the audit cotnmittee oversight process* · 2010-05-05 · the audit cotnmittee oversight process*...

The Audit Cotnmittee Oversight Process*

MARK S. BEASLEY, North Carolina State University

JOSEPH V. CARCELLO, University of Tennessee

DANA R. HERMANSON, Kennesaw State University

TERRY L. NEAL, University of Tennessee

1. IntroductionNo one really understands how limited an audit committee is in its work. Inbig companies it is virtually impossible to know what is going on without rely-ing on management, the internal auditor, and the external auditor.

NYSE audit committee chair

Audit committees are increasingly responsible for the quality of financial reportingand oversight of the audit processes in U.S. public companies (e.g.. Blue RibbonCommittee [BRC] 1999; New York Stock Exchange [NYSE] 2004; Sarbanes-Oxley Act [SOX] 2002), but as noted in the quote above, it is often challenging toprovide effective oversight, especially in large, complex organizations. The intensefocus on greater audit committee responsibility has led to a number of studies onaudit committee performance (for reviews of the academic literature on audit com-mittees, see Cohen, Krishnamoorthy, and Wright 2004; DeZoort, Hermanson,Archambeault, and Reed 2002; and Turley and Zaman 2004). Much of this

Accepted by Michel Magnan. An earlier version of this paper was presented at the 2007 Contem-porary Accounting Research Conference, generously supported by the Canadian Institute ofChartered Accountants. We thank Peter Gleason, Chuck ReCorr, and Hal Shear from theNational Association of Corporate Directors, Ellen Richstone from Financial Executives Interna-tional, Warren Neel from the University of Tennessee's Corporate Governance Center, and ChrisRossie and Patrick Taylor from Oversight Systems, Inc. for their help in arranging many of ourinterviews. In addition, we appreciate suggestions on the paper and/or interview design fromLarry Abbott, Joe Brazel, Rich Clune, Jeff Cohen, Todd DeZoort, Yves Gendron, Rich Houston,Lisa Koonce, Paul Lapides, Michel Magnan (editor), John McAllister, John Olson, Gary Peters,Steve Salterio, Hal Shear, James Tompkins, Amie Wright, two anonymous reviewers, and partici-pants at the 2007 Contemporary Accounting Research Conference. We also thank Doug Car-michael, Tom Ray, and other members of the Office of the Chief Auditor at the Public CompanyAccounting Oversight Board for their feedback on the interview questions. We thank Scott Bron-son, Jon Hansen, Katherine Hansen, Beverly Hudler, Shelly Kane, Stacy Mastrolia, FredMuchunu, Hazel Ryon, and Beth Swang for their assistance in transcribing, tabulating, and cod-ing the interview data. Finally, we thank KPMG's Audit Committee Institute for sponsoring thisstudy, and Scott Reed and Mark Terrell of KPMG for their unwavering support and encourage-ment during the process. Most of all, we thank the audit committee members who were extremelygenerous with their time in talking with us.

Contemporary Accounting Research Vol. 26 No. 1 (Spring 2009) pp. 65-122 © CAAA

doi:10.1506/car.26.1.3

66 Contemporary Accounting Research

research examines the relation between audit committee inputs (e.g., characteris-tics such as audit committee member independence, expertise, and diligence) andfinancial reporting outputs (e.g., restatements, fraud, and auditor going-concemreporting).

Although audit committee inputs and their relation to various outputs areimportant, the extant literature largely fails to examine the process used by auditcommittees as a whole or by individual audit committee members when fulfillingtheir oversight responsibilities (Cohen et al. 2004; Gendron, Bédard, and Gosselin2004; Turley and Zaman 2004, 2007). Turley and Zaman (2004, 324) state, "Whilethere is some evidence of a correlation between financial reporting characteristicsand govemance arrangements, further research is needed to establish issues relatingto the processes and impact unique to [audit committees]." The authors specificallycall for audit committee research using the interview method to better understandaudit committees' activities. Cooper and Morgan (2008) note that case studyapproaches are especially well suited to examining complex behavioral processesand addressing questions of how and why, and Ahrens and Chapman (2006) discussthe potential for qualitative research to contribute to theory. Through interviews ofaudit committee members, our study directiy responds to such calls for qualitativeaudit committee research and offers the advantage of gathering more detailedinformation than typically is collected in quantitative research (Patton 1990). I

To enhance our understanding of audit committee oversight, this paper pro-vides extensive information about the audit committee process obtained throughin-depth interviews of 42 individuals actively serving on U.S. public companyaudit committees. Our evaluation of the interview results is framed in part by thetension between the agency theory (e.g.. Fama and Jensen 1983; Jensen and Meek-ling 1976) view of the audit committee as an independent monitor of managementversus the institutional theory view that audit committees may often be primarilyceremonial in nature, with a focus on providing symbolic legitimacy but not neces-sarily vigilant monitoring (Cohen, Krishnamoorthy, and Wright 2007b; Spira2002). This study addresses these often competing theories by examining the ques-tion "Do audit committees appear to provide substantive oversight of financialreporting, or do they appear to be primarily ceremonial bodies designed to createlegitimacy?"

We find that many audit committee members strive to provide effective monitor-ing of financial reporting and seek to avoid serving on ceremonial audit committees.However, within six specific audit committee process areas we find evidence ofboth substantive monitoring and ceremonial action, such that neither agency theorynor institutional theory fully explains our results. We also find that many responsesvary with personal and company characteristics, with particularly notable differ-ences related to audit committee members' accounting expertise and time ofappointment to the audit committee (pre-SOX versus post-SOX).

This paper is organized as follows. The next section provides backgroundinformation and the motivation for the present study. We describe our researchmethod in section 3. Section 4 presents our overall findings, and section 5 describesthe supplemental analyses. In section 6 we provide discussion and conclusions.

CAR Vol. 26 No. 1 (Spring 2009)

The Audit Committee Oversight Process 67

2. Background and motivation

The role of the audit committee

The Sarbanes-Oxley Act (SOX 2002, section 2) defines an audit committee as "acommittee (or equivalent body) established by and amongst the board of directorsof an issuer for the purpose of overseeing the accounting and financial reportingprocesses of the issuer and audits of the financial statements of the issuer". A com-petent, committed, independent, and tough-minded audit committee has beendescribed as "one of the most reliable guardians of the public interest" (Levitt2000, 5).

Expectations related to audit committees continued to expand throughout the1990s and early 2000s as financial reporting scandals unfolded. Many believethose expectations have sky-rocketed as a result of SOX 2002 and through subse-quent changes in audit committee regulations (e.g., NYSE 2004). KPMG's AuditCommittee Institute (2003a, 2) states:

Today, as never before, the role, responsibility, and accountability of the auditcommittee continue to be the focus of lawmakers, regulators, and shareholders.The audit committee's role in overseeing a company's financial reporting pro-cess, including the audits (and auditors) of the financial statements, is morevisible and demanding.

The importance of process: The Hollinger case

Because we seek to provide insight into the audit committee process, an importantquestion is, "Does the audit committee process truly matter?" We believe that therecent corporate governance disaster at Hollinger International Inc. provides com-pelling anecdotal support for the importance of the audit committee process.Hollinger's audit committee had three financially literate members, each with signif-icant public company director experience and impressive professional credentials.The members included a former governor/law firm chairman, a former ambassador/investment banking and consulting firm chairman, and a senior fellow of an institute.According to recent trial testimony {United States v. Conrad Black, John Boultbee,Peter Atkinson, and Mark Kipnis [Hollinger case] 2007), each of the audit committeemembers was considered "independent", and the audit committee met several timeseach year (typically at least four times in person, with ¡additional meetings by phone).

Despite the impressive audit committee membership and meeting schedule, trialtestimony {Hollinger case) and the Hollinger board's special investigation report(Paris, Savage, and Seitz [Paris report] 2004) reveal apparent deficiencies in the auditcommittee's oversight process. These deficiencies allowed key executives to "linetheir pockets at the expense of Hollinger almost every day, in almost every way theycould devise" (Pads report 2004, 2). The Paris report (2004, 4) asserts that two keyexecutives stole essentially all of the company's profits over a seven-year period.

The trial testimony and the Paris report reveal numerous apparent concernsregarding the audit committee process that are relevant to certain audit committeeprocess areas examined in the present study (see section 3, "Method"):

CA/f Vol. 26 No. 1 (Spring 2009)


1. Acceptance and continuance of due diligence processes: According to trial tes-timony, the Hollinger chief executive officer (CEO) "bumped into" an individualhe knew on a New York City street and invited him to the join the Hollingerboard. That person joined the board and audit committee. As part of the subse-quent Hollinger trial, that audit committee member testified that before joiningthe board, he did "not really" receive any information about what his boardduties would entail. The Paris report (2004, 28) asserts that the board wasselected by the CEO and "functioned more like a social club or public policyassociation". *

2. Selection of audit committee nominees: According to trial testimony, althoughall three audit committee members were financially literate, no committeemember was considered to be an audit committee financial expert.

3. Audit committee meeting processes: According to trial testimony, (a) in oneinstance, the portion of an audit committee meeting devoted to complexrelated-party transactions lasted for only a few minutes, and the committeemembers had no comments or questions whatsoever; (b) audit committee meet-ing agendas were not always prepared, and if they were, they were prepared bya member of management; (c) one audit committee member testified that thecommittee did not always receive niaterials before an audit committee meet-ing; and (d) the audit committee relied on management to bring related partytransactions to the committee's attention. The audit committee chair reliedheavily on management, testifying that he relied "on the members of manage-ment who dealt with the Audit Committee to advise us of anything that shouldbe brought to our attention" (Thompson testimony. May 1, 2007, 30). Anothermember testified, "we would really rely to a great deal on management in dis-cussing [public filings] with management to point out important elements ofthose disclosures to us" (Burt testimony, April 24, 2007, 9). The audit commit-tee chair testified that he reviewed draft financial filings by "skimming" themand admitted that he should have read the filings. Similarly, the Paris report(2004, 14-5) asserts that the audit committee approved management fees with-out understanding the effect on top executives' compensation, yet the auditcommittee failed to demand the information necessary to evaluate the situation.The audit committee failed to ask questions, failed to be skeptical, and failedto gather independent information (Paris report 2004, 33-4).

4. Audit committee oversight of the financial reporting process: The audit com-mittee chair testified that he "trusted" management. Another member testified,"It never occurred to me to check [the truthfulness of management's state-ments] ... I always assumed ... that management was giving us a full andcomplete description of the affairs of the company" (Burt testimony, April 24,2007, 10). The Paris report (2004, 36) asserts that the audit committee put toomuch faith in management's integrity and did not "Trust, but verify". The auditcommittee continued to rely on management's assertions even after there wasevidence of questionable management integrity (Paris report 2004,505).



On the basis of the information above, it appears that the Hollinger audit com-mittee, despite its impressive membership and meeting schedule, had a deficientprocess in place. Specifically, there are fundamental concerns with the selection ofaudit committee members (the role of the CEO, the lack of accounting expertise),the audit committee meeting process (time spent on important issues, agenda set-ting, information now, reliance on management, and review of information), andthe propensity to trust management. We believe that such process characteristicscan contribute to corporate disasters, and each of these process elements isaddressed in our interviews with audit committee members.

Theoretical foundations

There are several, often competing but sometimes complementary, theories withregard to corporate governance and audit committees (e.g., Cohen, Krishnamoor-thy, and Wright 2002, 2007b; Kalbers and Fogarty 1998). The finance (agency)view (e.g.. Fama and Jensen 1983; Jensen and Meckling 1976) holds that the boardand audit committee are in place to monitor management, who otherwise may actin their personal best interest and not in the interests of the principal (e.g., share-holders). Thus, the board and audit committee's independent members monitormanagement to prevent opportunistic behavior by management. This perspective isthe predominant view of the role of corporate governance in the academic account-ing literature.

