

Packaging, logistics, and transportation 6Retail 6Technology 6Financial services 4Media and telecommunications 4Health care 3Manufacturing 3Other 10Total 42

Note:* The statistics in this table are based on the full group of 42 interviewees, unless

otherwise noted.

Panel C: Industry distribution n



These perspectives are consistent with Spira’s 2002 (156) notion of audit com-mittee members’ “continuing preoccupation with the provision and maintenance ofcomfort”. In addition, regarding integrity, a NYSE audit committee member toldus that a prospective board member “better have faith in management’s integrity,especially that of the CEO. Otherwise, the liability risk is just too great.”

TABLE 2Summary of substantive versus ceremonial activities

Process area 1: Acceptance and continuance due diligence processes• Substantive: extensive due diligence before joining the board and audit committee• Ceremonial (5%*): very little due diligence before joining the board and audit

committee

Process area 2: Selection of audit committee nominees• Substantive: chosen for audit committee due to accounting expertise and belief that

person would be outspoken• Ceremonial (19%): chosen for board/audit committee due to personal relationship

with management

Process area 3: Audit committee meeting processes• Substantive: risk-driven agendas set by audit committee chair, heavy audit committee

involvement in information packet development, information packet received well in advance of each meeting, frequent interaction between meetings

• Ceremonial (43%): agendas driven by management, little audit committee involvement in information packet development, information packet received just prior to each meeting, little interaction between meetings

Process area 4: Audit committee oversight of the financial reporting process• Substantive: heavy audit committee involvement in accounting policy choice and

accounting alternatives, extensive audit committee analysis of estimates and judgments, audit committee responsible for fraud risk assessment, active audit committee assessment of fraud risk and management integrity

• Ceremonial (31%): minimal audit committee involvement in accounting policy choice and accounting alternatives, no audit committee analysis of estimates and judgments, audit committee not responsible for fraud risk assessment, audit committee complete reliance on auditors for assessment of fraud risk

Process area 5: Oversight of the internal and external audit processes• Substantive: audit committee truly oversees the internal audit function and has

extensive formal and informal contact with internal audit, audit committee has extensive contact with and oversight of external audit, including gathering significant information to evaluate auditor performance

• Ceremonial (31%): internal audit really reports to management and has little or no contact with the audit committee outside of audit committee meetings, audit committee has limited contact with and oversight of external audit and gathers no information to evaluate auditor performance




A number of audit committee members indicated that some companies arelooking for independent directors in name only. The executives want to be able topoint to their independent directors, but they do not really want vigilant monitoringof their actions:

The big question is are there any integrity issues? Any baggage? Do they wantto do things right? Will management and the board be stable? I want to avoidshow and tell meetings. Avoid cases where they want your name, but nosubstance.


This audit committee member is trying to avoid situations where management wantsthe audit committee to be merely ceremonial. As a NYSE audit committee chairsaid, “I will only go on the board if the CEO and CFO take governance seriously.”

We also asked why a prospective board member would decline to serve on aboard or would resign from a board where he or she was already serving. Our find-ings are presented in panel B of Table 3. Management integrity issues dominate,followed by time constraints, inability to contribute, and concerns about manage-ment’s commitment to sound governance. A NASDAQ audit committee chairstated:

If management’s attitude toward the role of the board and the attitude of otherboard members regarding the board’s responsibility are not acceptable, Iwould decline or leave. I don’t want to be the Lone Ranger on the board. …I left a board due to not feeling like other board members felt like their respon-sibility was as serious as I felt it should be — they appeared too self-serving. Ialso left because I didn’t think I made a good match for the board. I havedeclined several invitations. For some, I felt I wasn’t qualified. For others, Ideclined because I felt like management didn’t get what board responsibilities

TABLE 2 (Continued)

Process area 6: Other audit committee activities• Substantive: audit committee formally benchmarks against leading practices, audit

committee is heavily involved in the code of conduct, audit committee does not get too comfortable

• Ceremonial (19%): audit committee does not benchmark against leading practices, audit committee is not involved in the code of conduct, audit committee is too comfortable with management

Note:* The frequency information for ceremonial activity is based on the percentage of

participants indicating a ceremonial approach to at least one of the listed activities within a process area. Within process areas 4 and 5, some questions were not asked of all participants (see Tables 6 and 7).



TABLE 3AC process area 1: Acceptance and continuance due diligence processes*

Steps taken before agreeing to join the board or audit committeeMeet with or talk to the following people

Existing board members 23 55CFO 17 40External auditor 17 40CEO 16 38Unspecified senior management 16 38In-house counsel 11 26

Read/review the following documentsSEC filings (including financial statements) 26 62Directors’ and officers’ insurance 10 24Litigation 8 19Company websites 6 14

Take the following actionsTalk to colleagues, including assessing reputation of

company and management 16 38Understand the company’s business and industry 10 24Analyze financial health of the company 4 10Analyze long-term strategic plan of the company 4 10Assess composition and reputation of the current board 4 10Make sure board service poses no conflict with employer 4 10

Make the following assessmentsCan he or she make a contribution to the board? 12 29Are there any integrity issues with management or the

board? 10 24

Steps taken when agreeing to continue on the board or auditcommittee

Make the following assessmentsAre there any integrity issues with management or the

board? 14 33Does he or she still have a good comfort level? 11 26Is he or she still making a contribution to the board? 11 26How has management handled board suggestions/advice? 7 17How effective is the board and its committees? 6 14Is the time commitment required still acceptable given his

or her schedule? 5 12No specific actions taken 7 17

How often does he or she make this evaluation regarding continuedservice (n � 37)?

Continuously 29 78Periodically (e.g., when up for reelection) 6 16As needed (e.g., when an issue arises) 2 5


Panel A: Acceptance and continuance n Percent



really were — they didn’t take board responsibility seriously. I also havedeclined when I felt like management’s attitude for what they were looking forin a board member was primarily driven by their desire for form over substance.

Overall, the interviewees appear quite committed to due diligence efforts sothat they can avoid being associated with a problem company. It appears to us thatmany prospective audit committee members approach a board invitation with adefault response of “no” and must be convinced to say “yes”. Thus, most of theaudit committee members we interviewed apparently favor an agency view ofthe audit committee, where they are engaged to provide monitoring of manage-ment, as opposed to serving only in a ceremonial role reflective of institutionaltheory. (Similarly, Spira (2002, 69) notes that participants in her interviews “didnot want audit committee meetings to be described as ceremonial”.) However, itappears that the audit committee members we interviewed have encountered man-agement teams with a loosely coupled view of governance (ceremonial boards andaudit committees), and they try to avoid such managers.

TABLE 3 (Continued)

Reasons he or she would decline to serve or leave a position onthe board or AC

Management issuesConcerns about management credibility and/or integrity or

witnessed fraud, illegal acts, or unethical conduct 24 57Lack of open/honest communication between management

and the board 7 17Independent directors are not desired and the corporate

governance system is not taken seriously 6 14Top management is not supportive of financial reporting or

controls 5 12Individual director issues

Excessive time and/or travel demands 13 31Inability to contribute 10 24Lack of business and industry knowledge 7 17

Number of directors who have declined an invitation to serveon a board 15 36

Number of directors who have resigned from a board 11 26

Reasons given for why they resigned from a board (n � 11)Time demands 4 36Board is not effective 3 27Lack of compatibility with the CEO 2 18


otherwise noted.

Panel B: Declining or leaving n Percent



AC process area 2: Selection of audit committee nominees

Because we are interested in learning about company-specific audit committeeprocesses, we generally asked the interviewees to describe processes related to thelargest public company audit committee where the interviewee had served for atleast one year. The remainder of this paper addresses the interviewees’ experienceswith one public company audit committee.

Table 4 presents information on how the audit committee member was identifiedfor board service and why he or she was asked to serve on the audit committee.Many audit committee members were identified for audit committee servicebecause of their previous contact with management or other directors.14 Considerthe following perspectives that raise questions about the degree of arms-lengthmonitoring that may take place:

I was friendly with the CEO of the company. Our kids were in the sameschools, and our wives were friends. The previous CEO perpetrated a majorfraud in this company. My friend became the new CEO, and he had to rebuildthe board. I was asked to join the board.

NYSE audit committee member (joined board pre-SOX)

The CFO suggested that I join the board. The CFO is a personal friend. Longago I served on the company’s audit engagement (35 years ago). The CFOwanted my financial expertise.

NASDAQ audit committee chair (joined board post-SOX)

In some cases, the selection of directors is consistent with managerial hegemony(get friends on the board) or institutional theory (have independent directors forlegitimacy, but the directors’ true objectivity is suspect).

Thus, there is an interesting contrast in the first two process areas. Audit com-mittee members appear to want to engage in meaningful monitoring (they want thecompany to take governance seriously); however, many of them were selected forboard service due to previous relationships that may call their objectivity into ques-tion. In addition, some prospective board members gain comfort from knowingcurrent board members. A NASDAQ audit committee chair stated, “If you don’tknow people on the board, it is not possible to do enough due diligence.”

By far the most common reason for being asked to serve on the audit commit-tee is the interviewees’ financial or accounting expertise.15 This is consistent withGendron and Bédard’s 2006 finding that financial and accounting backgrounds areconsidered critical to audit committee effectiveness (also see Spira 2002). Also,some interviewees were appointed to the audit committee because of their industrybackground or expertise. The following perspectives elaborate:

My background as a CFO and auditor led to my audit committee service. Inaddition, no other board member wanted to serve on the audit committee.




I was the only person on the board with financial experience and with experi-ence in the industry. I was operationally stronger in finance and with industryknowledge. Knowledge of the industry was a big plus.


AC process area 3: Audit committee meeting processes

Audit committee meeting number and length

Panel A of Table 5 presents information about the number and length of typicalaudit committee meetings. Meeting frequency now averages approximately 10meetings per year.16 One audit committee member stated:


TABLE 4AC process area 2: Selection of audit committee nominees

Did the nominee have significant previous contact with executivemanagement before being approached to serve on the board?

No 25 60Yes 17 40

Did the nominee have any personal ties to management orboard members?

No 28 67Yes 14 33

Identified to serve on the board because of financial expertise 6 14

Identified to serve on the board because of industry expertise 5 12

How was the nominee identified to serve on the board?Previous interaction with management of the company

Management (including the CEO) knew the nominee 9 21Chair of the board knew the nominee 3 7Founder of the company knew the nominee 2 5

Previous experience with other board membersSome of the other board members knew the nominee 5 12Served on another board with members of this board 3 7

Identified by the governance committee or by an outsidegroup

Identified by an executive search firm 5 12Representing a large investor in the company or a creditor’s

committee 4 10Recommended by an accounting firm and/or law firm 3 7

Factors that led to being appointed to the audit committeeFinancial or accounting background/expertise 28 67Industry background/expertise 6 14

n Percent


We meet 12 times in total plus two or three miscellaneous calls. Four times ayear we hold conference calls with CEO, CFO, external auditor, GeneralCounsel, and full audit committee. The primary purpose of these calls is to goover the press release before it is released. We usually get a draft of the pressrelease in advance of the call. Four times a year we meet face-to-face or viateleconference to review the 10-Q and 10-K prior to their issuance. Four timesa year we meet as an audit committee in conjunction with a full board meetinggenerally in the afternoon or evening preceding the full board meeting. Gener-ally the external auditor is always a part of these meetings.