Alternatively, an institutional theory (e.g., Scott 1987) view of governance inthe academic accounting literature considers changes in organizational processesover time (Cohen et al. 2002, 2007b) and how governance structures "fulfill ritual-istic roles that help legitimize the interactions among the various actors within thecorporate governance mosaic" (Cohen et al. 2007b, 11). Under this view of gover-nance, audit committee processes may become more similar over time (Barretoand Baden-Fuller 2006; Dacin 1997; DiMaggio and Powell 1983), as organizationsare coerced to become similar through regulation (such as SOX), by following"best practices", or by mimicking other organizations to enhance their legitimacy(Cohen et al. 2007b).

Kalbers and Fogarty (1998, 131) state that under this view, "organizationalstructures ... become symbolic displays of conformity and social accountability"(also see Spira 1999 and DiMaggio and Powell 1983). In other words, some gover-nance activities and structures may be primarily driven by a desire to fosterlegitimacy; therefore, the activities and structures are primarily ceremonial andserve as symbols of effective oversight. Cohen et al. (2007b) note that the auditorbears great responsibility for reliable financial reporting when the audit commit-tee's role is primarily ceremonial, although the committee's symbolic efforts canlead to effective questioning of management.

Ceremonial efforts may not be closely related to how a given task is actuallyaccomplished (e.g., to the extent that true monitoring and oversight take place,these activities may not occur during the ceremonial meetings) — that is, there isonly a "loose coupling" between the ceremonial actions and claims of audit com-mittee effectiveness (see Fogarty and Rogers 2005). Scheid-Cook (1990, 189)



states, "Loose coupling in organizations implies that structure and process areloosely connected with organizational goals." Scheid-Cook (1990, 190) also statesin her study of ritual conformity in community mental health centers, "any controlsover the output of [community mental health centers] that do exist are largely ritual.That is, existing output controls serve to legitimate the [community mental healthcenter's] use of [outpatient commitment], but have little or no bearing on organiza-tional effectiveness." In other words, the formal control structures of the commun-ity mental health center are only loosely coupled with its technical activities.Returning to the audit committee setting, under the institutional theory view, auditcommittee activities may be only loosely coupled with claims of audit committeeeffectiveness, such that the formal audit committee activities are primarilyceremonial/ritualistic and designed to create legitimacy outside the organization.

A third view of governance, resource dependence, asserts that the board'sprimary role is to assist management with strategy and resource acquisition(Cohen et al. 2007b; Nicholson and Kiel 2007). The board's role is that of helper orpartner, rather than monitor of management. Cohen, Krishnamoorthy, and Wright(2007c) find that auditors consider both traditional agency variables and resourcedependence variables when evaluating corporate governance for the purpose ofaudit planning.

Fourth, stewardship theory presumes that managers are honest, capable stew-ards of the company's resources (Nicholson and Kiel 2007). Accordingly, the focusis on inside directors' ability to promote shareholder value through their superiorknowledge of the company.

Finally, the managerial hegemony theory asserts that management simplychooses friends to serve as passive directors who derive all of their informationfrom management (Cohen et al. 2007b). The board then becomes purely symbolicand consistently supportive of management, even when the members appear to beindependent directors. Under such a view, the audit committee is completely undermanagement's control and offers virtually no monitoring at all.

To summarize, agency theory emphasizes directors as independent, vigilantmonitors of management; institutional theory emphasizes the symbolic/ceremonialrole of governance structures where legitimacy is paramount and formal processesare only loosely coupled with true monitoring; resource dependence theory focuseson the board's efforts to assist management with strategy and resources; steward-ship theory presumes that managers are honest; and managerial hegemony assertsthat the audit committee will be weak and under management's control. Consistentwith Kalbers and Fogarty 1998, of primary interest as we consider the interviewresults below, are agency theory (the audit committee as a strong, substantive, activemonitor) and institutional theory (the audit committee as a ceremonial entity withless substantive monitoring). Given the nature of the audit committee's oversightrole (SOX 2002), we expect the audit committee to be most heavily focused onactual monitoring (agency theory) or on creating legitimacy by engaging in appro-priate ceremony and ritual (institutional theory, Spira 2002).'



Research on audit committees

Much of the research on audit committees examines the relation between auditcommittee inputs (e.g., independence, expertise, or diligence) and financial report-ing outputs (e.g., abnormal accruals) (Klein 2002; Bédard, Chtourou, and Courteau2004); restatements (Abbott, Parker, and Peters 2004; Agrawal and Chadha 2005);fraudulent financial reporting (Beasley, Carcello, Hermanson, and Lapides 2000);going-concern reports (Carcello and Neal 2000); auditor changes (Carcello andNeal 2003); and stock price reaction (DeFond, Hann, and Hu 2005)). These studiesgenerally find that a more independent, expert, and diligent audit committee isassociated with higher quality financial reporting and auditing. However, becausethese studies examine publicly available measures of audit committee inputs(mainly through corporate proxy statements) and outputs (available in publishedfinancial statements. Securities and Exchange Commission [SEC] filings andenforcement actions, or quoted stock prices), the process by which the audit com-mittee contributes to improvements in financial reporting and auditing has beenlargely unexamined.

To the best of our knowledge, the only studies that examine audit committeeprocesses for overseeing financial reporting are Gendron et al. 2004; Gendron andBédard 2006; Spira 1999, 2002; Turley and Zaman 2007; and Cohen, Krishna-moorthy, and Wright 2002, 2007a. Gendron et al. (2004) examine the activities inaudit committee meetings for three Canadian public companies by interviewingnine audit committee members and 13 other individuals in 2000 and 2001 (e.g.,CEO, chief financial officer [CFO], intemal auditor, external auditor). They findthat audit committee members place significant attention during their meetings onfinancial statement accuracy and appropriate wording, intemal controls, and auditquality. They also conclude that a key role of the audit committee is to ask chal-lenging questions of management and auditors.

Gendron and Bédard (2006) explore the process by which audit committeemembers develop a definition of "audit committee effectiveness". The authors sup-plement the data from Gendron et al. 2004 with interviews of three audit committeechairs in 2004. Gendron and Bédard (2006) find that audit committee members'notions of effectiveness come from their reflecting on audit committee processesand results, with variation across individuals in the definition of effectiveness andin the confidence that effectiveness is being achieved in a certain area. The authorsalso find that post-SOX, the "chairpersons' sense of audit committee effectivenesswas not fundamentally fractured" (2006, 235).

Spira (1999, 2002) interviews 21 individuals, including audit committeechairs, finance directors, and auditors, in the United Kingdom during 1994-96.She focuses particular attention on the ceremonial nature of audit committee activ-ities and on the audit committee as a seeker and provider of comfort regardingfinancial reporting. Comfort is obtained from various parties, such as the financedirector and auditors, and comfort is provided to financial statement users.

Turley and Zaman (2007) use a case study approach, interviewing nine indi-viduals at one U.K. company, including the audit committee chair, intemal andextemal auditors, and management. They find that tbe audit committee's greatest

. 26 No. 1 (Spring 2009)


impact comes through informal processes and the committee's effect on powerrelationships among other governance participants. For example, this particularaudit committee tends not to ask difficult, probing questions during committeemeetings, but it infiuences governance outcomes through informal meetings withauditors and through serving as an ally to the auditors.

Cohen et al. (2002) interview 36 auditors regarding the influence of corporategovernance on the audit process, including the role played by the audit committee.They find that auditors perceive management to be "the primary driver of corporategovernance" (573). Many of the auditors view audit committees as weak and inef-fective.2 Cohen et al. (2007a) update their 2002 study by interviewing 38 auditorsin the post-SOX period. They find that auditors perceive audit committees to bemore diligent, active, expert, and powerful post-SOX.

MotiviUion

Spira (2002) and Turley and Zaman (2004, 2007) specifically call for additionalqualitative research on the audit committee process to increase our understandingof the linkages between audit committee inputs and outcomes, particularly thoserelated to financial reporting and internal control. Patton (1990,14) states that rela-tive to large-sample quantitative research, "[Q]ualitative methods typically pro-duce a wealth of detailed information about a much smaller number of people andcases. This increases understanding of the cases and situations studied."

Gendron et al. (2004), Gendron and Bédard (2006), Spira (1999, 2002), andTurley and Zaman (2007) offer important insights into the audit committee process(and Cohen et al. (2002, 2007a) examine auditor perceptions of audit committees),and many of these studies are based on pre-SOX data from Canadian or U.K. compa-nies. Our paper is based on interviews with 42 U.S. public company audit committeemembers in the post-SOX environment. DeZoort, Hermanson, and Houston (2008)indicate that certain audit committee members in the post-SOX period are moreconservative (more supportive of the auditor in auditor-management disagree-ments) and more concerned about financial reporting accuracy than in the pre-SOXperiod. In addition, Cohen et al. (2007a) find that auditors believe that audit cornmit-tee members are more diligent, active, expert, and powerful post-SOX. As a result,the nature of audit committee oversight may be different post-SOX than pre-SOX.

3. Method

The goal of our study is to provide detailed insights into the audit committee pro-cess. We use the interview method to gather such insights, because this methodallows us to explore issues that are difficult to examine using archival methods. Forexample, archival research provides insights into obvious threats to audit committeemember objectivity, such as those revealed by the member's employment history.However, the interview method can reveal more subtle threats to objectivity, suchas those arising from personal friendships with management that may not be iden-tified through archival methods.

We organized our interviews around six audit committee process areas (see theappendix for the six areas and for the specific research questions). These process



areas are consistent with several elements of the KPMG Audit Committee Insti-tute's Building a Framework for Effective Audit Committee Oversight 2003b.3 Weexplore audit committee member responses to specific questions surrounding thesix audit committee process areas. We used several sources of information todesign our questions, including (a) our prior experiences working with auditorsand audit committees, (b) the professional literature (e.g., auditing standards, SOX,SEC rules), (c) the academic literature (e.g., DeZoort et al. 2002), (d) discussionswith two sitting members of one or more public company audit committees, and(e) discussions with standard-setters and regulators.'*

Following the approach used in Graham, Harvey, and Rajgopal 2005, wesolicited feedback on our interview questions from several academic researchersand current audit committee members. We pilot tested the questions and our inter-view approach on three sitting audit committee members. We modified theresearch instrument and our interview approach on the basis of feedback from ourpre-test and our pilot testing.

Our study is based on interviews with 42 individuals currently serving on at leastone public company audit committee.^ Several individuals were identified throughthe assistance of the KPMG Audit Committee Institute, the National Association ofCorporate Directors, and the Boston chapter of Financial Executives International(sometimes through emailed solicitations to their members). Others were identifiedthrough our personal and university-related contacts.^

Interviewees are located in cities across the United States. As a result, 20 ofthe interviews were conducted in person, while 22 interviews were conducted bytelephone.^ We used a standardized interview script to guide all of the interviews:this script was designed so that questions were asked in relatively short parts, thusmaking it easy to record the details of the responses. There were no differences ininterview questions for those conducted in person versus those conducted bytelephone.

In performing the interviews, we drew heavily from the approaches used byHirst and Koonce 1996 and Cohen et al. 2002. Generally, one member of ourauthor team made the inquiries and took detailed notes of responses, while a secondauthor or graduate student created a separate set of detailed notes (Nicholson andKiel 2007).^ The audit committee members were told that their responses would beheld in strict confidence. In order to encourage candid responses and to fully protectthe anonymity of the interviewees, we did not tape record the interviews (consistentwith Nicholson and Kiel 2007), nor did we record the names of the audit committeemembers or the companies they serve in our data set. We believe that these measureswere necessary to allow us access to public company audit committee members inthe immediate post-SOX period, a time of great focus on audit committees and sig-nificant concerns about audit committee member liability. All of the intervieweesprovided their informed consent. Given the specificity of many of the responses wereceived, we believe that the audit committee members were candid in theirresponses.