A number of audit committee members told us that meeting length hasincreased dramatically post-SOX. For example, one NYSE audit committee memberindicated that the meetings used to last for 90 minutes; however, recently the meet-ings have lasted for approximately five hours, an experience the committee memberdescribed as “awful” (apparently due to the extreme length of the meetings). Someaudit committee members told us that they hold their meetings the night beforeboard meetings so that no artificial limits are placed on the length of the commit-tee’s meeting (consistent with Spira 2002), and many audit committees often meetwithout management present.

Given that we did not attend audit committee meetings, we cannot assess thesubstance of the meetings. However, it appears to us that many of the audit com-mittee members are committed to meaningful, substantive meetings, consistentwith an agency perspective. Similarly, Gendron et al. (2004, 168) conclude, “auditcommittee meetings are not mere rituals devoid of interest to managers and auditors”(also see Gendron and Bédard 2006).

Audit committee meeting agenda setting

Most proponents of audit committee reform argue that effective boards and auditcommittees should set their own agendas and determine the types of informationthat they want to review before meetings (National Association of Corporate Direc-tors [NACD] 1996). In fact, some have noted that the usurpation of these responsi-bilities by senior management at Enron and WorldCom contributed to the financialfrauds at those entities (Batson 2003; Breeden 2003). A similar concern was notedat Hollinger International Inc. (Paris report 2004), and Gendron and Bédard (2006)and Spira (2002) note that management can influence the agenda or informationflow to its advantage. We asked a series of questions to learn more about theagenda-setting processes for audit committee meetings (see panel B of Table 5).

Agendas typically are set well in advance of the meeting, and the audit com-mittee chair often sets the agenda, with input from the CFO and other committeemembers, consistent with Spira’s 2002 finding that the agenda is driven by thefinance director and audit committee chair. Three individuals described this processas follows:



TABLE 5AC process area 3: Audit committee meeting processes*

Number of audit committee meetings each year 10.1 4 30Face-to-face meetings 5.1 3 11Telephone meetings 5.0 0 20

Length of typical audit committee meeting(in minutes)

Normal face-to-face meetings 197.5 90 420Special face-to-face meetings (n � 6) 177.5 90 360Telephone meetings (n � 21) 85.0 30 270

How often does the audit committee meetwithout management present (n � 41)? n Percent

Every AC meeting 16 39Every face-to-face AC meeting 19 464–6 times per year 5 12Less than 4 times per year 1 2

Setting the agenda for audit committee meetingsWhen is the agenda set? (n � 27)

5–7 days before the meeting 4 158–14 days before the meeting 10 3715–28 days before the meeting 8 301 year in advance of the meeting 5 19

Individual with primary responsibility for putting the agendatogether (n � 40)

Audit committee chair 32 80CEO or CFO 5 13

Other individuals with input on the agendaCFO 26 62Other audit committee members 25 60Internal auditor 10 24General counsel 9 21External auditor 8 19CAO/controller 7 17CEO 7 17

Method used to put the agenda togetherA detailed calendar of what is covered at each committee

meeting 12 29A matrix that maps audit committee responsibilities to

specific committee meetings per the charter 10 24


Panel A: Number and length Mean Minimum Maximum

Panel B: Agenda n Percent



TABLE 5 (Continued)

Type of information received in advance of AC meetingsDraft regulatory filings, including financial statements 32 76Reports and other forms of communication from the external

auditor 21 50Reports from internal audit 19 45Draft press releases 12 29Reports from counsel and other attorneys 7 17

When is the information packet received (n � 41)?1–3 days before the meeting 3 74–7 days before the meeting 16 391–2 weeks before the meeting 19 46Varies depending on the type of information received 3 7

Role of the AC in determining type of information included inthe packet (n � 39)

Information is jointly determined by AC and another party(typically management) 16 41

Information is primarily determined by the AC 14 36Information is primarily determined by others (i.e., not by

the AC) 9 23

What the AC member does when he or she receives (reviews) thepacket

Assesses whether disclosures are full, complete, and accurate 8 19Reviews external auditor comments/audit plans/management

letters 7 17Compares financial results with the past 5 12Reviews special risk areas 5 12Reviews management’s analysis of the financial statements 4 10Reviews presentations for upcoming meeting to develop

questions and comments 4 10Reads draft of earnings release and other outside

communications 3 7

What the AC member looks for when he or she receives (reviews)the packet

Unusual things/trends, including the reasonableness ofexplanations 18 43

Reasonableness of margins, other F/S indicators, and financialmetrics 13 31

Consistency of actual performance vs. expectations 5 12Status of litigation involving the entity 5 12Status of the 404 compliance project 5 12


Panel C: Information packet n Percent



We redid the charter in 2002 — it now drives the audit committee agenda (wewant to be sure that we cover what we said we’d do). We also hit additionalrisk areas — litigation, patents, et cetera. We keep a matrix of three years ofsubjects down the left side and time across the top. Each topic is hit at leastonce every 24 months, although some topics are addressed at every audit com-mittee meeting.


The agenda is set weeks in advance by the independent audit committee chair-man. There are no restrictions on adding items before the meeting or during it.Often an item discussed at meeting #1 is put on the agenda for follow-up atmeeting #2.

NASDAQ audit committee member

The audit committee builds a calendar at the beginning of the year to serve asits agenda for the committee meetings appended to the board meeting. Theaudit committee together identifies a “top 10” list of issues. This top 10 listhelps the audit committee focus on gaining a better understanding of the

TABLE 5 (Continued)

Communications received between AC meetingsFrequency of communications (n � 34)

Daily 3 9Weekly 7 21Semi-monthly 2 6Monthly 22 65

Parties from whom oral communication is receivedCFO 8 19CEO 6 14Internal audit 6 14Unspecified management 4 10External audit partner 3 7

Nature of written communication receivedMonthly financial statements 17 40Research reports (e.g., analysts) 8 19Press releases 6 14Press coverage 5 12Updates on changes in the regulatory environment 4 10


otherwise noted.

Panel D: Between meetings n Percent



business and underlying accounting issues. The top 10 list also includes a listof compliance issues to be covered each year by the audit committee. Compli-ance issues include evaluating auditor independence, the audit committeecharter, proxy disclosures, and identification of the financial expert of the auditcommittee.


This focus on agenda formality is consistent with Gendron and Bédard 2006,who find a strong emphasis on consistent, mechanistic agenda setting (also seeTurley and Zaman 2007). Without access to audit committee meetings, it is diffi-cult to determine whether the audit committee agenda-setting process results insubstantive monitoring or is simply ceremonial. It is clear that many audit commit-tees devote significant effort to ensuring that the agenda is responsive to the auditcommittee charter and to company risks. In other cases, however, it appears thatmanagement still drives the agenda.

Pre-meeting flow of information to the audit committee

As shown in panel C of Table 5, the audit committee members described pre-meetinginformation packets that typically contain draft filings and various audit reportsand include a substantial amount of information (Gendron et al. 2004; Spira 2002).One interviewee described the information packet:

The audit committee receives a spiral-bound notebook. The notebook containsall reports prepared by internal audit since the last meeting (10–15 reports).The audit committee also receives internal audit’s plan and a status report onits progress in meeting that plan. In addition, the audit committee receivesreports from the external auditor and a separate internal compliance group.The audit committee also gets press releases.

American Stock Exchange [AMEX] audit committee chair

The packets typically are received at least four days before the meeting, butinformation timeliness can be a significant issue and may reduce the audit committeeto a ceremonial role:

We get the packet in advance, but not as far as we’d like — usually 5–6 daysahead of a meeting. This is a major improvement — used to be one day before.The new Corporate Secretary has done a super job on this.


We get the packet about two days in advance. It turns into panic reading.NYSE audit committee chair

Contrary to the more passive audit committee in Turley and Zaman 2007,many of these audit committees appear to drive much of the content of the infor-mation packet:



Guidelines of what the audit committee wanted were given to management.Management gave the audit committee content following those guidelines.The audit committee often asks for changes, and management then makes thechanges. Management exhibits a good deal of flexibility and responsiveness.

Mutual fund audit committee chair

Over time the content of the information in the packet has evolved. It used tobe determined by the various service providers (counsel, external auditor,investment advisor).

NYSE audit committee member

We also inquired about the nature of the audit committee member’s review ofthe packet and what the audit committee member looks for when he or she reviewsthe information packet. Some audit committee members assess the adequacy offinancial disclosures, while others review external auditor comments, audit plans,and management letters. However, each of the reported percentages is low (allunder 20 percent), reflecting a lack of consensus on how to review the informationpacket. Such a lack of consensus could be positive because different audit commit-tee members may approach issues in nonoverlapping ways.

Many committee members look for unusual results or unexpected trends, andthey evaluate the explanations provided by management for these unusual items.Many evaluate the reasonableness of reported margins, other financial statementindicators, and financial metrics. Several audit committee members described theirprocess:

I read the entire packet carefully. I look for things to concentrate on — what’smost important? There is a lot of boilerplate external auditor communications,and I ask them [the external auditor] to highlight things that are important.There is lots of external auditor butt-covering now (trying to reduce liability). Icompare across my three audit committees to identify things to focus on and tobenchmark company practices — there are great spillover benefits of servingon three audit committees.


Look for certain things in the financial statements (e.g., inventory by location,bank borrowings). Look at margins, income elements, Selling, General &Administrative expenses (a dozen or so indicators). Look at internal auditreports for failures that have been “glossed over”. Look at litigation issues.Must be careful to not become complacent when looking at the same stuff eachtime! The questions and answers can become similar and boring. What couldhappen that we need to ask about? Better to find it now than later.


I don’t necessarily look at “management’s answer”. Rather, I try to evaluatewhether there is an ongoing disciplined process that management is doing to



do its job. I don’t think our role is to solve the problem. Instead, our role isto determine if there is a process in place that we are comfortable with. Wemight occasionally get involved in a specific litigation issue to ensure it mapscorrectly to the footnote disclosure.


I particularly look at estimates, judgments, follow-up items, anything fromprior discussions — anything that revolves around management’s judgmentsand how well it was disclosed to determine if that disclosure is robust enough.I assess information we are given and information we are putting out (e.g., inthe 10-K) to be sure it fairly reflects the situation.


I am looking for surprises from anything. Looking for inconsistencies and forinformation about future risks. Looking for things we need to take action on.Assessing whether information is telling you what you expect or whether youare surprised by it.


It appears that most of the audit committee members quoted above attempt toengage in rigorous, meaningful analysis of the information provided to them, con-sistent with the “smell test” highlighted by Gendron et al. 2004 and with an agencytheory view of an audit committee’s responsibility. However, these efforts are limitedby the timeliness and quality of the information packet. In cases where the informa-tion packet arrives just prior to the meeting or does not contain useful information,the audit committee may be reduced to a ceremonial role.17

Communications between meetings

Gendron and Bédard (2006), Spira (2002), and Turley and Zaman (2007) find thata great deal of audit committee activity occurs outside of formal meetings. Simi-larly, our interviewees describe frequent, ongoing substantive communicationswith management, internal auditors, and external auditors between scheduledmeetings (see panel D of Table 5; also see text under the heading “AC ProcessArea 5: Oversight of the Internal and External Audit Processes”, below, regardinginteractions with auditors). However, there are notable differences in informationflow between meetings:

Every month I get a sales report, and every 4–6 weeks I get market information(what the market is saying about us). I have lots of contact with managementand others — CFO (twice per month), Controller (once per month), ChiefAudit Executive (twice per month), external audit partner (once per quarter),and counsel (once per month).


I don’t get information that frequently. As audit committee chairman, I occa-sionally call the CFO and chat about recent events or issues. I’m trying to



determine if there are new issues that have arisen that require the audit commit-tee’s involvement. We do not receive monthly financial statements or budget-to-actual comparisons.


It’s becoming almost excessive. We get press releases almost weekly to review.It’s becoming a burden on my email at home. Earnings releases, litigationinformation, and acquisition information — something seems to always becoming my way.


It depends. The external auditor sends stuff. We give the auditor two standards:(1) you need to have read it yourself, and (2) you need to have thought aboutand summarized the application of the information to this company. This is avery good discipline to follow. We get other stuff sent to the full board — ana-lyst reports, governance reports, monthly financial statements, public relationsinformation, clippings, et cetera.


Assuming meaningful interactions and review of information, such extensivecontact and information flow between meetings may be consistent with substantiveaudit committee monitoring, although perhaps in an informal manner (Turley andZaman 2007). In many cases, we see evidence of such contact; however, in othercases, it appears that the audit committee’s efforts are almost exclusively centeredaround formal meetings and, therefore, may be more ceremonial.

AC process area 4: Audit committee oversight of the financial reporting process

Review of financial reporting risk areas

In terms of specific risk areas, one clearly stands out in panel A of Table 6: revenuerecognition, which is specifically reviewed by almost half of the audit committees(some of those who did not list revenue recognition as a risk area felt compelled toexplain why not). Several audit committee members described their efforts regard-ing revenues, all of which signal fairly vigilant monitoring by the audit committee,consistent with agency theory:

Revenue recognition is the biggest, since it’s software. We go through deal-by-deal [sale-by-sale each quarter], and the external auditor shares their view(using the deal documents) on revenue recognition.


There is a heavy focus on revenue recognition given the company sells a soft-ware product plus services. There are lots of issues that can be affected by thesales staff that might dictate revenue recognition terms. We also discuss issuesrelated to materiality.




Revenue recognition is very hard in the medical device industry. It’s very diffi-cult to predict demand, and it’s very difficult to establish the revenue cut-off.Hospitals are bad at documenting when things (e.g., surgery) happen. That makesit difficult to establish revenue cutoff — in essence our products are at hospitalson consignment until pulled from shelf to be inserted inside a patient (becauseof the way contracts are written). The company is trying to work better withhospital partners to do a better job of this — building in contract incentives toimprove information reliability. The audit committee’s primary concern is basedon management’s confidence in the quarterly numbers. As we sense manage-ment is more confident about its numbers and cutoff, the more confident we are.


The company uses an outside firm to do our internal audit work. This outsidefirm reviews revenue recognition at every subsidiary (and every type of con-tract) and reports back to the audit committee chair on whether revenue isbeing recognized correctly.


Other key risk areas examined include reserves, fixed assets (primarily relatedto asset impairment), inventory (primarily related to the obsolescence reserve), andreceivables. For example, three audit committee members described financialreporting risks and monitoring efforts:

I want to understand how we’ve done and apply technical knowledge to makesure we’ve done things correctly (e.g., new standards). I focus on properdisclosure/communication to shareholders. In terms of specific areas, there isa major focus on fraud (to never let it happen again in this company). I some-times ask myself, “Would I have caught the fraud [that occurred before thisperson’s term on the board]?” The honest answer is probably not. It wouldhave required someone to step back from the details and understand thatratios/analytics that appeared okay should not have appeared okay due to whatwas happening in the industry.


Our company is merger and acquisition driven. We focus on revenue recognitionissues, tone at the top at acquired companies, and how acquired companiestreat contracts. I am very concerned about anything done to inflate earnings/revenues. I review whether the company is in compliance with EmergingIssues Task Force pronouncements on revenue recognition.


We focus on subjective areas of accounting that affect income. I ask the auditpartner about the five most subjective areas of income determination. Examplesinclude warranty reserves, post-retirement benefits, income taxes, impairmentof long-lived assets, and journal entries at period end.




These perspectives all suggest substantive monitoring on the part of someaudit committees.

Review of accounting policies and estimates

Panel B of Table 6 provides information about processes performed by audit com-mittees related to their review of accounting policies and estimates, which rangefrom extensive to minimal. Two audit committee members described their extensiveinvolvement with accounting policies; the second description may reflect a mana-gerial role for the audit committee:

TABLE 6AC process area 4: Audit committee oversight of the financial reporting process*

Financial reporting risk areas reviewed by the audit committeeRevenue recognition 19 45Reserves 12 29Fixed assets, including asset impairment 9 21Inventory, including obsolescence 9 21Receivables, including allowance for doubtful accounts 8 19Critical accounting policies 7 17Litigation 6 14Management judgments/estimates 6 14Mergers and acquisitions 6 14Regulatory compliance concerns 6 14Taxes 6 14Debt, including covenants 5 12

Audit committee involvement in setting/reviewing specificaccounting policies (n � 37)

Reviews policies 28 76Not currently involved, but would be if a major change

occurred 7 19Minimal involvement 2 5

Audit committee discussion of specific judgments/estimates/assumptions involved in implementing an accounting policy(n � 31)

Yes, involved 24 77Involved to some extent 7 23

Audit committee review of accounts dependent on assumption/estimates (n � 11)

Audit committee reviews assumptions/management judgments 9 82Audit committee relies on the external auditor 2 18


Panel A: Financial reporting risks n Percent

Panel B: Accounting policies and estimates n Percent



Our review of accounting policies is extensive. We are trying to make sure thatthe message gets through that the audit committee is not tolerant of GAAPnon-compliance due to immateriality. We are looking for the right tone in thecompany and to set the right tone. We aim to set high expectations and we havean aggressive attitude in setting this tone — no sloppiness.

Mutual fund audit committee chair

The audit committee actually sets the policies and reviews them annually. Theaccounting practices and financial practices of the company are reviewed andapproved on an annual basis.


Two others discussed their very limited role with accounting policies:

The audit committee has minimal involvement in setting and reviewing account-ing policies. The audit committee relies on the external auditor to identify areaswhere a change is needed. Also, the audit committee feels that they are only usedfor oversight. We do not have active involvement in setting these policies.


TABLE 6 (Continued)

Audit committee discussion of alternative accountingtreatments available under GAAP (n � 30)

Always discuss 20 67Sometimes discuss 5 17Discussions have been held in the past 2 7No discussion 3 10

Does the AC ask the external auditor which treatment theywould use (n � 27)?

Yes 24 89No 3 11

Form of external auditor’s communication regarding alternativetreatments (n � 30)

Oral 18 60Both oral and written 11 37Written 1 3

Is management present for the discussion of alternativeaccounting treatments (n � 30)?

Sometimes 10 33Yes 9 30Yes, followed by a separate executive session without

management 11 37


Panel C: Alternative accounting treatments n Percent



The audit committee’s involvement in setting policies is close to zero. Man-agement will discuss a policy and get the concurrence of the audit committee.


Overall, there is some lack of consensus on the audit committee’s role in thisarea. Many audit committees approach accounting policies with the goal of providingvigorous monitoring, while others appear to do very little, serving more of a cere-monial role by simply relying on the auditors with minimal audit committee analy-sis of the issues (also see Pomeroy 2007 for post-SOX evidence on auditcommittee members’ evaluation of accounting decisions).

The audit committee’s involvement in reviewing management estimates, judg-ments, and assumptions often is quite extensive. All of the audit committee members

TABLE 6 (Continued)

Audit committee involvement in assessing financial statementfraud risks

Audit committee’s own actions 32 76Reliance on the external auditor 16 38Reliance on the internal auditors 14 33Little involvement 2 5

Audit committee’s own actions in assessing financial statementfraud risks

Closely analyze reserves and other financial statement areaswhere fraud could occur 6 14

Assess character of management 4 10Regular interaction with management 4 10Actively promote the company’s hotline 3 7Actively search for fraud risks 3 7Review officers’ expenses (annually) 3 7

Assessing and monitoring management’s integrityHow does the audit committee assess management’s integrity?

Evaluate management’s body language 7 17Observe management’s transparency/openness, especially

with the board and the audit committee 6 14Observe how management reacts in pressure situations 4 10Observe if management is defensive 4 10

Other means of assessing management’s integrityWhistleblower hotline 4 10


otherwise noted.

Panel D: Fraud risks n Percent



who were asked about this indicated that they review (at least to some extent) theestimates, judgments, and assumptions involved in implementing an accountingpolicy. For those asked about reviewing specific accounts dependent on manage-ment assumptions and estimates, most indicated that this review is performed (seeGendron et al. 2004 for discussion of how audit committee members evaluate loanloss reserves by considering the mathematical formulas underlying the reserves).

Several audit committee members described their intense efforts to monitormanagement estimates, judgments, and assumptions:

The audit committee is absolutely involved. We focus on any prior yearrestructuring reserves, particularly focusing on where we put the reversal ofany reserves. We focus on the allowance for doubtful accounts, inventoryreserves, and income/deferred income estimates. We also look at impairmentof intangibles.


We absolutely review them, but we resist temptation to think we’re smarterthan management. We ask the auditor, “Do you agree? Are we too aggressive?”


The audit committee gets into lots of depth on this issue. The committee askedme [the audit committee chair] to talk with others in the company (President,CFO, Head of Sales, Real Estate) — I even visited some stores to get a sense[of] what was really going on there.


It’s somewhat ad hoc. I ask for different things at different times. I like toassess the response I get — for example, did the document exist before I askedfor it? I like to see the rigor with which the original source documents wereprepared. As another example, I ask to see original journal entries that havebeen made in the reserve accounts.


Other audit committee members described a more limited, ceremonialapproach in this area (an approach that centers around audit committee reliance onothers, as opposed to audit committee evaluation of the issues):

We only discuss this if the external auditor raises this as an issue. The auditcommittee has a real dependence on the quality of the external auditor andmore dependence on the internal auditor.


We are heavily reliant on management for several estimates. We have signifi-cant estimates related to litigation, patent settlements, product liability, … andinventory obsolescence.




If it’s material the audit committee does discuss management assumptions.They are usually pretty short discussions, though.