Despite the use of a script to guide our interviews, the interview approach wassemi-structured — that is, "when questions took us down an important path, we

CA/? Vol. 26 No. 1 (Spring 2009)


pursued them before returning to the planned interview materials" (Hirst andKoonce 1996, 460). We began by collecting demographic data and then proceededwith questions related to our six process areas. Our first set of questions addresseddue diligence processes performed by individuals before they agreed to join orstand for reelection to a board, given that board and audit committee service areinterconnected. The second set of interview questions was specific to a particularaudit committee and addressed the other five areas of audit committee processexamined in this study. For this set of research questions, we generally asked theaudit committee members to base their responses on the largest public company auditcommittee on which they currently serve (and had served for at least one year).

The interviews were conducted from February 2004 through February 2005and lasted approximately 90 minutes on average, with the shortest interview being45 minutes and the longest 180 minutes. After each interview, one of the authorstranscribed (typed) our notes. The other author present at the interview checked thetranscription of the notes and compared them with the other set of notes (see Salte-rio and Denham 1997).9

We borrowed heavily from parts of Gibbins, Richardson, and Waterhouse1990 (139-40) in developing a coding scheme to categorize and summarize theinformation gathered during the interviews. We analyzed the interview transcriptsto create a vocabulary for discussing audit committee activities and processes.More specifically, we (a) selected one of the typed transcripts as the first case to beanalyzed, (b) highlighted significant words or phrases in the transcript,'" (c) sortedthe highlighted words or phrases into categories on the basis of similarity, and(d) iterated through the accumulated categories to identify more general categoriespermitting us to combine certain initially identified categories. Using this codingscheme (which was influenced by the nature of the responses we received), we devel-oped 438 unique categories that captured the audit committee members' responses.Two different graduate students assigned the audit committee members' responses tothese categories, each working independently. The mean intercoder agreement forthese 438 items is 94 percent, and the mean Kappa statistic is 0.78 {p < 0.01).'•

4. Findings

Table 1 presents background information on the interviewees, who have extensivefinancial and public company audit committee (AC) experience. The intervieweesserve on audit committees across a broad range of company sizes (median revenuesare $1.5 billion) and industries.'2

To provide an initial overview of the results. Table 2 presents information onthe range of responses within each of the six process areas. Within each of theareas, we find responses reflecting activities that range from substantive, meaning-ful oversight to less substantive, ceremonial action that is only loosely coupledwith claims of audit committee effectiveness.

The remainder of this section provides detailed analyses of audit committeeresponses to our interview questions related to the six key audit committee processareas. The amount of data we obtained through these interviews is quite extensive.As a result, we describe key findings related to each of the six process areas, and



we encourage readers to carefully examine the tables. Where possible, we supple-ment the results with insights from individual audit committee members, relate ourfindings to previous research, and assess whether the results are consistent withagency theory (substantive audit committee monitoring) or institutional theory (theaudit committee as a ceremonial entity whose activities are loosely coupled withclaims of audit committee effectiveness).

TABLE 1Background infonnation on interviewees*

Panel A: Percentages Percent

GenderMaleFemale

Professional certification

Certified public accountant

Professional experience in finance or accountingChief financial officerPublic accounting experienceGeneral managementAccounting professorControllerRegulator

3111

15

7426

36

1919

8

44

4

4545

19

1010

10

Panel B: Means Mean Minimum . Maximum

Age

Cumulative governance experienceYears of corporate audit conMiiittee experienceCorporate audit committees served in career

Current service on public company auditcommittees (ACs)

Number of public company audit committees

now servedNumber of audit committees where they are a

financial expertNumber of audit committees where they are

the chairNumber of years serving as the AC chair

(n = 27)

Revenues (in millions) of audit committeecompany (n = 41)

58.5

8.2

3.2

48

11

73

209

1.8

1.5

1.1

4.4

$6,688

1

0

0

1

$15

5

5

4

18

$130,000

(The table is continued on the next page.)



TABLE 1 (Continued)

Panel C: Industry distribution

Packaging, logistics, and transportation 6Retail . , ßTechnology . gFinancial services 4Media and telecommunications 4Health care ; 3Manufacturing ; 3Other 10Total ^

Note:

The statistics in this table are based on the full group of 42 interviewees, unlessotherwise noted.

AC process area 1 : Acceptance and continuance due diligence processes \

Given the legal risk (Veasey 2005) and reputational risk (Srinivasan 2005) faced byboard and audit committee members in the current environment, we examine duediligence processes performed by potential audit committee members in evaluatingtheir decision to serve on a board. As shown in panel A of Table 3, we find thataudit committee members generally perform significant due diligence beforeaccepting a board/audit committee position. Audit committee members oftenreview documents, conduct interviews, and carefully assess management integrityand their personal comfort level:'3 " i

Always do some form of due diligence. I first want to determine if I have theknowledge necessary to serve on that particular company's board (e.g., indus-try) and whether I have the capacity (time) to be able to serve effectively.Often my involvement starts because of some relationship I have with a largeinvestor or senior executive — that is often what initiates contact with me. Iwant to be knowledgeable about senior management — want to know whothey are and what they are like. I want to gain some sense of management'sethical makeup. I also examine recent public filings of the company and talk toone or two other directors currently serving — to gain a sense for the companyand management style as well as how the board actually operates. I also try totalk with large investors.

NASDAQ audit committee chair

I am constantly going through the due diligence process — every meeting, filing,and transaction is a learning process. I ask: (1) Is this a company that I want to ibe associated with?, (2) Am I adding value and serving the shareholders well? :and (3) Do I want to continue my association with this company? 1


CAR Vol. 26 No. 1 (Spring 2009) ¡


These perspectives are consistent with Spira's 2002 (156) notion of audit com-mittee members' "continuing preoccupation with the provision and maintenance ofcomfort". In addition, regarding integrity, a NYSE audit committee member toldus that a prospective board member "better have faith in management's integrity,especially that of the CEO. Otherwise, the liability risk is just too great."

TABLE 2Summary of substantive versus ceremonial activities

Process area 1 : Acceptance and continuance due diligence processes• Substantive: extensive due diligence before joining the board and audit committee• Ceremonial (5%*): very little due diligence before joining the board and audit

committee

Process area 2: Selection of audit committee nominees• Substantive: chosen for audit committee due to accounting expertise and belief that

person would be outspoken• Ceremonial (19%): chosen for board/audit committee due to personal relationship

with management

Process area 3: Audit committee meeting processes• Substantive: risk-driven agendas set by audit committee chair, heavy audit committee

involvement in information packet development, information packet received well inadvance of each meeting, frequent interaction between meetings

• Ceremonial (43%): agendas driven by management, little audit committeeinvolvement in information packet development, information packet received justprior to each meeting, little interaction between meetings

Process area 4: Audit committee oversight of the financial reporting process• Substantive: heavy audit committee involvement in accounting policy choice and

accounting alternatives, extensive audit committee analysis of estimates andjudgments, audit committee responsible for fraud risk assessment, active auditcommittee assessment of fraud risk and management integrity

• Ceremonial (31%): minimal audit committee involvement in accounting policy choiceand accounting alternatives, no audit committee analysis of estimates and judgments,audit committee not responsible for fraud risk assessment, audit committee completereliance on auditors for assessment of fraud risk

Process area 5: Oversight of the internal and external audit processes• Substantive: audit committee truly oversees the internal audit function and has

extensive formal and informal contact with internal audit, audit committee hasextensive contact with and oversight of external audit, including gathering significantinformation to evaluate auditor performance

• Ceremonial (31%): internal audit really reports to management and has little or nocontact with the audit committee outside of audit committee meetings, auditcommittee has limited contact with and oversight of external audit and gathers noinformation to evaluate auditor performance


l. 26 No. 1 (Spring 2009)


TABLE 2 (Continued)

Process area 6: Other audit committee activities ;

• Substantive: audit committee formally benchmarks against leading practices, auditcommittee is heavily involved in the code of conduct, audit committee does not gettoo comfortable '.

• Ceremonial (19%): audit committee does not benchmark against leading practices,audit committee is not involved in the code of conduct, audit committee is toocomfortable with management •

Note:

The ñ-equency information for ceremonial activity is based on the percentage of •participants indicating a ceremonial approach to at least one of the listed activitieswithin a process area. Within process areas 4 and 5, some questions were notasked of all participants (see Tables 6 and 7). ;

A number of audit committee members indicated that some companies arelooking for independent directors in name only. The executives want to be able topoint to their independent directors, but they do not really want vigilant monitoringof their actions: '

The big question is are there any integrity issues? Any baggage? Do they wantto do things right? Will management and the board be stable? I want to avoidshow and tell meetings. Avoid cases where they want your name, but nosubstance.


This audit committee member is trying to avoid situations where management wantsthe audit committee to be merely ceremonial. As a NYSE audit committee chairsaid, "I will only go on the board if the CEO and CFO take governance seriously."

We also asked why a prospective board member would decline to serve on aboard or would resign from a board where he or she was already serving. Our find-ings are presented in panel B of Table 3. Management integrity issues dominate,followed by time constraints, inability to contribute, and concerns about manage-ment 's commitment to sound governance. A NASDAQ audit committee chairstated: i

If management's attitude toward the role of the board and the attitude of otherboard members regarding the board's responsibility are not acceptable, I 'would decline or leave. I don't want to be the Lone Ranger on the board. ...I left a board due to not feeling like other board members felt like their respon-sibility was as serious as I felt it should be — they appeared too self-serving. Ialso left because I didn't think I made a good match for the board. I have ideclined several invitations. For some, I felt I wasn't qualified. For others, I 'declined because I felt like management didn't get what board responsibilities

CAR Vol. 26 No. 1 (Spring 2009) '¡


TABLE 3AC process area 1: Acceptance and continuance due diligence processes*

Panel A: Acceptance and continuance « Percent

Steps taken before agreeing to join the board or audit committeeMeet with or talk to the following people

Existing board membersCFOExtemal auditorCEOUnspecified senior managementIn-house counsel

Read/review the following documentsSEC filings (including financial statements)Directors' and officers' insuranceLitigationCompany websites

Take the following actionsTalk to colleagues, including assessing reputation of

company and managementUnderstand the company's business and industryAnalyze financial health of the companyAnalyze long-term strategic plan of the companyAssess composition and reputation of the current boardMake sure board service poses no conflict with employer

Make the following assessmentsCan he or she make a contribution to the board? 12 29Are there any integrity issues with management or the

board? 10 24

Steps taken when agreeing to continue on the board or auditcommittee

Make the following assessmentsAre there any integrity issues with management or the .

board?Does he or she still have a good comfort level?Is he or she still making a contribution to the board?How has management handled board suggestions/advice?How effective is the board and its committees?Is the time commitment required still acceptable given his

or her schedule?No specific actions taken

How often does he or she make this evaluation regarding continuedservice (n = 37)?

ContinuouslyPeriodically (e.g., when up for reelection)As needed (e.g., when an issue arises)


CARVol 26 No. 1 (Spring 2009)

23171716.1611

261086

1610444 •4

554040383826

62241914

382410101010

14111176

57

2962

3326.261714

12. 17

78165


TABLE 3 (Continued)

24

7

6

5

13107

57

i17

ii;4

12

3'l2'417

Panel B: Declining or leaving n Percent— „ ^ I

Reasons he or she would decline to serve or leave a position on ;the board or AC . i

Management issues iConcerns about management credibility and/or integrity or I

witnessed fraud, illegal acts, or unethical conductLack of open/honest communication between management

and the boardIndependent directors are not desired and the corporate

governance system is not taken seriouslyTop management is not supportive of financial reporting or

conu-olsIndividual director issues

Excessive time and/or travel demandsInability to contributeLack of business and industry knowledge

Number of directors who have declined an invitation to serve ¡

on a board 15 3'6

Number of directors who have resigned from a board 11 26

Reasons given for why they resigned from a board (n = 11)Time demands 4 36Board is not effective 3 27Lack of compatibility with the CEO 2 18

Note: ~ " ^ \

The statistics in this table are based on the full group of 42 interviewees, unless iotherwise noted. . i

I

really were — they didn't take board responsibility seriously. I also have |declined when I felt like management's attitude for what they were looking for Iin a board member was primarily driven by their desire for form over substance, i

Overall, the interviewees appear quite committed to due diligence efforts sothat they can avoid being associated with a problem company. It appears to us thatmany prospective audit committee members approach a board invitation with adefault response of "no" and must be convinced to say "yes". Thus, most of theaudit committee members we interviewed apparently favor an agency view ofthe audit committee, where they are engaged to provide monitoring of manage-ment, as opposed to serving only in a ceremonial role reflective of institutionaltheory. (Similarly, Spira (2002, 69) notes that participants in her interviews "didnot want audit committee meetings to be described as ceremonial".) Howevej-, itappears that the audit committee members we interviewed have encountered m'an-agement teams with a loosely coupled view of governance (ceremonial boards andaudit committees), and they try to avoid such managers. i

CAR Vol. 26 No. 1 (Spring 2009) * '.


AC process area 2: Selection of audit committee nominees

Because we are interested in learning about company-specific audit committeeprocesses, we generally asked the interviewees to describe processes related to thelargest public company audit committee where the interviewee had served for atleast one year. Tbe remainder of this paper addresses the interviewees' experienceswith one public company audit committee.

Table 4 presents information on how the audit committee member was identifiedfor board service and why he or she was asked to serve on the audit committee.Many audit committee members were identified for audit committee servicebecause of their previous contact with management or other directors.'"* Considerthe following perspectives that raise questions about the degree of arms-lengthmonitoring that may take place:

I was friendly with the CEO of the company. Our kids were in the sameschools, and our wives were friends. The previous CEO perpetrated a majorfraud in this company. My friend became the new CEO, and he had to rebuildthe board. I was asked to join the board.

NYSE audit committee member (joined board pre-SOX)

The CFO suggested that I join the board. The CFO is a personal friend. Longago I served on the company's audit engagement (35 years ago). The CFOwanted my financial expertise.

NASDAQ audit committee chair (joined board post-SQX)

In some cases, tbe selection of directors is consistent with managerial hegemony(get friends on tbe board) or institutional theory (have independent directors forlegitimacy, but tbe directors' true objectivity is suspect).

Thus, there is an interesting contrast in the first two process areas. Audit com-mittee members appear to want to engage in meaningful monitoring (tbey want tbecompany to take govemance seriously); however, many of them were selected forboard service due to previous relationships that may call their objectivity into ques-tion. In addition, some prospective board members gain comfort from knowingcurrent board members. A NASDAQ audit committee chair stated, "If you don'tknow people on the board, it is not possible to do enough due diligence."

By far the most common reason for being asked to serve on the audit commit-tee is the interviewees' financial or accounting expertise.'^ This is consistent withGendron and Bédard's 2006 finding that financial and accounting backgrounds areconsidered critical to audit committee effectiveness (also see Spira 2002). Also,some interviewees were appointed to the audit committee because of their industrybackground or expertise. The following perspectives elaborate:

My background as a CFO and auditor led to my audit committee service. Inaddition, no other board member wanted to serve on the audit committee.



82 Contemporary Accounting Research '•

I was the only person on the board with financial experience and with experi- ience in the industry. I was operationally stronger in finance and with industry iknowledge. Knowledge of the industry was a big plus. •

NASDAQ audit committee chair '

AC process area 3: Audit committee meeting processes '

Audit committee meeting number and length \

Panel A of Table 5 presents information about the number and length of typicalaudit committee meetings. Meeting frequency now averages approximately 10meetings per year.'6 One audit committee member stated: \

TABLE 4

AC process area 2: Selection of audit committee nominees I

n Percent

Did the nominee have significant previous contact with executive !management before being approached to serve on the board? !

NoYes

Did the nominee have any personal ties to management orboard members?

NoYes

Identified to serve on the board because of financial expertise

Identified to serve on the board because of industry expertise

How was the nominee identified to serve on the board?

Previous interaction with management of the company

Management (including the CEO) knew the nominee

Chair of the board knew the nominee

Founder of the company knew the nominee

Previous experience with other board membersSome of the other board members knew the nomineeServed on another board with members of this board

Identified by the governance committee or by an outside I• g r o u p • . • • , '

Identified by an executive search firm • • 5 • 12Representing a large investor in the company or a creditor's '

committee ' . . 4 loRecommended by an accounting firm and/or law firm 3 7

Factors that led to being appointed to the audit committee iFinancial or accounting background/expertise 28 67Industry background/expertise 6 l4


2517

2814

6

5

9

3

2 -

5

3

6040

1

67

33

14

12

1

i

2'l

75¡

12

7


We meet 12 times in total plus two or three miscellaneous calls. Four times ayear we hold conference calls with CEO, CFO, external auditor. GeneralCounsel, and full audit committee. The primary purpose of these calls is to goover the press release before it is released. We usually get a draft of the pressrelease in advance of the call. Four times a year we meet face-to-face or viateleconference to review the 10-Q and 10-K prior to their issuance. Four timesa year we meet as an audit committee in conjunction with a full board meetinggenerally in the aftemoon or evening preceding the full board meeting. Gener-ally the external auditor is always a part of these meetings.


A number of audit committee members told us tbat meering length hasincreased dramatically post-SOX. For example, one NYSE audit committee memberindicated that the meetings used to last for 90 minutes; however, recently the meet-ings have lasted for approximately five hours, an experience the committee memberdescribed as "awful" (apparently due to the extreme length of the meetings). Someaudit committee members told us that they hold their meetings the night beforeboard meetings so that no artificial limits are placed on the length of the commit-tee's meeting (consistent with Spira 2002), and many audit committees often meetwithout management present.

Given that we did not attend audit committee meetings, we cannot assess thesubstance of the meetings. However, it appears to us that many of the audit com-mittee members are committed to meaningful, substantive meetings, consistentwith an agency perspective. Similarly, Gendron et al. (2004, 168) conclude, "auditcommittee meetings are not mere rituals devoid of interest to managers and auditors"(also see Gendron and Bédard 2006).

Audit committee meeting agenda setting

Most proponents of audit committee reform argue that effective boards and auditcommittees sbould set their own agendas and determine the types of informationthat they want to review before meetings (National Association of Corporate Direc-tors [NACD] 1996). In fact, some have noted that the usurpation of these responsi-bilities by senior management at Enron and WoridCom contributed to the financialfrauds at those entities (Batson 2003; Breeden 2003). A similar concem was notedat Hollinger International Inc. (Paris report 2004), and Gendron and Bédard (2006)and Spira (2002) note that management can influence the agenda or informationfiow to its advantage. We asked a series of questions to learn more about theagenda-setting processes for audit committee meetings (see panel B of Table 5).

Agendas typically are set well in advance of the meeting, and the audit com-mittee chair often sets the agenda, with input from the CFO and other committeemembers, consistent with Spira's 2002 finding that the agenda is driven by thefinance director and audit committee chair. Three individuals described this processas follows:

CA/? Vol. 26 No. 1 (Spring 2009)


TABLE 5

AC process area 3: Audit coinmittee meeting processes*

Panel A: Number and length Mean Minimum Maximum

Number of audit committee meetings each yearFace-to-face meetingsTelephone meetings

Length of typical audit committee meeting(in minutes)

Normal face-to-face meetingsSpecial face-to-face meetings (n = 6)Telephone meetings (n = 21)

How often does the audit committee meetwithout management present (n = 41)?

Every AC meetingEvery face-to-face AC meeting4-6 times per yearLess than 4 times per year

10.15.15.0

197.5177.585.0

430

909030

n1619

5 •

1

3011

20

11j

420360

noj

Percent3?46

1

12Í

Panel B: Agenda

10

Percent

Setting the agenda for audit committee meetingsWhen is the agenda set? {n = 27)

5-7 days before the meeting

8-14 days hefore the meeting15-28 days before the meeting1 year in advance of the meeting

Individual with primary responsibility for putting the agendatogether (n = 40)

Audit committee chairCEO or CFO

Other individuals with input on the agendaCFOOther audit committee membersIntemal auditorGeneral counselExtemal auditorCAO/controUerCEO

Method used to put the agenda together

A detailed calendar of what is covered at each committeemeeting

A matrix that maps audit committee responsibilities tospecific committee meetings per the charter

41085

325

26

25109877

12

15

h3019

i

80

1

6260242'l191717

129



2119127

316193

50452917

739467


TABLE 5 (Continued)

Panel C: Infonnation packet n Percent

Type of information received in advance of AC meetingsDraft regulatory filings, including financial statements 32 76Reports and other forms of communication from the external

auditorReports from internal auditDraft press releasesReports from counsel and other attorneys

When is the information packet received (n = 41)?1-3 days before the meeting4-7 days before the meeting1 - 2 weeks before the meetingVaries depending on the type of infonnation received

Role of the AC in determining type of information included inthe packet (« = 39)

Infonnation is jointly determined by AC and another party

(typically management) 16 41Infonnation is primarily determined by the AC 14 36Infonnation is primarily determined by others (i.e., hot hy '

the AC) ' 9 23

What the AC member does when he or she receives (reviews) the

packetAssesses whether disclosures are full, complete, and accurate 8 19Reviews external auditor comments/audit plans/management

lettersCompares financial results with the pastReviews special risk areasReviews management's analysis of the financial statementsReviews presentations for upcoming meeting to develop

questions and comments 4 , 10Reads draft of eamings release and other outside

communications 3 7

What the AC member looks for when he or she receives (reviews)the packet

Unusual things/trends, including the reasonableness ofexplanations 18 43

Reasonableness of margins, other F/S indicators, and financial

metricsConsistency of actual performance vs. expectationsStatus of litigation involving the entityStatus of the 404 compliance project



7554

17121210

13555

31121212

86. Conteniporary Accounting Research

TABLE 5 (Continued)

Panel D: Between meetings

Communications received between AC meetingsFrequency of communications (n = 34)

DailyWeeklySemi-monthlyMonthly

Parties from whom oral communication is receivedCFOCEOIntemal audit

Unspecified managementExtemal audit partner

Nature of written communication receivedMonthly financial statementsResearch reports (e.g., anialysts) ,.Press releases

. Press coverageUpdates on changes in the regulatory environment

n

372

.22

00.

, 6643

17 .. 8

6 . •

' . 5 ,' 4

Percent

9216

65

19141¡4107

40

.1914

.1210

Note:

The statistics in this table are based on thé full group of 42 interviewees, unless ' ' 'otherwise noted.

We redid the charter in 2002 — it now drives the audit committee agenda (wewant to be sure that we cover what we said we'd do). We alsc) hit additionalrisk areas — litigation, patents, et cetera. We keep a matrix of three years ofsubjects down the left side and time'across the top. Each topic is hit at leastonce every 24 months, although sbme topics are addressed at'every audit com-mittee meeting. •' • ••

NASDAQ audit coihmittee'chair'

The agenda is set weeks in advance by the independent audit committee chair-'man. There are no restrictions on adding items before the meeting or during it.Often an item discussed at meeting #1 is put on the agenda for follow-up atmeeting #2.