Involvement in reviewing alternative accounting treatments available under GAAP

As shown in panel C of Table 6, the audit committee’s involvement in reviewingalternative accounting treatments available under generally accepted accountingprinciples (GAAP) appears to be mixed. Most of the audit committee membersalways discuss with the external auditor alternative accounting treatments availableunder GAAP, but others do not.18 When the audit committee discusses with theexternal auditor alternative accounting treatments available under GAAP, in mostcases the audit committee asks the external auditor what accounting treatment itwould have used. The auditor’s responses generally are made orally, with manage-ment present for these discussions.

Audit committee members described substantive efforts in this area as follows:

Recently we had huge discussions about FASB Interpretation (FIN) No. 46.Alternatives are discussed with management, the external auditor, and theinternal auditor. The audit committee determines whether everyone is comfort-able with the choices being made. We would see one or two alternatives as partof any discussion.


We ask the auditor what range of treatments is appropriate under GAAP, whatis recommended by the external auditor, and why there might be a differentview. We strive to get management and the external auditor into agreement.The audit committee serves as referee.


I look for differences between the auditor and management (this can be sig-naled by nuances in body language). I ask the auditor where the companystands relative to the conservatism or aggressiveness of other clients. This dis-cussion is driven by changes in external regulation. I want to know about thediscussion between management and auditors. What were the points of con-tention? These questions are asked when management and the auditor are bothpresent, and then separately when each group is alone with the audit committee.


Another audit committee member described a more ceremonial role for the auditcommittee:

The audit committee has had very limited discussions with the external auditorregarding alternative accounting treatments. One example dealt with classifica-tion of Income Statement items (i.e., recurring vs. non-recurring). The auditorinitiated this discussion.




Review of the risk of fraudulent financial reporting

Although many of the audit committee members consider assessing the risk offraudulent financial reporting to be a primary audit committee responsibility, anumber of committee members clearly are very uncomfortable with this role (seepanel D of Table 6).19 A NYSE audit committee chair stated, “That’s why we haveauditors,” to indicate that the audit committee is not responsible for fraud detec-tion. Conversely, an AMEX audit committee member stated, “This is so hard. Theaudit committee is supposed to be finding fraud.” Gendron and Bédard (2006) alsonote that audit committee chairs seem to lack confidence about their ability todetect fraud.

Several audit committee members expressed frustration with being expectedto find fraud, consistent with Spira’s 2002 (79) finding that many view audit com-mittees as “powerless to prevent calculated fraud”:

This is asking a hell of a lot of the audit committee. It is totally beyond thecompetency of any audit committee member to be able to sniff out fraud. Somuch of this risk relates to the people, thus you must rely on your judgmentregarding management’s integrity. Management knows that the audit commit-tee is watching — for example, I look at the cars in the company’s parking lot.The moment you see a Ferrari you start to worry. The guys with the big carsare the ones who get you in trouble.


All board and audit committee members are against fraud, but the audit com-mittee is not a bunch of Sherlock Holmes. Ultimately, the audit committee hasto have some level of reliance on management. The audit committee tries tohelp instill a climate of compliance and disclosure within the company.

AMEX audit committee member

The audit committee tries to stay mindful of this risk. We look at the financialstatements, and we talk to the auditors. However, it is impossible to assessfraud risk. We rely on management to some extent. We do look for telltalesigns of problems (e.g., management abusing its privileges).


There is very little that the audit committee can do in the fraud area unless it isabsolutely glaring.


Fraud risks are not explicitly considered. The audit committee relies on theexternal auditor to do that. They are more familiar and independent.


Conversely, other audit committee members accepted responsibility for frauddetection:



Under SOX, now the biggest issue is fraud. We are asking all sorts of questionsof internal audit and external auditors to look for certain things. The auditcommittee looks at expense reports, loans to individuals, related party transac-tions, contracts, and agreements, particularly those related to compensationand pensions.


I don’t know if internal and external audit think it’s their job to detect fraud.The job of the audit committee is to do the qualitative things to assess fraudrisk. The audit committee tries to detect fraud through a reasonable due dili-gence process. The audit committee assesses the environment and directsresources to those areas of greatest risk.


The audit committee has heavy involvement in assessing the reliability of thefinancial statements. The audit committee is always assessing the integrity ofthe firm and its management. If you don’t have faith in the CEO, the auditcommittee has a problem.


Other audit committee members did not perceive fraud risk as a significantissue:

The audit committee is very familiar with the company, so the risk of fraud isvery low (less than 5 percent). A bigger risk is whether the estimates and judg-ments made by management are correct.


The audit committee has to assess the character of the people and determinethe tone at the top of the organization. This is not an agenda item, but it is dis-cussed periodically in audit committee meetings. We try to read management.For example, when the audit committee asks a certain question, and there is asurprise that is revealed. The audit committee does not believe this is a largeissue for this company.


In assessing the risk of fraudulent financial reporting, most of the audit commit-tee members rely, at least partly, on their own efforts to assess the risk of fraudulentfinancial reporting, although there was no consensus activity that audit committeesuse in this regard. In addition, many of the committee members rely heavily on theexternal and internal auditors. Overall, it appears that many audit committee mem-bers simply do not want to be responsible for detecting fraud, much as externalauditors have attempted to avoid this responsibility for decades. Many audit com-mittee members may want to serve as vigilant monitors of management, but withincertain limits. Fraud detection is, however, beyond the limit for many.



Finally, we asked how audit committee members assess management’s integrity(i.e., the tone at the top), an area of focus for audit committee chairs in Gendronand Bédard 2006. There is no consensus method used. Many audit committeemembers described their approaches to assessing integrity, along with expressingsome reservations about whether their efforts were effective:

It is important to look at the second line of management. The audit committeehas frequent opportunities to interact with these people. If something weregoing on, would these people speak up? You’re never comfortable about this,though. At some point, you must believe people are honest.


The board and audit committee are very strict in monitoring and enforcingcompany policies. I know all members of management and their wives. Allmembers of management live modest lives, and they are all on their first wife.You can tell a lot about people by the way they behave. I watch how manage-ment behaves in different settings. A lot of this, though, is instinct.


Look for telltale signs that may be popping up. Spend time in executive ses-sion talking about this with both internal and external auditors. Ask if they’vebeen asked to do anything that they’re uncomfortable with. Also ask this ques-tion of the CFO, Controller, et cetera.


There are some companies that want aggressive/risk taking/push the envelopetype people. Skilling and Fastow weren’t wolves in sheep’s clothing, but werewolves in wolves’ clothing. … I am constantly vigilant. You can’t let yourselfassume that people will always do the right things. Vigilance for me is observ-ing how management acts in different settings. I sit in on company meetings tosee how senior management acts.


“Trust, but verify” is the motto of the audit committee. We focus on twoaspects: quantitative and qualitative. As for quantitative, we focus on the finan-cial results — are we seeing weird things with the numbers? As for qualitative,we’re focusing on a litmus test — how they act, how they conduct themselves.For example, we look at how they travel on business — do they always stay atthe Four Seasons, or do they stay at a reasonable hotel? We also track anyfinancial activities between the company and personal business. We focus onhow they generally conduct themselves — how they act. We also question theauditor about anything they see along these lines.


Others emphasized the importance of helping to set the ethical tone in thecompany:



I put a lot of pressure on the principal financial guys to operate with integrity. Itell them, “If you lose your integrity and you’re lucky, you’ll be driving a taxi.If you’re not lucky, you’ll be in jail.”


See how people react over time and under pressure. Let people know how youas a board feel about integrity. With my kids, “It’s better to fail than cheat.”With management, “It’s better to miss the numbers than to do something weregret.” We have an element in the CEO evaluation — ethical environment.


Overall, the approach to assessing management integrity often appears consis-tent with the agency theory view that the audit committee members are trying toprovide effective monitoring; however, in other cases the audit committee’s role inthis area is extremely limited. It is also clear that many audit committee membersare uncertain about the effectiveness of their efforts to assess integrity.

AC process area 5: Oversight of the internal and external audit processes

Audit committee interaction with internal audit

As shown in panel A of Table 7, audit committees frequently are involved in internalaudit hiring, compensation, and budget decisions. The audit committee typicallymeets frequently with internal audit. It appears that audit committee interactionwith internal audit has increased from pre-SOX periods (see Carcello, Hermanson,and Neal 2002; Cohen et al. 2007a), but is still very limited in some cases.

In many cases, the oversight of internal audit is shared between the audit com-mittee and management in a fairly informal, sometimes contentious manner (seeGendron and Bédard 2006). A NASDAQ audit committee chair described internalaudit’s solid-line reporting to the controller and dotted-line reporting to the auditcommittee and concluded, “I’m not 100 percent happy with this.” Others stated:

The audit committee hired the Chief Audit Executive from three candidatessuggested by the CFO (mutual decision, although the audit committee didn’tpick the CFO’s first choice). Firing is probably by mutual decision (“we’rehooked at the hip and no surprises”). The audit committee reviews internalaudit’s budget, but not in detail (within scope approval that leads to head-count). The audit committee does not review internal audit compensationexcept that there was discussion with the CFO to ensure that the Chief AuditExecutive gets paid about what the Controller gets.


This is in transition. Up until recently, internal audit was a function of manage-ment, performing mostly operational audits. Over the last two years the auditcommittee has become more involved in determining the scope of internalaudit activities.




The relationship with internal audit is positive — internal audit feels comfort-able reporting to the audit committee. However, the audit committee wouldprefer a more structured agenda approach to internal audit’s report. Currently,it revolves more around the question of “Anything you want to tell us?” Thatusually leads to a lot of talking about not much. Often that isn’t very informative.


The director of internal audit “technically” reports to the audit committeechair. In reality, he reports to the CEO.


TABLE 7AC process area 5: Oversight of the internal and external audit processes*

AC involvement in hiring the internal auditor (n � 21)Not involved 2 10Involved in decision/joint responsibility with management 5 24Requires audit committee approval 8 38Audit committee has hiring authority 6 29

AC involvement in firing (if needed) the internal auditor (n � 20)Not involved 1 5Involved in decision/joint responsibility with management 6 30Requires audit committee approval 8 40Audit committee has firing authority 5 25

AC involvement in determining compensation/budget of internalaudit (n � 23)

Not involved 3 13Involved in decision 14 61AC sets the compensation/budget 6 26

Frequency of audit committee meetings with internal audit (n � 36)Semi-annually 1 3Quarterly 10 28More than quarterly 1 3Every face-to-face meeting (excludes conference calls) 8 22Every meeting 15 42

AC meets privately with internal audit each face-to-face meeting(n � 36) 12 33

AC chair talks to internal audit director no less frequently thanmonthly (n � 36) 5 14


Panel A: Internal audit n Percent



It is an uneasy alliance with neither side willing to cede authority to the other.The audit committee has pushed management very hard to beef up the internalaudit function. The audit committee wants a direct reporting relationshipbetween internal audit and the audit committee. Management cannot fire theChief Audit Executive without the approval of the audit committee.