NASDAQ audit committee liriembèr

The audit committee builds a calendar at the beginning of the year to serve asits agenda for the committee meetings appended to the board meeting. The 'audit committee together identifies a "top 10" list of issues. This toplO listhelps the audit committee focus on gaining a better understanding of the

CA/f Vol. 26. No. 1 (Spring 2009)

The Audit Comtnittee Oversight Process 87

business and underlying accounting issues. The top 10 list also includes a listof compliance issues to be covered each year by the audit committee. Compli-ance issues include evaluating auditor independence, the audit committeecharter, proxy disclosures, and identification of the financial expert of the auditcommittee.


This focus on agenda formality is consistent with Gendron and Bédard 2006,who find a strong emphasis on consistent, mechanistic agenda setting (also seeTurley and Zaman 2007). Without access to audit committee meetings, it is diffi-cult to determine whether the audit committee agenda-setting process results insubstantive monitoring or is simply ceremonial. It is clear that many audit commit-tees devote significant effort to ensuring that the agenda is responsive to the auditcommittee charter and to company risks. In other cases, however, it appears thatmanagement still drives the agenda.

Pre-meeting flow of information to the audit committee

As shown in panel C of Table 5, the audit committee members described pre-meetinginformation packets that typically contain draft filings and various audit reportsand include a substantial amount of information (Gendron et al. 2004; Spira 2002).One interviewee described the information packet:

The audit committee receives a spiral-bound notebook. The notebook containsall reports prepared by internal audit since the last meeting (10-15 reports).The audit committee also receives internal audit's plan and a status report onits progress in meeting that plan. In addition, the audit committee receivesreports from the external auditor and a separate internal compliance group.The audit committee also gets press releases.

American Stock Exchange [AMEX] audit committee chair

The packets typically are received at least four days before the meeting, butinformation timeliness can be a significant issue and may reduce the audit committeeto a ceremonial role:

We get the packet in advance, but not as far as we'd like — usually 5-6 daysahead of a meeting. This is a major improvement — used to be one day before.The new Corporate Secretary has done a super job on this.


We get the packet about two days in advance. It turns into panic reading.NYSE audit committee chair

Contrary to the more passive audit committee in Turley and Zaman 2007,many of these audit committees appear to drive much of the content of the infor-mation packet:

CARWol 26 No. 1 (Spring 2009)


Guidelines of what the audit committee wanted were given to management.Management gave the audit committee content following those guidelines, jThe audit committee often asks for changes, and management then makes the 'changes. Management exhibits a good deal of flexibility and responsiveness. ;

Mutual fund audit committee chair

Over time the content of the information in the packet has evolved. It used tobe determined by the various service providers (counsel, external auditor, Iinvestment advisor).

NYSE audit committee member |

We also inquired about the nature of the audit committee member's review ofthe packet and what the audit committee member looks for when he or she reviewsthe information packet. Some audit committee members assess the adequacy offinancial disclosures, while others review external auditor comments, audit plans,and management letters. However, each of the reported percentages is low (allunder 20 percent), reflecting a lack of consensus on how to review the informationpacket. Such a lack of consensus could be positive because different audit commit-tee members may approach issues in nonoverlapping ways.

Many committee members look for unusual results or unexpected trends, andthey evaluate the explanations provided by management for these unusual items.Many evaluate the reasonableness of reported margins, other financial statementindicators, and financial metrics. Several audit committee members described thieirprocess:

I read the entire packet carefully. I look for things to concentrate on — what'smost important? There is a lot of boilerplate external auditor communications,and I ask them [the external auditor] to highlight things that are important.There is lots of external auditor butt-covering now (trying to reduce liability). I !compare across my three audit committees to identify things to focus on and to

, . benchmark company practices — there are great spillover benefits of servingon three audit committees.


Look for certain things in the financial statements (e.g., inventory by location, ¡bank borrowings). Look at margins, income elements. Selling, General & iAdministrative expenses (a dozen or so indicators). Look at internal auditreports for failures that have been "glossed over". Look at litigation issues.Must be careful to not become complacent when looking at the same stuff eachtime! The questions and answers can become similar and boring. What couldhappen that we need to ask about? Better to find it now than later. •


I.don't necessarily look at "management's answer". Rather, I try to evaluate 'whether there is an ongoing disciplined process that management is doing to

CAR Vol. 26 No. 1 (Spring 2009) i

The Audit Coinmittee Oversight Process 89

do its job. I don't think our role is to solve the problem. Instead, our role isto determine if there is a process in place that we are comfortable with. Wemight occasionally get involved in a specific litigation issue to ensure it mapscorrectly to the footnote disclosure.


I particularly look at estimates, judgments, follow-up items, anything fromprior discussions — anything that revolves around management's judgmentsand how well it was disclosed to determine if that disclosure is robust enough.I assess information we are given and information we are putting out (e.g., inthe 10-K) to be sure it fairly reflects the situation.


I am looking for surprises from anything. Looking for inconsistencies and forinformation about future risks. Looking for things we need to take action on.Assessing whether information is telling you what you expect or whether youare surprised by it.

NASDAQ audit committee chair'

It appears that most of the audit committee members quoted above attempt toengage in rigorous, meaningful analysis of the information provided to them, con-sistent with the "smell test" highlighted by Gendron et al. 2004 and with an agencytheory view of an audit committee's responsibility. However, these efforts are limitedby the timeliness and quality of the information packet. In cases where the informa-tion packet arrives just prior to the meeting or does not contain useful information,the audit committee may be reduced to a ceremonial role.^^

Communications between meetings

Gendron and Bédard (2006), Spira (2002), and Turley and Zaman (2007) find thata great deal of audit committee activity occurs outside of formal meetings. Simi-larly, our interviewees describe frequent, ongoing substantive communicationswith management, internal auditors, and external auditors between scheduledmeetings (see panel D of Table 5; also see text under the heading "AC ProcessArea 5: Oversight of the Intemal and Extemal Audit Processes", below, regardinginteractions with auditors). However, there are notable differences in informationflow between meetings:

Every month I get a sales report, and every 4-6 weeks I get market information(what the market is saying about us). I have lots of contact with managementand others — CFO (twice per month). Controller (once per month). ChiefAudit Executive (twice per month), external audit partner (once per quarter),and counsel (once per month).


I don't get information that frequently. As audit committee chairman, I occa-sionally call the CFO and chat about recent events or issues. I'm trying to



determine if there are new issues that have arisen that require the audit commit-tee's involvement. We do not receive monthly financial statements or budget-to-actual comparisons.


It's becoming almost excessive. We get press releases almost weekly to review.It's becoming a burden on my email at home. Earnings releases, litigationinformation, and acquisition information — something seems to always becoming my way.

NYSE audit committee member

It depends. The external auditor sends stuff. We give the auditor two standards:(1) you need to have read it yourself, and (2) you need to have thought aboutand summarized the application of the infonnation to this company. This is avery good discipline to follow. We get other stuff sent to the full board — ana-lyst reports, governance reports, monthly financial statements, public relationsinformation, clippings, et cetera.


Assuming meaningful interactions and review of information, such extensivecontact and information flow between meetings may be consistent with substantiveaudit committee monitoring, although perhaps in an informal manner (Turley andZaman 2007). In many cases, we see evidence of such contact; however, in othercases, it appears that the audit committee's efforts are almost exclusively centeredaround formal meetings and, therefore, may be more ceremonial.

AC process area 4: Audit committee oversight of the financial reporting process

Review of financial reporting risk areas

In terms of specific risk areas, one clearly stands out in panel A of Table 6: revenuerecognition, which is specifically reviewed by almost half of the audit committees(some of those who did not list revenue recognition as a risk area felt compelled toexplain why not). Several audit committee members described their efforts regard-ing revenues, all of which signal fairly vigilant monitoring by the audit committee,consistent with agency theory: !

Revenue recognition is the biggest, since it's software. We go through deal-by- !deal [sale-by-sale each quarter], and the external auditor shares their view !(using the deal documents) on revenue recognition.


There is a heavy focus on revenue recognition given the company sells a soft-ware product plus services. There are lots of issues that can be affected by thesales staff that might dictate revenue recognition terms. We also discuss issuesrelated to materiality.

NASDAQ audit committee member

CAR Vol. 26 No. 1 (Spring 2009) !

The Audit Cotnmittee Oversight Process 91

Revenue recognition is very hard in the medical device industry. It's very diffi-cult to predict demand, and it's very difficult to establish the revenue cut-off.Hospitals are bad at documenting when things (e.g., surgery) happen. That makesit difficult to establish revenue cutoff — in essence our products are at hospitalson consignment until pulled from shelf to be inserted inside a patient (becauseof the way contracts are written). The company is trying to work better withhospital partners to do a better job of this — building in contract incentives toimprove information reliability. The audit committee's primary concem is basedon management's confidence in the quarterly numbers. As we sense manage-ment is more confident about its numbers and cutoff, the more confident we are.


The company uses an outside firm to do our intemal audit work. This outsidefirm reviews revenue recognition at every subsidiary (and every type of con-tract) and reports back to the audit committee chair on whether revenue isbeing recognized correctly.


Other key risk areas examined include reserves, fixed assets (primarily relatedto asset impairment), inventory (primarily related to the obsolescence reserve), andreceivables. For example, three audit committee members described financialreporting risks and monitoring efforts:

I want to understand how we've done and apply technical knowledge to makesure we've done things correctly (e.g., new standards). I focus on properdisclosure/communication to shareholders. In terms of specific areas, there isa major focus on fraud (to never let it happen again in this company). I some-times ask myself, "Would I have caught the fraud [that occurred before thisperson's term on the board]?" The honest answer is probably not. It wouldhave required someone to step back from the details and understand thatratios/analytics that appeared okay should not have appeared okay due to whatwas happening in the industry.


Our company is merger and acquisition driven. We focus on revenue recognitionissues, tone at the top at acquired companies, and how acquired companiestreat contracts. I am very concemed about anything done to inflate earnings/revenues. I review whether the company is in compliance with EmergingIssues Task Force pronouncements on revenue recognition.


We focus on subjective areas of accounting that aifect income. I ask the auditpartner about the five most subjective areas of income determination. Examplesinclude warranty reserves, post-retirement benefits, income taxes, impairmentof long-lived assets, and joumal entries at period end.


CARVoX. 26 No. 1 (Spring 2009)

92 Contemporary Accounting Research iI

These perspectives all suggest substantive monitoring on the part of someaudit committees. |

Review of accounting policies and estimates |

Panel B of Table 6 provides information about processes performed by audit com-mittees related to their review of accounting policies and estimates, which rahgefrom extensive to minimal. Two audit committee members described their extensiveinvolvement with accounting policies; the second description may refiect a mana-gerial role for the audit committee: . . ;

TABLE 6 ' jAC process area 4: Audit coiñmittee oversight of the financial reporting process* j

Panel A: Financial reporting risks

28

Percent

Financial reporting risk areas reviewed by the audit committeeRevenue recognitionReserves

Fixed assets, including asset impairmentInventory, including obsolescence .Receivables, including allowance for doubtful accountsCritical accounting policiesLitigationManagement judgments/estimatesMergers and acquisitionsRegulatory compliance concerns .TaxesDebt, including covenants

Panel B: Accounting policies and estimates

1912

99876666

65

45,29,

21!21¡1917!1414

14'14|

1412'

Percent

76

Audit committee involvement in setting/reviewing specificaccounting policies (n = 37)

Reviews policiesNot currently involved, but would be if a major change

occurredMinimal involvement ., :

Audit committee discussion of specific judgments/estimates/assumptions involved in implementing an accounting policy(n = 31)

Yes, involvedInvolved to some extent

Audit committee review of accounts dependent on assumption/estimates (n = 11)

Audit committee reviews assumptions/management judgmentsAudit committee relies on the external auditor

72

247

92

195

7723

8218




Our review of accounting policies is extensive. We are trying to make sure thatthe message gets through that the audit committee is not tolerant of GAAPnon-compliance due to immateriality. We are looking for the right tone in thecompany and to set the right tone. We aim to set high expectations and we havean aggressive attitude in setting this tone — no sloppiness.

Mutual fund audit committee chair

The audit committee actually sets the policies and reviews them annually. Theaccounting practices and financial practices of the company are reviewed andapproved on an annual basis.


Two Others discussed their very limited role with accounting policies:

The audit committee has minimal involvement in setting and reviewing account-ing policies. The audit committee relies on the external auditor to identify areaswhere a change is needed. Also, the audit committee feels that they are only usedfor oversight. We do not have active involvement in setting these policies.


TABLE 6 (Continued)

Panel C: Alternative accounting treatments n • Percent

Audit committee discussion of alternative accountingtreatments available under GAAP (n = 30)

Always discussSometimes discussDiscussions have been held in the pastNo discussion

Does the AC ask the external auditor which treatment theywould use (n = 27)?

YesNo

Form of external auditor's communication regarding alternativetreatments (n = 30)

OralBoth oral and writtenWritten

Is management present for the discussion of alternativeaccounting treatments (n = 30)?

SometimesYesYes, followed by a separate executive session without

management 11 37



20523

243

18111

109

6717710

8911

60373

3330


TABLE 6 (Continued)

3216142

7638335

Panel D: Fraud risks n Percent

Audit committee involvement in assessing financial statement ifraud risks !

Audit committee's own actionsReliance on the extemal auditorReliance on the intemal auditorsLittle involvement

Audit committee's own actions in assessing financial statement jfraud risks !

Closely analyze reserves and other financial statement areas ¡where fraud could occur 6 14

Assess character of management 4 10Regular interaction with management 4 10Actively promote the company's hotline 3 7Actively search for fraud risks • 3 7Review officers' expenses (annually) 3 7

Assessing and monitoring management's integrity ',How does the audit committee assess management's integrity? '

Evaluate management's body language 7 17Observe management's transparency/openness, especially j

with the board and the audit committeeObserve how management reacts in pressure situationsObserve if management is defensive

Other means of assessing management's integrity . !. Whistleblower hotline 4 10

. I

Note: , . • I* The statistics in this table are based on the full group of 42 interviewees, unless' !

otherwise noted.

The audit committee's involvement in setting policies is close to zero. Man- !agement will discuss a policy and get the concurrence of the audit committee. '

NYSE audit committee chair II

Overall, there is some lack of consensus on the audit committee's role in thisarea. Many audit committees approach accounting policies with the goal of providingvigorous monitoring, while others appear to do very little, serving more of a cere-monial role by simply relying on the auditors with minimal audit committee analy-sis of the issues (also see Pomeroy 2007 for post-SOX evidence on auclitcommittee members' evaluation of accounting decisions). !

The audit committee's involvement in reviewing management estimates, judg-ments, and assumptions often is quite extensive. All of the audit cotnmittee members

II

CAR Vol. 26 No. 1 (Spring 2009) '

644

14

1010


who were asked about this indicated that they review (at least to some extent) theestimates, judgments, and assumptions involved in implementing an accountingpolicy. For those asked about reviewing specific accounts dependent on manage-ment assumptions and estimates, most indicated that this review is performed (seeGendron et al. 2004 for discussion of how audit committee members evaluate loanloss reserves by considering the mathematical formulas underlying the reserves).

. Several audit committee members described their intense efforts to monitormanagement estimates, judgments, and assumptions:

The audit committee is absolutely involved. We focus on any prior yearrestructuring reserves, particularly focusing on where we put the reversal ofany reserves. We focus on the allowance for doubtful accounts, inventoryreserves, and income/deferred income estimates. We also look at impairmentof intangibles.


We absolutely review them, but we resist temptation to think we're smarterthan management. We ask the auditor, "Do you agree? Are we too aggressive?"


The audit committee gets into lots of depth on this issue. The committee askedme [the audit committee chair] to talk with others in the company (President,CFO, Head of Sales, Real Estate) — I even visited some stores to get a sense[of] what was really going on there.


It's somewhat ad hoc. I ask for different things at different times. I like toassess the response I get — for example, did the document exist before I askedfor it? I like to see the rigor with which the original source documents wereprepared. As another example, I ask to see original journal entries that havebeen made in the reserve accounts.


Other audit committee members described a more limited, ceremonialapproach in this area (an approach that centers around audit committee reliance onothers, as opposed to audit committee evaluation of the issues):

We only discuss this if the external auditor raises this as an issue. The auditcommittee has a real dependence on the quality of the external auditor andmore dependence on the internal auditor.


We are heavily reliant on management for several estimates. We have signifi-cant estimates related to litigation, patent settlements, product liability, ... andinventory obsolescence.




If it's material the audit committee does discuss management assumptions. 'They are usually pretty short discussions, though. • , :


Involvement in reviewing altemative accounting treatments available under GAAP

As shown in panel C of Table 6, the audit committee's involvement in reviewingaltemative accounting treatments available under generally accepted accountingprinciples (GAAP) appears to be mixed. Most of the audit committee membersalways discuss with the extemal auditor altemative accounting treatments availableunder GAAP, but others do not.'^ When the audit committee discusses with theextemal auditor altemative accounting treatments available under GAAP, in mostcases the audit committee asks the extemal auditor what accounting treatment itwould have used. The auditor's responses generally are made orally, with manage-ment present for these discussions.

Audit committee members described substantive efforts in this area as follows:

Recently we had huge discussions about FASB Interpretation (FIN) No. 46.Alternatives are discussed with management, the external auditor, and theintemal auditor. The audit committee determines whether everyone is comfort-able with the choices being made. We would see one or two altematives as partof any discussion.


We ask the auditor what range of treatments is appropriate under GAAP, whatis recommended by the extemal auditor, and why there might be a differentview. We strive to get management and the extemal auditor into agreement.The audit committee serves as referee.


I look for differences between the auditor and management (this can be sig-naled by nuances in body language). I ask the auditor where the companystands relative to the conservatism or aggressiveness of other clients. This dis-cussion is driven by changes in extemal regulation. I want to know about thediscussion between management and auditors. What were the points of con-tention? These questions are asked when management and the auditor are bothpresent, and then separately when each group is alone with the audit committee.


Another audit committee member described a more ceremonial role for the auditcommittee:

The audit committee has had very limited discussions with the extemal auditorregarding altemative accounting treatments. One example dealt with classifica-tion of Income Statement items (i.e., recurring vs. non-recurring). The auditorinitiated this discussion.




Review of the risk of fraudulent flnancial reporting

Although many of the audit committee members consider assessing the risk offraudulent financial reporting to be a primary audit committee responsibility, anumber of committee members clearly are very uncomfortable with this role (seepanel D of Table 6).^^ A NYSE audit committee chair stated, "That's why we haveauditors," to indicate that the audit committee is not responsible for fraud detec-tion. Conversely, an AMEX audit committee member stated, "This is so hard. Theaudit committee is supposed to be finding fraud." Gendron and Bédard (2006) alsonote that audit cominittee chairs seem to lack confidence about their ability todetect fraud.

Several audit committee members expressed frustration with being expectedto find fraud, consistent with Spira's 2002 (79) finding that many view audit com-mittees as "powerless to prevent calculated fraud":

This is asking a hell of a lot of the audit committee. It is totally beyond thecompetency of any audit committee member to be able to sniff out fraud. Somuch of this risk relates to the people, thus you must rely on your judgmentregarding management's integrity. Management knows that the audit commit-tee is watching ^— for'example. Hook at the cars in the company's parking lot.The moment you see a Ferrari you start to worry. The guys with the big carsare the ones who get you in trouble.


AH board and audit Committee members are against fraud, but the audit cOm-mittee is not a bunch of Sherlock Holmes. Ultimately, the audit committee hasto have some level of reliance on management. The audit committee tries tohelp instill à cliniate of fcompliance and disclosure within the company.

AMEX audit committee member

The audit committee tries to stay mindful of this risk. We look at the financialstatements, and we talk tO the auditors. However, it is impossible to assessfraud risk-We rely on management to some extent. We do look for telltalesigns of problems (e.g., management abusing its privileges).


There is very little that the audit committee can do in the fraud area unless it isabsolutely glaring.


Fraud risks are not explicitly considered. The audit committee relies on theexternal auditor to do that. They are more familiar and independent.


Conversely, other audit committee members accepted responsibility for frauddetection:

CARWol 26 No. 1 (Spring 2009)


Under SOX, now the biggest issue is fraud. We are asking all sorts of questions >of internal audit and external auditors to look for certain things. The audit jcommittee looks at expense reports, loans to individuals, related party transac-tions, contracts, and agreements, particularly those related to compensationand pensions.

NYSE audit committee member :

I don't know if internal and extemal audit think it's their job to detect fraud.The job of the audit committee is to do the qualitative things to assess fraud ',risk. The audit committee tries to detect fraud through a reasonable due dili-gence process. The audit committee assesses the environment and directsresources to those areas of greatest risk. '•


The audit committee has heavy involvement in assessing the reliability of thefinancial statements. The audit committee is always assessing the integrity ofthe firm and its management. If you don't have.faith in the CEO,,the auditcommittee has a problem. . .

: • NASPAQ audit committee member '

Other audit committee members did not perceive fraud risk as a significantissue:

The audit committee is very familiar with the company, so the risk of fraud isvery low (less than 5 percent). A bigger risk is whether the estimates and judg- '•ments.made by management are correct.

NYSE audit conraiittee member

The audit committee has to assess the character of the people and determine ,the tone at the top of the organization. This is not an agenda item, but it is dis-cussed periodically in audit committee meetings. We try to read management.For example, when the audit committee asks a certain question, and there is asurprise that is revealed. The audit committee does not believe this is a largeissue for this company.


In assessing the risk of fraudulent financial reporting, most of the audit comniit-tee members rely, at least partly, on their own efforts to assess the risk of fraudulentfinancial reporting, although there was no consensus activity that audit committeesuse in this regard. In addition, many of the committee members rely heavily on theextemal and internal auditors. Overall, it appears that many audit committee mem-bers simply do not want to be responsible for detecting fraud, much as extemalauditors have attempted to avoid this responsibility for decades. Many audit com-mittee members may want to serve as vigilant monitors of management, but withincertain limits. Fraud detection is. however, beyond the limit for many.



Finally, we asked how audit committee members assess management's integrity(i.e., the tone at the top), an area of focus for audit committee chairs in Gendronand Bédard 2006. There is no consensus method used. Many audit committeemembers described their approaches to assessing integrity, along with expressingsome reservations about whether their efforts were effective:

It is important to look at the second line of management. The audit committeehas frequent opportunities to interact with these people. If something weregoing on, would these people speak up? You're never comfortable about this,though. At some point, you must believe people are honest.


The board and audit committee are very strict in monitoring and enforcingcompany policies. I know all members of management and their wives. Allmembers of management live modest lives, and they are all on their first wife.You can tell a lot about people by the way they behave. I watch how manage-ment behaves in different settings. A lot of this, though, is instinct.