Overall, there was a substantial lack of clarity in internal audit’s reportingchannels. Internal auditors and audit committees each can benefit from a strongrelationship with the other party (see Spira 2002; Turley and Zaman 2007), but

TABLE 7 (Continued)

Frequency of audit committee meetings with the external auditorSemi-annually/quarterly 4 10More than quarterly 3 7Every face-to-face meeting (excludes conference calls) 13 31Every meeting 22 52

Other aspects of communication between the AC and the externalauditor

AC meets privately with external auditor at each face-to-facemeeting 14 33

AC chair talks to external auditor the day before board/ACmeetings (i.e., in a pre-meeting executive session) 5 12

Information gathered by the AC to evaluate audit firm qualityand effectiveness (n � 30)

Evaluates the quality of the members of the engagement team,especially the partners 13 43

Evaluates how the external auditors respond to AC questions/how they perform in the AC meetings 8 27

Gets input from the CEO, CFO, controller or other membersof management 7 23

Evaluates independence of the external auditor (i.e., are theytoo close to management?) 6 20

Looks at the audit firm’s industry expertise 4 13Relies on the reputation of the external auditor/uses a

Big 4 auditor 4 13Reviews copies of peer review reports, results of PCAOB

reviews, any regulatory action taken 4 13


otherwise noted.

Panel B: External audit n Percent



there is significant potential for internal audit’s loyalties to be divided as a result ofmultiple reporting channels (i.e., to the audit committee and management).

Meetings and other communications with external audit

As shown in panel B of Table 7, the external auditor is heavily involved in auditcommittee meetings. In addition, there often is significant contact between theaudit committee chair and the auditor outside of meetings (see Spira 2002; Turleyand Zaman 2007). One audit committee chair discussed having breakfast or dinnerwith the audit partner before each audit committee meeting. Another stated:

I have lunch with the audit partner once every two weeks during the audit —so there are three to five lunch meetings alone.


A NYSE audit committee member indicated, “The outside auditor should beyour best friend. They are the ones who are going to keep you out of trouble.”

In evaluating the effectiveness of the external auditor, some audit committeemembers assess the quality of the engagement team members — especially thepartners assigned to the engagement — while others gather little or no informationto assess auditor performance. Although 43 percent of the audit committee mem-bers evaluate the external auditor by assessing the quality of the personnel assignedto the engagement, only 13 percent of the committee members rely on the reputa-tion of the audit firm and 13 percent refer to the audit firm’s industry expertise.This finding is consistent with a growing body of empirical literature that finds thataudit quality is more a function of audit team characteristics than audit firm charac-teristics (e.g., Ferguson, Francis, and Stokes 2003; Francis, Reichelt, and Wang2006). Gendron et al. (2004) find that auditor competence and candor are majorconsiderations in assessing quality:

I am not sure how much difference there is between firms, but there can be bigdifferences between partners. The audit committee looks at fees, we look atfirm publications, and I talk to my friends and colleagues who have interactionwith other firms.


The audit committee is dealing with a commodity, when talking about the Big4. The variation among the partners within the firms is more important than thevariation across the firms. Partners must be abreast of recent developments,and ahead of the curve on the difficult issues. The external auditor must be acounterweight to management and be able to marshal the resources of the firm.


Others assess the quality of the external auditor by evaluating how the auditorresponds to questions from the audit committee and how representatives of theauditor perform in audit committee meetings:



We developed 30 questions to ask ourselves about the external auditor. Auditcommittee members think about the questions and discuss concerns with theauditor (e.g., we wanted the auditor to spend more time with the CEO and thishas happened). The audit committee chair interviews management for evalua-tion of the auditor. The 30 questions include responsiveness, candor, quality ofpeople, attention to the company, suggestions to the company and audit com-mittee, and are senior audit firm people too close to management?


Despite Cohen et al.’s 2007a finding that management is still the key driver ofauditor selection, several interviewees indicated that the audit committee is quiteactive in selecting the new engagement partner when a partner rotates off theengagement. For example:

The audit committee meets with prospective new partners before they areassigned. The audit committee looks at fees #1; experience #2; and staff thatwill be working on the account #3. The audit team is more important than theaudit firm.


When partner switches / rotations occurred, the firm recommended the auditpartner, and the audit committee interviewed him and agreed he would be agood partner.


We just had a change in partner (prior one got promoted). The audit committeetold the external audit firm what criteria we wanted in the new partner — andwe got that kind of person. We wanted someone with industry experienceand who was responsive.


We also asked about the purchase of nonaudit services from the external auditor.Ninety percent of the participants indicated that the company purchases nonauditservices from the auditor, although sometimes reluctantly. Tax services are by farthe most common nonaudit service purchased. However, there appears to be atrend away from using the external auditor for any nonaudit services, even tax ser-vices, due to concerns about the appearance of a lack of independence (see Gaynor,McDaniel, and Neal 2006), which could undermine legitimacy (Spira 2002):

I don’t think that non-audit services would actually impair the external auditor’sindependence, but we have basically refrained from using the external auditorfor non-audit services due to concerns about the perceptions of external users.


On certain issues you can get better quality work more cheaply from the externalauditor, but this is traded off against the risk that someone could come backand second guess you.




Overall, audit committee members appear to rely quite heavily on the externalauditor, and the committee generally provides meaningful oversight of the externalauditor. Such oversight is consistent with the spirit of SOX section 301, which spe-cifically calls for the audit committee to directly oversee the auditor.

AC process area 6: Other audit committee activities

Panels A – D of Table 8 present information on several other audit committeeactivities:

• Most audit committees benchmark their processes either formally or infor-mally against best practices (also see Gendron and Bédard 2006). Severalsources of information are used (see panel A), including seeking input fromthe external auditor. Such efforts to adopt best practices are consistent with iso-morphism, where audit committee practices become more similar over time ascompanies imitate each other to seek legitimacy (DiMaggio and Powell 1983).

• Most audit committees have some involvement in reviewing compliance withthe company’s code of conduct (see panel B), but some have no involvementin this area.

• Audit committees largely accomplish their oversight role through their relianceon others, primarily auditors and management (see panel C). A NASDAQaudit committee chair provided this detailed description of how his committeegets comfortable with understanding the key financial reporting risks, as wellas setting a strict tone with new hires to the accounting staff:

The thing that does the most good is the analysis of the financial statements(30–40 page package) — by country, budget vs. actual, actual vs. peer group,analysis of reserves, et cetera. Visiting company sites and meeting withemployees helps. Also, I rely on questioning the external auditor, including thediscussion of critical accounting policies. Finally, the addition of severalformer Big 4 managers to the controller’s office has helped with GAAP issues.I met with them and clearly explained that if anyone asked them to do anythinginappropriate, they’d better tell the audit committee immediately — or we’dfry them in Hell.

In addition, there are contrasting perspectives on the notion of audit commit-tees getting “comfortable” (Gendron et al. 2004; Spira 2002) with the positionthat all risks have been identified and mitigated:

The audit committee is comfortable with employees and management, andwith the external auditor.


The audit committee must have some degree of faith that management is set-ting the right tone and degree of integrity. The internal audit director must have



enough intestinal fortitude. The external auditor must have enough intestinalfortitude. The audit committee is uncomfortable on this dimension if there aresurprises that we were not told about ahead of time.


I don’t want the audit committee to be comfortable. If we are comfortable, weare in trouble.

AMEX audit committee chair

Are any audit committees comfortable these days? … Structure and process isnot a substitute for talking to people face-to-face (do people look you in theeye or do they look at their shoes?). You can never stop talking, listening, andquestioning.


The audit committee gets its comfort from the external auditor, outside coun-sel, management, and from the audit committee members’ own experiences inother companies.

AMEX audit committee member

• The audit committee members clearly are dependent on both internal andexternal auditors in evaluating the effectiveness of internal control over finan-cial reporting (see panel D of Table 8) (Gendron et al. (2004) also find heavyreliance on internal audit in this regard). Although there has been much criticismof SOX section 404, a number of the audit committee members are supportive ofthe process. A NASDAQ audit committee chair stated:

404 stuff has been superb — lots of issues discovered through 404, despitehearing from the external auditor that controls were fine before 404. With 404,we now can identify, track, and fix internal control problems. We keep a listingof significant deficiencies — who is responsible, timetable for remediation,and external auditor approval. It has been a great mechanism.

However, another NASDAQ audit committee chair stated:

404/SOX has changed everything. The good is that SOX has created a differ-ent tone at the top (this accounts for 90 percent of the benefit of SOX and only5 percent of the effort). The bad is that 404 provides some benefit, but the costis way too much. We could have eliminated 80 percent of the pain and still got-ten 90 percent of the benefit.

As we concluded each interview, we asked the interviewees about the mostimportant thing that an audit committee can do to fulfill its responsibilities (nottabulated). Consistent with insights from previous research (Gendron et al. 2004;Gendron and Bédard 2006; Krishnamoorthy, Wright, and Cohen 2003; Spira



2002), many committee members indicated that asking good questions is the singlemost important thing that the audit committee can do. One NASDAQ audit com-mittee member said that committee members should “ask tough questions, manytimes, of many people”. Consistent with Kalbers and Fogarty’s 1993 focus on theimportance of audit committee member willingness to act and challenge manage-ment, a NASDAQ audit committee chair said:

TABLE 8AC process area 6: Other audit committee activities*

Does the audit committee benchmark its practices against bestpractices (n � 36)?

Yes, a formal process is in place 19 53Yes, but not a formal process 8 22No 7 19Just starting to do this 2 6

How the audit committee benchmarks its practices against bestpractices (n � 29)

Completes a self-evaluation 13 45Seeks feedback from the external auditor 11 38Compares AC practices to practices of other companies 9 31Has AC members attend seminars 8 28Seeks feedback from management, outside counsel, and

internal audit 7 24Compares AC charter against charters of other companies in

that industry 5 17

The audit committee and the code of conductInvolvement of the AC in reviewing compliance with the code

of conductSome 22 52Heavy 11 26Board or other committee responsibility 8 19None 1 2

Examples of AC’s involvement in reviewing the code ofconduct

AC reviews code of conduct, including how it iscommunicated 23 55

AC is either directly involved in receiving hotline calls or isprovided with a summary of such calls 8 19

AC chair reviews log of any violations of the code ofconduct 5 12


Panel A: Benchmarking n Percent

Panel B: Code of conduct n Percent



Be prepared, diligent, well read. Constantly ask questions — be a devil’sadvocate — have a jaundiced view. Don’t get too comfortable with top man-agement and the tone. Good communication between the board, audit commit-tee, management, and outside advisors is key. A strong audit committee chairis important.

These results, while echoing Gendron et al.’s 2004 finding that effective ques-tioning is critical, are in stark contrast to research (Cohen et al. 2002; Gibbins et al.2001; Spira 1999, 2002; Turley and Zaman 2007) finding that audit committeemembers often are not very effective or powerful questioners. However, Cohenet al. (2007a) find that auditors perceive audit committee members to be askingmore probing and difficult questions post-SOX, and Turley and Zaman (2007) high-light the importance of informal audit committee processes in influencing outcomes.