Look for telltale signs that may be popping up. Spend time in executive ses-sion talking about this with both intemal and extemal auditors. Ask if they'vebeen asked to do anything that they're uncomfortable with. Also ask this ques-tion of the CFO, Controller, et cetera.


There are some companies that want aggressive/risk taking/push the envelopetype people. Skilling and Fastow weren't wolves in sheep's clothing, but werewolves in wolves' clothing.... I am constantly vigilant. You can't let yourselfassume that people will always do the right things. Vigilance for me is observ-ing how management acts in different settings. I sit in on company meetings tosee how senior management acts.


"Trust, but verify" is the motto of the audit committee. We focus on twoaspects: quantitative and qualitative. As for quantitative, we focus on the finan-cial results — are we seeing weird things with the numbers? As for qualitative,we're focusing on a litmus test — how they act, how they conduct themselves.For example, we look at how they travel on business — do they always stay atthe Four Seasons, or do they stay at a reasonable hotel? We also track anyfinancial activities between the company and personal business. We focus onhow they generally conduct themselves — how they act. We also question theauditor about anything they see along these lines.


Others emphasized the importance of helping to set the ethical tone in the

company:



I put a lot of pressure on the principal financial guys to operate with integrity. Itell them, "If you lose your integrity and you're lucky, you'll be driving a taxi.If you're not lucky, you'll be in jail."

NYSE audit committee chair ÍI

See how people react over time and under pressure. Let people know how youas a board feel about integrity. With my kids, "It's better to fail than cheat."With management, "It's better to miss the numbers than to do something we :regret." We have an element in the CEO evaluation — ethical environment. •


Overall, the approach to assessing management integrity often appears consis-tent with the agency theory view that the audit committee members are trying toprovide.effective monitoring; however, in other cases the audit committee's role inthis area is extremely limited. It is also clear that many audit committee membersare uncertain about the effectiveness of their efforts to assess integrity.

AC process area 5: Oversight of the internal and extemal audit processes

Audit committee interaction with internal audit

As shown in panel A of Table 7, audit committees frequently are involved in internalaudit hiring, compensation, and budget decisions. The audit committee typicallymeets frequently with internal audit. It appears that audit committee interactionwith internal audit has increased from pre-SOX periods (see Carcello, Hermanson,and Neal 2002; Cohen et al. 2007a), but is still very limited in some cases.

In many cases, the oversight of internal audit is shared between the audit com-mittee and management in a fairly informal, sometimes contentious manner (seeGendron and Bédard 2006). A NASDAQ audit committee chair described internalaudit's solid-line reporting to the controller and dotted-line reporting to the auditcommittee and concluded, "I'm not 100 percent happy with this." Others stated:

The audit committee hired the Chief Audit Executive from three candidates '.suggested by the CFO (mutual decision, although the audit committee didn'tpick the CFO's first choice). Firing is probably by mutual decision ("we're :hooked at the hip and no surprises"). The audit committee reviews internalaudit's budget, but not in detail (within scope approval that leads to head- ;count). The audit committee does not review internal audit compensation !except that there was discussion with the CFO to ensure that the Chief Audit \Executive gets paid about what the Controller gets.


This is in transition. Up until recently, internal audit was a function of manage- 'ment, performing mostly operational audits. Over the last two years the auditcommittee has become more involved in determining the scope of internalaudit activities. '




The relationship with intemal audit is positive — intemal audit feels comfort-able reporting to the audit committee. However, the audit committee wouldprefer a more structured agenda approach to intemal audit's report. Currently,it revolves more around the question of "Anything you want to tell us?" Thatusually leads to a lot of talking about not much. Often that isn't very informative.


The director of internal audit "technically" reports to the audit committee

chair. In reality, he reports to the CEO.NASDAQ audit committee member

TABLE 7AC process area 5: Oversight of the intemal and extemal audit processes*

Panel A: Intemal audit n Percent

AC involvement in hiring the intemal auditor (n = 21)Not involvedInvolved in decision/joint responsibility with managementRequires audit committee approval

Audit committee has hiring authority

AC involvement in firing (if needed) the intemal auditor (n = 20)Not involvedInvolved in decision/joint responsibility with managementRequires audit committee approvalAudit committee has fidng authority

AC involvement in determining compensation/budget of intemal

audit (n = 23)Not involved - .Involved in decisionAC sets the compensation/budget

Frequency of audit committee meetings with intemal audit {n = 36)Semi-annuallyQuarterlyMore than quarterlyEvery face-to-face meeting (excludes conference calls)

Every meeting

AC meets privately with intemal audit each face-to-face meeting(n = 36) 12 33

AC chair talks to intemal audit director no less frequently thanmonthly (n = 36) 5 14



25 ••

86

1685

3146

1101815

10243829

5304025

136126

32832242


TABLE 7 (Continued)

Panel B: Extemal audit n Percent

Frequency of audit committee meetings with the extemal auditorSemi-annually/quarterly 4 JQMore than quarterly 3 7

Every face-to-face meeting (excludes conference calls) 13 31Every meeting 22 52

Other aspects of communication between the AC and the extemalauditor

AC meets privately with extemal auditor at each face-to-facemeeting 14 33

AC chair talks to extemal auditor the day before board/AC

meetings (i.e., in a pre-meeting executive session) 5 12

Information gathered by the AC to evaluate audit firm qualityand effectiveness (n = 30)

Evaluates the quality of the members of the engagement team,especially the partners 13 43

Evaluates how the extemal auditors respond to AC questions/how they perform in the AC meetings 8 27

Gets input from the CEO, CFO, controller or other membersof management 7 23 •

Evaluates independence of the extemal auditor (i.e., are theytoo close to management?) 6 20

Looks at the audit firm's industry expertise 4 13Relies on the reputation of the extemal auditor/uses a

Big 4 auditor 4 J3

Reviews copies of peer review reports, results of PCAOBreviews, any regulatory action taken 4 13

Note:

The statistics in this table are based on the full group of 42 interviewees, unlessotherwise noted.

It is an uneasy alliance with neither side willing to cede authority to the other.The audit committee has pushed management very hard to beef up the intemalaudit function. The audit committee wants a direct reporting relationshipbetween intemal audit and the audit committee. Management cannot fire theChief Audit Executive without the approval of the audit committee.


Overall, there was a substantial lack of clarity in internal audit's reportingchannels. Internal auditors and audit committees each can benefit from a strongrelationship with the other party (see Spira 2002; Turley and Zaman 2007), but



there is significant potential for intemal audit's loyalties to be divided as a result ofmultiple reporting channels (i.e.. to the audit committee and management).

Meetings and other communications with extemal audit

As shown in panel B of Table 7, the extemal auditor is heavily involved in auditcommittee meetings. In addition, there often is significant contact between theaudit committee chair and the auditor outside of meetings (see Spira 2002; Turleyand Zaman 2007). One audit committee chair discussed having breakfast or dinnerwith the audit partner before each audit committee meeting. Another stated:

I have lunch with the audit partner once every two weeks during the audit —so there are three to five lunch meetings alone.


A NYSE audit committee member indicated, "The outside auditor should beyour best friend. They are the ones who are going to keep you out of trouble."

In evaluating the effectiveness of the extemal auditor, some audit committeemembers assess the quality of the engagement team members — especially thepartners assigned to the engagement — while others gather little or no informationto assess auditor performance. Although 43 percent of the audit committee mem-bers evaluate the extemal auditor by assessing the quality of the personnel assignedto the engagement, only 13 percent of the committee members rely on the reputa-tion of the audit firm and 13 percent refer to the audit firm's industry expertise.This finding is consistent with a growing body of empirical literature that finds thataudit quality is more a function of audit team characteristics than audit firm charac-teristics (e.g., Ferguson, Francis, and Stokes 2003; Francis. Reichelt, and Wang2006). Gendron et al. (2004) find that auditor competence and candor are majorconsiderations in assessing quality:

I am not sure how much difference there is between firms, but there can be bigdifferences between partners. The audit committee looks at fees, we look atfirm publications, and I talk to my friends and colleagues who have interactionwith other firms.


The audit committee is dealing with a commodity, when talking about the Big4. The variation among the partners within the firms is more important than thevariation across the firms. Partners must be abreast of recent developments,and ahead of the curve on the difficult issues. The extemal auditor must be acounterweight to management and be able to marshal the resources of the firm.


Others assess the quality of the extemal auditor by evaluating how the auditorresponds to questions from the audit committee and how representatives of theauditor perform in audit committee meetings:



We developed 30 questions to ask ourselves about the extemal auditor. Audit ;committee members think about the questions and discuss concerns with theauditor (e.g., we wanted the auditor to spend more time with the CEO and thishas happened). The audit committee chair interviews management for évalua- 'tion of the auditor. The 30 questions include responsiveness, candor, quality ofpeople, attention to the company, suggestions to the company and audit com- 1mittee, and are senior audit firm people too close to management?

NYSE audit committee chair |

Despite Cohen et al.'s 2007a finding that management is still the key driver'ofauditor selection, several interviewees indicated that the audit committee is quiteactive in selecting the new engagement partner when a partner rotates off theengagement. For example:

The audit committee meets with prospective new partners before they areassigned. The audit committee looks at fees #1 ; experience #2; and staff thatwill be working on the account #3. The audit team is more important than theaudit firm.

NYSE audit committee member !

When partner switches/rotations occurred, the firm recommended the auditpartner, and the audit committee interviewed him and agreed he would be agood partner. !

NYSE audit committee member !

We just had a change in partner (prior one got promoted). The audit committee 'told the extemal audit firm what criteria we wanted in the new paruier — andwe got that kind of person. We wanted someone with industry experience '•and who was responsive. '


We also asked about the purchase of nonaudit services ñ-om the extemal auditor.Ninety percent of the participants indicated that the company purchases nonauditservices from the auditor, although sometimes reluctantly. Tax services are by farthe most common nonaudit service purchased. However, there appears to be atrend away from using the extemal auditor for any nonaudit services, even tax ser-vices, due to concems about the appearance of a lack of independence (see Gaynor,McDaniel, and Neal 2006), which could undermine legitimacy (Spira 2002): ;

I don't think that non-audit services would actually impair the extemal auditor's 'independence, but we have basically refrained from using the extemal auditorfor non-audit services due to concems about the perceptions of extemal users.


On certain issues you can get better quality work more cheaply from the extemalauditor, but this is traded off against the risk that someone could come backand second guess you. . i


CAR Vol. 26 No. 1 (Spring 2009) i


Overall, audit committee members appear to rely quite heavily on the externalauditor, and the committee generally provides meaningful oversight of the extemalauditor. Such oversight is consistent with the spirit of SOX section 301, which spe-cifically calls for the audit committee to directly oversee the auditor.

AC process area 6: Other audit committee activities

Panels A - D of Table 8 present information on several other audit committeeactivities:

• Most audit committees benchmark their processes either formally or infor-mally against best practices (also see Gendron and Bédard 2006). Severalsources of information are used (see panel A), including seeking input fromthe extemal auditor. Such efforts to adopt best practices are consistent with iso-morphism, where audit committee practices become more similar over time ascompanies imitate each other to seek legitimacy (DiMaggio and Powell 1983).

• Most audit committees have some involvement in reviewing compliance withthe company's code of conduct (see panel B), but some have no involvementin this area.

• Audit committees largely accomplish their oversight role through their relianceon others, primarily auditors and management (see panel C). A NASDAQaudit committee chair provided this detailed description of how his committeegets comfortable with understanding the key financial reporting risks, as wellas setting a strict tone with new hires to the accounting staff:

The thing that does the most good is the analysis of the financial statements(30-40 page package) — by country, budget vs. actual, actual vs. peer group,analysis of reserves, et cetera. Visiting company sites and meeting withemployees helps. Also, I rely on questioning the extemal auditor, including thediscussion of critical accounting policies. Finally, the addition of severalformer Big 4 managers to the controller's office has helped with GAAP issues.I met with them and clearly explained that if anyone asked them to do anythinginappropriate, they'd better tell the audit committee immediately — or we'dfry them in Hell.