Beyond the importance of asking good questions, a NYSE audit committeemember noted the influence of the audit committee on auditor–management dis-agreements:

The most important thing that the audit committee can do is to be responsiblefor the internal and external audit functions. The single most important benefitof SOX is the fact that it makes the audit committee responsible for these

TABLE 8 (Continued)

How does the audit committee get comfortable that it understandsthe entity’s key financial reporting risks?

Talk with/rely on the external auditor 19 45Talk with/rely on operating management, outside counsel 15 36Talk with/rely on internal audit 12 29AC follows effective processes (e.g., probing questions, active

oversight, etc.) 8 19AC understanding of the business 5 12

How does the audit committee evaluate the entity’s strength ofinternal control over financial reporting?

Rely on external auditor 22 52Rely on internal audit 21 50Rely on 404 work 16 38Rely on management 12 29Hire another accounting firm to assist in the process 6 14


otherwise noted.

Panel C: Overall AC comfort n Percent

Panel D: Internal controls n Percent



functions. As a result, the external auditor is not a loser in a battle with man-agement. The auditors now have the ability to not cave in to management. Thisis a powerful and inexpensive change.

We also asked the audit committee members about the most important individ-ual attributes /characteristics that an audit committee member needs to possess.Many committee members indicated that a willingness to ask probing questions isthe most important trait. A NASDAQ audit committee member said that committeemembers should “regard dissension as an obligation”. Another NASDAQ auditcommittee member indicated that audit committee members should possess the“ability to ask ‘stupid’ questions. Audit committees need people willing to askdumb questions in front of smart peers.”

On balance, the interview results indicate a commitment to substantive monitor-ing, as well as many audit committee practices that appear to be quite substantive.However, we did encounter a number of responses that reflect a more ceremonialrole for the audit committee.

5. Supplemental analyses

To provide additional insight, we analyze whether there are differences in the auditcommittee members’ responses or characteristics on the basis of six individual andtwo company characteristics. In Table 9, we present selected, more notable differ-ences found in these exploratory analyses.20

There are several insights provided in Table 9. First, audit committee memberswho are accounting experts are more likely to have joined the audit committeepost-SOX after conducting extensive due diligence procedures.21 These audit com-mittee members also report that their audit committees are more actively involvedwith the information packet content and with accounting alternatives and estimates.In many cases, it appears that companies specifically searched for accountingexperts to serve on the audit committee post-SOX. Such accounting experts arevery careful about whose board they join and are quite active once on the auditcommittee.

Second, audit committee chairs are more likely to be accounting experts (e.g.,certified public accountants [CPAs] with public accounting experience), but alsoare more likely to have had personal ties to directors or executives before joiningthe board and are more recent entrants to the audit committee service realm. Itappears that in many organizations, the strategy for selecting an audit committeechair is to approach an accounting expert who is well known by someone on theboard or in management. Interestingly, the audit committee chairs serve on com-mittees that appear somewhat less focused on having the audit committee directlyinvolved in assessing the risk of fraudulent financial reporting.

Third, in the post-SOX environment, individuals joining audit committees aremore likely to be accounting experts (e.g., CPAs with public accounting experi-ence) who conduct extensive due diligence procedures before joining the board andwho have turned down some board opportunities. These audit committee membersare diligent in that they are more likely to carefully read audit committee materials.



These results are consistent with the spirit of SOX. Most notably, SOX promotesaudit committee financial expertise by requiring disclosure of whether at least oneaudit committee member is a financial expert, and we find that post-SOX appoint-ments to the audit committee are more likely to be accounting experts than pre-SOX appointments.

Fourth, audit committees in high litigation risk industries hold more face-to-face meetings, but engage in less contact between meetings. It is possible that thisgreater focus on formal meeting processes is driven by concerns over legal liability,

TABLE 9Variations in selected responses by personal and company characteristics*

Older audit committee members (above the median age of 57 years old; n � 20):• are more likely to focus on the importance of audit committee interaction with the

external auditor• are more likely to focus on the importance of audit committee diligence• are less likely to have experience as a CFO

Audit committee members who are accounting experts (n � 28):• are more likely to have joined the audit committee post-SOX• are more likely to serve on a greater number of audit committees• are more likely to have conducted numerous due diligence procedures before joining

the board• are more likely to state that their audit committee drives the content of the information

packet; always discusses alternative accounting treatments under GAAP; and discusses specific judgments, estimates, and assumptions involved in implementing a new accounting policy

• are less likely to have many years of board, audit committee, or audit committee chair experience

Audit committee members currently sitting on more than one audit committee (n � 24):• are more likely to have public accounting experience and be accounting experts• are less likely to carefully read audit committee materials

Audit committee members who had prior experience with management or the company before joining the board (n � 20):

• are more likely to be attorneys• are less likely to talk with board members before joining the board

Audit committee chairs (versus regular committee members) (n � 24):• are more likely to be CPAs, have public accounting experience, and be accounting

experts• are more likely to have personal ties to management or directors before joining the

board• are less likely to have many years of board and audit committee experience• are less likely to say that their audit committee relies partly on its own actions to

assess the risk of fraudulent financial reporting




where the audit committee seeks to make the audit committee process as formaland externally legitimate as possible.

Finally, audit committee members serving NYSE companies (as opposed toNASDAQ or AMEX companies) receive their information packets earlier and aremore involved in assessing management estimates and assumptions. These auditcommittee members also are less focused on performing due diligence proceduresbefore joining the board (possibly due to the large, well-established companiesinvolved) and are less likely to be accounting experts (e.g., CPAs with publicaccounting experience).

6. Discussion and conclusion

This study makes three main contributions to the academic literature. First, we pro-vide detailed insights into audit committee processes at 42 U.S. public companies

TABLE 9 (Continued)

Audit committee members who joined the audit committee post-SOX (n � 16):• are more likely to be CPAs, be accounting experts, and have public accounting

experience• are more likely to have declined a board opportunity• are more likely to have conducted numerous due diligence procedures before joining

the board and are more likely to continuously evaluate their ongoing service on the audit committee

• are more likely to carefully read audit committee materials and are more likely to emphasize the importance of asking good questions

• are less likely to have many years of board, audit committee, or audit committee chair experience

Audit committee members serving companies in high litigation risk industries (financial services, pharmaceuticals, or technology) (n � 12):

• are more likely to say that their audit committee has a greater number of face-to-face meetings each year

• are less likely to communicate frequently between meetings

Audit committee members serving NYSE companies (n � 20):• are more likely to state that their audit committee receives the pre-meeting packet

more than one week before meetings• are more likely to state that their audit committee reviews management’s assumptions

related to accounts that are dependent on assumptions or estimates (compared with relying on the external auditor or having no involvement)

• are less likely to have conducted numerous due diligence procedures before joining the board

• are less likely to be CPAs, be accounting experts, and have public accounting experience

Note:* All differences reflect p-values � 0.10, two-tailed.



in the post-SOX environment. As a result, researchers can better understand whathappens in the boardroom in the post-SOX environment, and several opportunitiesfor future research are revealed (see below). Second, the study extends, and in somecases confirms, previous research on the audit committee process (Cohen et al.2002, 2007a; Gendron et al. 2004; Gendron and Bédard 2006; Spira 1999, 2002;Turley and Zaman 2007). The confirmation of earlier research results is notable,because previous researchers have often examined audit committee processes out-side the United States (i.e., in Canada and the United Kingdom). Finally, from atheoretical perspective, while most of the audit committee members we inter-viewed appeared committed to substantive monitoring of financial reporting, ourinterviews reveal a wide range of audit committee practices and attitudes. Becauseof the mix of substantive and ceremonial practices (which, overall, are weightedmore toward substantive oversight), it appears that neither agency theory nor insti-tutional theory fully explains our results, as is the case in Kalbers and Fogarty 1998and Nicholson and Kiel 2007. Accordingly, we believe that additional theoreticalwork should further examine the role of the audit committee.

Our results can be viewed in the context of earlier governance frameworks.First, Cohen et al. (2004) describe the central parties in the corporate governancemosaic as the audit committee, internal auditor, external auditor, management, andthe board. In many cases, we find evidence of frequent, meaningful interactionsamong these parties. Such interaction appears to be critical to effective audit com-mittee oversight. In addition, DeZoort et al. (2002) assert that audit committeeeffectiveness is a function of audit committee composition, authority, resources,and diligence. Our interviews reveal that financial expertise (composition) isreceiving a great deal of attention in the post-SOX environment. In addition, someof the interviews highlight the importance of the audit committee asserting itsauthority (e.g., to truly oversee the external or internal auditor), having access tokey internal and external parties (resources), and spending the time to fully reviewinformation (diligence). Overall, we believe that the substantive audit committeeprocesses presented in the paper fit into previous governance frameworks in theacademic literature quite well.

Our study is subject to certain limitations. First, our participant group isconvenience-based and may reflect more active and engaged audit committeemembers than is typical. This limits the extent to which our results necessarily gen-eralize to all U.S. public companies. Second, we cannot be certain that the auditcommittee members were always candid in their responses. However, we believethis risk is quite low. There is substantial variability among our respondents in allsix process areas, and the quotes included throughout the paper speak to the levelof candor that was evident throughout the interview process. Third, given the tense,almost fearful, nature of the U.S. corporate governance environment in the imme-diate post-SOX period, we deemed it infeasible to tape record the interviews (seeNicholson and Kiel 2007 for a similar approach) and provide exact quotes from theinterviewees. However, we took extensive steps to ensure that we accurately cap-tured, transcribed, coded, and analyzed the information received from the auditcommittee members, and we did not find the note-taking process to be difficult. We



do not believe that the study’s conclusions have been affected by our data collec-tion method.

We encourage research on four broad issues related to audit committees. First,Kalbers and Fogarty (1998) encourage efforts to combine elements of agency theoryand institutional theory to promote our understanding of the audit committee, andwe echo this recommendation. In our view, much of the tension between a substan-tive versus ceremonial role for the audit committee derives from management’sattitude about governance and monitoring. Many of our interviewees indicated thatthey carefully assess management’s commitment to governance as they evaluatepotential board opportunities. The audit committee members’ goal is to avoid asso-ciating with managers who want the board and audit committee to be ceremonial.If management and the other directors take governance seriously, then there is sig-nificant potential for the audit committee to function as an effective, independentmonitor through its formal and informal processes. Conversely, if managementdoes not take governance seriously, then it may be difficult to attract vigilant boardmembers, such that the audit committee’s role is primarily ceremonial and builtaround over-reliance on management. We encourage additional research and theorydevelopment on the role of management’s attitude toward governance in influenc-ing the substance of governance processes.

Second, our study represents a positivist approach to the audit committeeprocess, in which we generalize results across contexts and attempt to identify theprevailing reality and its correspondence to a particular theory. This approach is incontrast to such studies as Gendron and Bédard 2006 (212) that use a socialconstructivist approach, “predicated on the point of view that ‘reality’ is sociallyconstructed and that the main task of social scientists consists of analyzing the pro-cess by which perceptions of reality develop”. We encourage additional researchand theory development using a variety of approaches.

Third, our results are consistent with previous studies highlighting the impor-tance of informal interactions and communications in accomplishing the auditcommittee’s objectives (Gendron and Bédard 2006; Spira 2002; Turley and Zaman2007), and we find significant variability in audit committee processes. We encour-age additional research on the relation between audit committee formal and informalprocesses and financial reporting and governance outcomes. Of particular impor-tance is whether variations in process are associated with variations in financialreporting and governance outcomes, above and beyond previously documentedrelations between audit committee characteristics and financial reporting outcomes.

Finally, our study examines audit committee practices as of 2004–5, but wecannot rigorously assess changes in audit committee processes over time. Longitu-dinal research on audit committee processes could provide important insights intoaudit committee isomorphism, specifically to what extent audit committee pro-cesses are becoming more homogeneous over time, and if so, why this occurs.

Beyond research on these four broad issues, we encourage additional researchon certain audit committee process areas that we examine in this study. First, ourresults suggest that some audit committee members look to internal and externalauditors as having primary responsibility for fraud prevention and detection.



Research may be needed to determine whether this view of delegated fraud over-sight impacts audit committee effectiveness. Also, more research is needed tounderstand what factors improve an audit committee’s ability to identify andrespond to high-risk fraud conditions. Although prior research documents aninverse association between the independence of audit committees and financialreporting problems (e.g., Abbott et al. 2004), little is known about specific auditcommittee procedures (e.g., brainstorming — American Institute of Certified Pub-lic Accountants [AICPA] 2005) that might help the audit committee to identifyhigh-fraud risk conditions.

Second, more research is needed to identify whether there are behavioral char-acteristics observable by audit committees that might signal a lack of managementintegrity. Research is needed to identify whether certain personal characteristics,training, or backgrounds could increase an audit committee member’s ability toidentify deficient management integrity.

Finally, our results highlight the often nebulous, informal nature of internalaudit oversight by the audit committee and management (i.e., internal audit is over-seen by two parties). Research is needed to examine the effects of various internalaudit oversight arrangements on the audit committee’s effectiveness and access toobjective information about company risks and controls.

In addition to the research implications highlighted by our results, there aremany aspects of the audit committee process that remain to be examined usinginterview-based research. Among the research questions that could be addressed infuture studies are the following: (a) How broadly do audit committee membersdefine their financial reporting oversight responsibilities (e.g., with respect to earn-ings guidance and other communications with the investment community)?(b) What processes do audit committee members use to evaluate internal controlmaterial weaknesses and related remediation efforts? (c) What steps do audit com-mittee members take to resolve auditor–management accounting disagreements?and (d) How do audit committee members evaluate the efforts (audit scope) ofexternal and internal auditors?22

The role and responsibilities of the audit committee have expanded dramati-cally in this decade, and a small body of research is emerging that examines theprocesses audit committees use to monitor the financial reporting process. We hopethat our results will provide researchers with useful insights and will prompt addi-tional research and theory development.



Appendix: Research questions in audit committee process areas

Process area 1: Acceptance and continuance due diligence processes

RQ #1 What steps do directors take before agreeing to join a company’s boardand before agreeing to remain on a board?

RQ #2 Why would a director decline to serve on a board or leave an existingboard?

Process area 2: Selection of audit committee nominees

RQ #3 How are directors identified to serve on a corporate board, and why arethey asked to join the audit committee?

Process area 3: Audit committee meeting processes

RQ #4 How often do audit committees meet, for how long, and which groupsare included in meetings?

RQ #5 How, when, and by whom are the agendas for audit committee meetingsprepared?

RQ #6 Who determines the information included in the information packetreceived before committee meetings, when is the information packetreceived, what information is included in the packet, how do audit com-mittee members review the information, and what are they looking for asthey review the information?

RQ #7 What types of information do audit committee members receive betweenmeetings, from whom is this information received, and how often isinformation received?

Process area 4: Audit committee oversight of the financial reporting process

RQ #8 What financial reporting risk areas are reviewed by the audit committee?RQ #9 What is the nature of the audit committee’s involvement in reviewing the

company’s accounting policies and accounting estimates / judgments /assumptions?

RQ #10 What is the nature of the audit committee’s involvement in reviewingalternative accounting treatments available under GAAP?

RQ #11 How does the audit committee assess the risk of fraudulent financialreporting, including how it assesses management’s integrity and inter-acts with the internal and external auditors in making this assessment?

Process area 5: Oversight of the internal and external audit processes

RQ #12 What is the nature of the audit committee’s interaction with internalaudit (hiring and firing authority, setting budgets and scope of work,reporting relationships, and meeting frequency and type)?

RQ #13 What is the nature of meetings and other communications between theaudit committee and the external auditor?

RQ #14 What types of purchases of nonaudit services are approved by the auditcommittee, what factors are considered by the committee before approving



the purchase of nonaudit services, and are there any allowable nonauditservices that the audit committee would not purchase?

Process area 6: Other audit committee activities

RQ #15 How, and to what extent, does the audit committee benchmark its practicesagainst “best practices”?

RQ #16 How, and to what extent, is the audit committee involved in reviewingthe company’s code of conduct?

RQ #17 On an overall basis, how comfortable is the audit committee that itunderstands the company’s key financial reporting risks?

RQ #18 How do audit committee members evaluate the strength of internal control?RQ #19 What do audit committee members view as their most important task in

fulfilling their responsibilities?RQ #20 What do audit committee members view as the most important personal

attribute/characteristic needed to be an effective audit committee member?

Endnotes1. Resource dependence theory does not appear to be consistent with the audit

committee’s monitoring role under SOX, and it is unlikely that stewardship theory is consistent with audit committee skepticism. Also, in the post-SOX era, it is unlikely that managerial hegemony is the prevailing view of audit committees, although this theory is similar to institutional theory in some respects.

2. Similarly, Gibbins, Salterio, and Webb (2001) report that auditors perceive that audit committee quality varies widely across companies.

3. KPMG (2003b) identifies the following elements of the audit committee process: (a) audit committee organization and operation, (b) risk assessment, (c) internal control over financial reporting, (d) audit processes, (e) financial reporting, (f ) continuous improvement, and (g) audit committee reporting.

4. Some of our interview questions were suggested by Doug Carmichael and Tom Ray, the former chief auditor and current chief auditor, respectively, of the Public Company Accounting Oversight Board. These questions were added to our script in August 2004 and were asked of 31 of the interviewees.

5. One person had just retired from audit committee service prior to the interview, and one interviewee served on the audit committee of a mutual fund, which is subject to SEC regulation.

6. Given the method used to contact potential interviewees, it is not possible to determine how many people were invited to participate, but chose not to do so. For example, two chapters of professional organizations solicited volunteers from their membership, but we do not know how many audit committee members were contacted (or exactly how many audit committee members are in the chapters). In terms of one-on-one invitations, the vast majority of individuals agreed to the interview. We do not have close personal or business ties to any of the interviewees.

7. Although in-person interviews might be preferable, it was prohibitively costly to travel to each city to interview every audit committee member. We believe that the nature of the responses we received from the interviews conducted by phone was similar to that



of the responses received from the interviews conducted in person. Conducting approximately 50 percent of our interviews by phone is consistent with the existing literature. For example, Graham et al. (2005) conducted 70 percent of their interviews with CFOs by phone.

8. Seven of our 42 interviews were conducted solely by one of the authors. This was sometimes due to an earlier interview running much longer than expected, such that only one author was available to start the next interview.

9. In cases where a graduate student was used to create our second set of interview notes, the author present at the interview reread the typed notes to ensure that they were consistent with the handwritten notes taken during the interview by the graduate student.

10. Per Gibbins et al. 1990, a word or phrase is significant if it succinctly captures aspects of audit committee processes, outcomes, or behaviors.

11. The Kappa statistic recognizes that some portion of the overall agreement percentage could be due to chance. The Kappa statistic rescales the overall agreement percentage to range from zero to one, such that the statistic equals zero when the overall agreement percentage equals the expected agreement percentage (i.e., due to chance), and the statistic equals one when the overall agreement percentage is 100 percent (Cohen 1960).

12. Our interviewee group is obviously choice- (convenience-) based and may include a self-selection of more engaged audit committee members. As a result, and given the substantial expertise in accounting and finance possessed by the interviewees, our responses may represent what some might view as “best practices” for audit committee oversight of the financial reporting process. Studies using randomly selected audit committee members may find fewer or less detailed activities being performed.

13. Throughout the paper, we present “quotations” from audit committee members. Given our method (no tape-recording), these quotations are careful paraphrases of the interviewees’ exact words. Thirty-nine of the 42 interviewees are represented in the quotations.

14. Access to corporate boards through personal relationships with senior members of firm management has been common in the past (Lorsch and MacIver 1989). It is important to note that 26 of the 42 interviewees were identified to serve on the audit committee before the recent governance reforms (e.g., SOX). Gendron and Bédard (2006) also find concerns regarding audit committee members’ true independence.

15. Of the 28 individuals in Table 4 who were appointed to the audit committee as a result of their financial expertise, 26 (93 percent) joined the board and audit committee at the same time. This suggests that these directors were specifically targeted for audit committee service.

16. Cohen et al. (2007a) document a marked increase in audit committee meetings with the auditor pre-SOX versus post-SOX.

17. We conduct exploratory analyses to examine the relation between (a) the extensiveness of meeting packet review and (b) audit committee members’ prior experience with company management and other board members. The extensiveness of review is measured as high (low) if the level of review performed by the audit committee member of the pre-meeting information packet is above (below) the median (on the



basis of the number of items the audit committee member does or looks for when reviewing the packet). Results indicate that audit committee members who have prior experience with company management are less likely to engage in extensive review (p � 0.06), while those members with prior experience with other board members are more likely to engage in extensive review (p � 0.01).

18. The external auditor is required to discuss with the audit committee alternative accounting treatments available under GAAP that have been discussed with management, including the ramifications of the use of such alternative treatments and the treatment preferred by the accounting firm (SEC 2003). It is possible that the auditor did not discuss alternative accounting treatments available under GAAP with management for most, if not all, of those companies where the audit committee did not discuss this issue with the external auditor.

19. Beyond adhering to directors’ fiduciary responsibilities, the audit committee’s regulatory duty to detect fraud is not well specified. SOX (2002) does not specifically charge the audit committee with fraud detection, but audit committee members and other directors can be sued or sanctioned by the SEC in cases of negligence (or more serious departures from expected behavior).

20. In presenting these results, we are cautious when mixing personal traits and company practices. For example, we find that older interviewees serve on audit committees that set the meeting agenda earlier; however, we question whether this result is meaningful. Thus, when analyzing variations based on personal characteristics, we tend to focus on responses in process areas 1 and 2, as well as on demographic variables. When analyzing differences based on company characteristics, we tend to focus on process areas 3 through 6. Also, we caution the reader that the interviewees are classified into groups based only on the one company that served as the basis for their responses. Thus, there are cases, for example, in which an interviewee is classified as NYSE (because the one company serving as the basis for the responses is NYSE), but the person also serves on a NASDAQ audit committee.

21. Within the group of accounting experts, those with auditing expertise generally provided similar responses to those without auditing expertise.

22. We thank Larry Abbott for these suggestions.

ReferencesAbbott, L. J., S. Parker, and G. F. Peters. 2004. Audit committee characteristics and

restatements. Auditing: A Journal of Practice & Theory 23 (1): 69–87.Agrawal, A., and S. Chadha. 2005. Corporate governance and accounting scandals. Journal

of Law and Economics 48 (2): 371–406.Ahrens, T., and C. S. Chapman. 2006. Doing qualitative field research in management

accounting: Positioning data to contribute to theory. Accounting, Organizations and Society 31 (8): 819–41.

American Institute of Certified Public Accountants (AICPA). 2005. Management override of internal controls: The Achilles’ heel of fraud prevention. New York: AICPA.

Barreto, I., and C. Baden-Fuller. 2006. To conform or to perform? Mimetic behavior, legitimacy-based groups and performance consequences. Journal of Management Studies 43 (7): 1559–81.



Batson, N. 2003. Final report of Neal Batson, court-appointed examiner in re: Enron Corp. (Chapter 11 case no. 01-16034) (November).

Beasley, M. S., J. V. Carcello, D. R. Hermanson, and P. D. Lapides. 2000. Fraudulent financial reporting: Consideration of industry traits and corporate governance mechanisms. Accounting Horizons 14 (4): 441–54.

Bédard, J., S. M. Chtourou, and L. Courteau. 2004. The effect of audit committee expertise, independence, and activity on aggressive earnings management. Auditing: A Journal of Practice & Theory 23 (2): 13–35.

Blue Ribbon Committee (BRC). 1999. Report and recommendations of the Blue Ribbon Committee on Improving the Effectiveness of Corporate Audit Committees. New York: BRC.

Breeden, R. C. 2003. Restoring trust. Report to the Honorable Jed S. Rakoff — The United States District Court for the Southern District of New York — on corporate governance for the future of MCI, Inc., August.

Carcello, J. V., D. R. Hermanson, and T. L. Neal. 2002. Disclosures in audit committee charters and reports. Accounting Horizons 16 (4): 291–304.

Carcello, J. V., and T. L. Neal. 2000. Audit committee composition and auditor reporting. The Accounting Review 75 (4): 453–67.

Carcello, J. V., and T. L. Neal. 2003. Audit committee characteristics and auditor dismissals following “new” going-concern reports. The Accounting Review 78 (1): 95–117.

Cohen, J. 1960. A coefficient of agreement for nominal scales. Educational and Psychological Measurement 20 (1): 37–46.

Cohen, J., G. Krishnamoorthy, and A. M. Wright. 2002. Corporate governance and the audit process. Contemporary Accounting Research 19 (4): 573–94.

Cohen, J., G. Krishamoorthy, and A. M. Wright. 2004. The corporate governance mosaic and financial reporting quality. Journal of Accounting Literature 23: 87–152.

Cohen, J., G. Krishnamoorthy, and A. M. Wright. 2007a. Corporate governance and the audit process in the post Sarbanes-Oxley era: Do auditors perceive substantive changes? Working paper, Boston College.

Cohen, J., G. Krishnamoorthy, and A. M. Wright. 2007b. Form versus substance: The implications for auditing practice and research of alternative perspectives on corporate governance. Working paper, Boston College.

Cohen, J., G. Krishnamoorthy, and A. M. Wright. 2007c. The impact of roles of the board on auditors’ risk assessments and program planning decisions. Auditing: A Journal of Practice & Theory 26 (1): 91–112.

Cooper, D. J., and W. Morgan. 2008. Case study research in accounting. Accounting Horizons 22 (2): 159–78.

Dacin, M. T. 1997. Isomorphism in context: The power and prescription of institutional norms. Academy of Management Journal 40 (1): 46–81.

DeFond, M. L., R. N. Hann, and X. Hu. 2005. Does the market value financial expertise on audit committees of boards of directors? Journal of Accounting Research 43 (2): 153–93.

DeZoort, F. T., D. R. Hermanson, D. Archambeault, and S. Reed. 2002. Audit committee effectiveness: A synthesis of the empirical audit committee literature. Journal of Accounting Literature 21: 38–75.



DeZoort, F. T., D. R. Hermanson, and R. W. Houston. 2008. Audit committee member support for proposed audit adjustments: Pre-SOX versus post-SOX judgments. Auditing: A Journal of Practice & Theory 27 (1): 85–104.

DiMaggio, P. J., and W. W. Powell. 1983. The iron cage revisited: Institutional isomorphism and collective rationality in organizational fields. American Sociological Review 48 (2): 147–60.

Fama, E. F., and M. C. Jensen. 1983. Separation of ownership and control. Journal of Law and Economics 26 (2): 301–25.

Ferguson, A., J. R. Francis, and D. J. Stokes. 2003. The effects of firm-wide and office-level industry expertise on audit pricing. The Accounting Review 78 (2): 429–48.

Fogarty, T. J., and R. K. Rogers. 2005. Financial analysts’ reports: An extended institutional theory perspective. Accounting, Organizations and Society 30 (4): 331–56.

Francis, J. R., K. Reichelt, and D. Wang. 2006. National versus office-specific measures of auditor industry expertise and effects on client earnings quality. Working paper, University of Missouri.

Gaynor, L. M., L. S. McDaniel, and T. L. Neal. 2006. The effects of joint provision and disclosure of non-audit services on audit committee members’ decisions and investors’ preferences. The Accounting Review 81 (4): 873–96.

Gendron, Y., and J. Bédard. 2006. On the constitution of audit committee effectiveness. Accounting, Organizations and Society 31 (3): 211–39.

Gendron, Y., J. Bédard, and M. Gosselin. 2004. Getting inside the black box: A field study of practices in “effective” audit committees. Auditing: A Journal of Practice & Theory 23 (1): 153–71.

Gibbins, M., A. Richardson, and J. Waterhouse. 1990. The management of corporate financial disclosures: Opportunism, ritualism, policies, and processes. Journal of Accounting Research 28 (1): 121–43.

Gibbins, M., S. Salterio, and A. Webb. 2001. Evidence about auditor-client management negotiations concerning clients’ financial reporting. Journal of Accounting Research 39 (3): 535–63.

Graham, J. R., C. R. Harvey, and S. Rajgopal. 2005. The economic implications of corporate financial reporting. Journal of Accounting and Economics 40 (1–3): 3–73.

Hirst, D. E., and L. Koonce. 1996. Audit analytical procedures: A field investigation. Contemporary Accounting Research 13 (2): 457–86.

Jensen, M. C., and W. H. Meckling. 1976. Theory of the firm: Managerial behavior, agency costs, and ownership structure. Journal of Financial Economics 3 (4): 305–60.

Kalbers, L. P., and T. J. Fogarty. 1993. Audit committee effectiveness: An empirical investigation of the contribution of power. Auditing: A Journal of Practice & Theory 12 (1): 24–49.

Kalbers, L. P., and T. J. Fogarty. 1998. Organizational and economic explanations of audit committee oversight. Journal of Managerial Issues 10 (2): 129–50.

Klein, A. 2002. Audit committee, board of director characteristics, and earnings management. Journal of Accounting and Economics 33 (3): 375–400.

KPMG Audit Committee Institute. 2003a. Audit Committee Quarterly (Fall). Montvale, NJ: KPMG.



KPMG Audit Committee Institute. 2003b. Building a framework for effective audit committee oversight. Montvale, NJ: KPMG.

Krishnamoorthy, G., A. Wright, and J. Cohen. 2003. Audit committee effectiveness and financial reporting quality: Implications for auditor independence. Australian Accounting Review 13 (29): 3–13.

Levitt, A. 2000. Remarks before the conference on the rise and effectiveness of new corporate governance standards. Federal Reserve Bank of New York, December 12.

Lorsch, J. W., and E. MacIver. 1989. Pawns or potentates: The reality of America’s corporate boards. Boston: Harvard Business School Press.

National Association of Corporate Directors (NACD). 1996. Report of the NACD Blue Ribbon Commission on Director Professionalism. Washington, DC: NACD.

New York Stock Exchange (NYSE). 2004. NYSE corporate governance rules (section 303A). New York: NYSE.

Nicholson, G. J., and G. C. Kiel. 2007. Can directors impact performance? A case-based test of three theories of corporate governance. Corporate Governance: An International Review 15 (4): 585–608.

Paris, G. A., G. W. Savage, and R. G. H. Seitz. 2004. Report of the investigation by the Special Committee of the Board of Directors of Hollinger International Inc. (Paris report) Greenwich, CT: Richard C. Breeden & Co.

Patton, M. W. 1990. Qualitative evaluation and research methods, 2nd ed. Newbury Park, CA: Sage Publications.

Pomeroy, B. 2007. Audit committee member investigation of significant accounting decisions. Working paper, University of Alberta.

Salterio, S. E., and R. A. Denham. 1997. Accounting consultation units: An organizational memory analysis. Contemporary Accounting Research 14 (4): 669–91.

Sarbanes-Oxley Act (SOX) of 2002. 2002. Public L. no. 107-204, 116 Stat. 745.Scheid-Cook, T. L. 1990. Ritual conformity and organizational control: Loose coupling or

professionalization? Journal of Applied Behavioral Science 26 (2): 183–99.Scott, W. R. 1987. The adolescence of institutional theory. Administrative Science Quarterly

32 (4): 493–511.Securities and Exchange Commission (SEC). 2003. Final rule: Standards relating to listed

company audit committees. Release 33-8220.Spira, L. F. 1999. Ceremonies of governance: Perspectives on the role of the audit

committee. Journal of Management and Governance 3 (3): 231–60.Spira, L. F. 2002. The audit committee: Performing corporate governance. London: Kluwer

Academic Publishers.Srinivasan, S. 2005. Consequences of financial reporting failure for outside directors:

Evidence from accounting restatements and audit committee members. Journal of Accounting Research 43 (2): 291–334.

Turley, S., and M. Zaman. 2004. The corporate governance effects of audit committees. Journal of Management and Governance 8 (3): 305–32.

Turley, S., and M. Zaman. 2007. Audit committee effectiveness: Informal processes and behavioral effects. Accounting, Auditing and Accountability Journal 20 (5): 765–88.



United States v. Conrad Black, John Boultbee, Peter Atkinson, and Mark Kipnis (Hollinger case). 2007. Case no. 05 CR 727 — 1, 2, 3, 5. United States District Court, Northern District of Illinois.

Veasey, E. N. 2005. A perspective on liability risks to directors in light of current events. Insights: The Corporate & Securities Law Advisor 19 (2): 9–16.


the audit committee oversight process

Documents