In addition, there are contrasting perspectives on the notion of audit commit-tees getting "comfortable" (Gendron et al. 2004; Spira 2002) with the positionthat all risks have been identified and mitigated:

The audit committee is comfortable with employees and management, andwith the extemal auditor.


The audit committee must have some degree of faith that management is set-ting the right tone and degree of integrity. The internal audit director must have


t


enough intestinal fortitude. The extemal auditor must have enough intestinalfortitude. The audit committee is uncomfortable on this dimension if there aresurprises that we were not told about ahead of time.

NYSE audit committee chair [

I don't want the audit committee to be comfortable. If we are comfortable, weare in trouble.

AMEX audit committee chair !

Are any audit committees comfortable these days? ... Stmcture and process isnot a substitute for talking to people face-to-face (do people look you in theeye or do they look at their shoes?). You can never stop talking, listening, andquestioning. ;


The audit committee gets its comfort from the extemal auditor, outside coun-sel, management, and from the audit committee members' own experiences inother companies. ' ;

AMEX audit committee member

• The audit committee members clearly are dependent on both intemal andexternal auditors in evaluating the effectiveness of intemal control over finan-cial reporting (see panel D of Table 8) (Gendron et al. (2004) also find heavyreliance on intemal audit in this regard). Although there has been much criticismof SOX section 404, a number of the audit committee members are supportive ofthe process. A NASDAQ audit committee chair stated:

404 stuff has been superb — lots of issues discovered through 404, despitehearing from the extemal auditor that controls were fine before 404. With 404,we now can identify, track, and fix intemal control problems. We keep a listingof significant deficiencies — who is responsible, timetable for remediation,and extemal auditor approval. It has been a great mechanism.

However, another NASDAQ audit committee chair stated:

404/SOX has changed everything. The good is that SOX has created a differ- ;ent tone at the top (this accounts for 90 percent of the benefit of SOX and only '5 percent of the effort). The bad is that 404 provides some benefit, but the costis way too much. We could have eliminated 80 percent of the pain and still got-ten 90 percent of the benefit. . i

As we concluded each interview, we asked the interviewees about the mostimportant thing that an audit committee can do to fulfill its responsibilities (nottabulated). Consistent with insights from previous research (Gendron et al. 2004;Gendron and Bédard 2006; Krishnamoorthy, Wright, and Cohen 2003; Spira



2002), many committee members indicated that asking good questions is the singlemost important thing that the audit comtnittee can do. One NASDAQ audit com-mittee member said that committee members should "ask tough questions, manytimes, of many people". Consistent with Kalbers and Fogarty's 1993 focus on theimportance of audit committee member willingness to act and challenge manage-ment, a NASDAQ audit committee chair said:

TABLE 8AC process area 6: Other audit committee activities*

Panel A: Benchmarking n Percent

Does the audit committee benchmark its practices against bestpractices (n = 36)?

Yes, a formal process is in placeYes, but not a formal processNoJust starting to do this

How the audit committee benchmarks its practices against bestpractices (n = 29)

Completes a self-evaluationSeeks feedback from the extemal auditorCompares AC practices to practices of other companiesHas AC members attend seminarsSeeks feedback from management, outside counsel, and

intemal auditCompares AC charter against charters of other companies in

that industry

Panel B: Code of conduct

The audit committee and the code of conductInvolvement of the AC in reviewing compliance with the code

of conductSomeHeavyBoard or other committee responsibilityNone

Examples of AC's involvement in reviewing the code ofconduct

AC reviews code of conduct, including how it iscommunicated

AC is either directly involved in receiving hotline calls or isprovided with a summary of such calls

AC chair reviews log of any violations of the code ofconduct

19872

1311

98

7

5

5322

196

453831

28

24

17

23

Percent

221181

5226192

55

19

12




TABLE 8 (Continued)

Panel C: Overall AC comfort Percent

How does the audit committee get comfortable that it understandsthe entity's key financial reporting risks?

Talk with/rely on the extemal auditorTalk with/rely on operating management, outside counselTalk with/rely on intemal auditAC follows effective processes (e.g., probing questions, active

oversight, etc.)AC understanding of the business

Panel D: Intemal controls

191512

85

453629

i1912

Percent

How does the audit committee evaluate the entity's strength ofintemal control over financial reporting?

Rely on extemal auditor 22Rely on intemal audit 21Rely on 404 work 16Rely on management 12Hire another accounting firm to assist in the process 6

5250382914

Note: ;

The statistics in this table are based on the full group of 42 interviewees, unless 'otherwise noted. !

Be prepared, diligent, well read. Constantly ask questions — be a devil's ¡advocate — have a jaundiced view. Don't get too comfortable with top man- iagement and the tone. Good communication between the board, audit commit- jtee, management, and outside advisors is key. A strong audit committee chair 'is important. j

These results, while echoing Gendron et al.'s 2004 finding that effective ques-tioning is critical, are in stark contrast to research (Cohen et al. 2002; Gibbins etial.2001; Spira 1999, 2002; Turley and Zaman 2007) finding that audit committeemembers often are not very effective or powerful questioners. However, Cohenet al. (2007a) find that auditors perceive audit committee members to be askingmore probing and difficult questions post-SOX, and Turley and Zaman (2007) high-light the importance of informal audit committee processes in inñuencing outcomes.

Beyond the importance of asking good questions, a NYSE audit committeemember noted the inñuence of the audit committee on auditor-management dis-agreements: I

The most important thing that the audit committee can do is to be responsible ifor the intemal and extemal audit functions. The single most important benefit •of SOX is the fact that it makes the audit committee responsible for these ,



functions. As a result, the extemal auditor is not a loser in a battle with man-agement. The auditors now have the ability to not cave in to management. Thisis a powerful and inexpensive change.

We also asked the audit committee members about the most important individ-ual attributes/characteristics that an audit committee member needs to possess.Many committee members indicated that a willingness to ask probing questions isthe most important trait. A NASDAQ audit committee member said that committeemembers should "regard dissension as an obligation". Another NASDAQ auditcommittee member indicated that audit committee members should possess the"ability to ask 'stupid' questions. Audit committees need people willing to askdumb questions in front of smart peers."

On balance, the interview results indicate a commitment to substantive monitor-ing, as well as many audit committee practices that appear to be quite substantive.However, we did encounter a number of responses that reflect a more ceremonialrole for the audit committee.

5. Supplemental analysesTo provide additional insight, we analyze whether there are differences in the auditcommittee members' responses or characteristics on the basis of six individual andtwo company characteristics. In Table 9, we present selected, more notable differ-ences found in these exploratory analyses.̂ O

There are several insights provided in Table 9. First, audit committee memberswho are accounting experts are more likely to have joined the audit committeepost-SOX after conducting extensive due diligence procedures.^! These audit com-mittee members also report that their audit committees are more actively involvedwith the information packet content and with accounting alternatives and estimates.In many cases, it appears that companies specifically searched for accountingexperts to serve on the audit committee post-SOX. Such accounting experts arevery careful about whose board they join and are quite active once on the auditcommittee.

Second, audit committee chairs are more likely to be accounting experts (e.g.,certified public accountants [CPAs] with public accounting experience), but alsoare more likely to have had personal ties to directors or executives before joiningthe board and are more recent entrants to the audit committee service realm. Itappears that in many organizations, the strategy for selecting an audit committeechair is to approach an accounting expert who is well known by someone on theboard or in management. Interestingly, the audit committee chairs serve on com-mittees that appear somewhat less focused on having the audit committee directlyinvolved in assessing the risk of fraudulent financial reporting.

Third, in the post-SOX environment, individuals joining audit committees aremore likely to be accounting experts (e.g., CPAs with public accounting experi-ence) who conduct extensive due diligence procedures before joining the board andwho have turned down some board opportunities. These audit committee membersare diligent in that they are more likely to carefully read audit committee materials.



These results are consistent with the spirit of SOX. Most notably, SOX promotesaudit committee financial expertise by requiring disclosure of whether at least oneaudit committee member is a financial expert, and we find that post-SOX appoint-ments to the audit committee are more likely to be accounting experts than pre-SOX appointments.

Fourth, audit committees in high litigation risk industries hold more face-to-face meetings, but engage in less contact between meetings. It is possible that thisgreater focus on formal meeting processes is driven by concerns over legal liability,

TABLE 9

Variations in selected responses by personal and company characteristics* ;

Older audit committee members (above the median age of 57 years old; « = 20):• are more likely to focus on the importance of audit committee interaction with the

extemal auditor

• are more likely to focus on the importance of audit committee diligence• are less likely to have experience as a CFO

Audit committee members who are accounting experts (n = 28):• are more likely to have joined the audit committee post-SOX• are more likely to serve on a greater number of audit committees• are more likely to have conducted numerous due diligence procedures before joining

the board• are more likely to state that their audit committee drives the content of the information

packet; always discusses alternative accounting treatments under GAAP; anddiscusses specific judgments, estimates, and assumptions involved in implementing anew accounting policy

• are less likely to have many years of board, audit committee, or audit committee chairexperience

Audit committee members currently sitting on more than one audit committee (n = 24):• are more likely to have public accounting experience and be accounting experts• are less likely to carefully read audit committee materials

Audit committee members who had prior experience with management or the companybefore joining the board (n = 20):

• are more likely to be attomeys

• are less likely to talk with board members before joining the board

Audit committee chairs (versus regular committee members) (n = 24):• are more likely to be CPAs, have public accounting experience, and be accounting

experts• are more likely to have personal ties to management or directors before joining the

board

• are less likely to have many years of board and audit committee experience• are less likely to say that their audit committee relies partly on its own actions to

assess the risk of fraudulent financial reporting




TABLE 9 (Continued)

Audit committee members who joined the audit committee post-SOX (n = 16):• are more likely to be CPAs, be accounting experts, and have public accounting

experience• are more likely to have declined a board opportunity• are more likely to have conducted numerous due diligence procedures before joining

the board and are more likely to continuously evaluate their ongoing service on theaudit committee

• are more likely to carefully read audit committee materials and are more likely toemphasize the importance of asking good questions

• are less likely to have many years of board, audit committee, or audit committee chairexperience

Audit committee members serving companies in high litigation risk industries (financialservices, Pharmaceuticals, or technology) (n =12):

• are more likely to say that their audit committee has a greater number of face-to-facemeetings each year

• are less likely to communicate frequently between meetings

Audit committee members serving NYSE companies (« = 20):• are more likely to state that their audit committee receives the pre-meeting packet

more than one week before meetings• are more likely to state that their audit conunittee reviews management's assumptions

related to accounts that are dependent on assumptions or estimates (compared withrelying on the extemal auditor or having no involvement)

• are less likely to have conducted numerous due diligence procedures before joiningthe board

• are less likely to be CPAs, be accounting experts, and have public accountingexperience

Note:

* All differences reflect p-values S 0.10, two-tailed.

where the audit committee seeks to make the audit committee process as formaland extemally legitimate as possible.

Finally, audit committee members serving NYSE companies (as opposed toNASDAQ or AMEX companies) receive their information packets earlier and aremore involved in assessing management estimates and assumptions. These auditcommittee members also are less focused on performing due diligence proceduresbefore joining the board (possibly due to the large, well-established companiesinvolved) and are less likely to be accounting experts (e.g., CPAs with publicaccounting experience).

6. Discussion and conclusion

This study makes three main contributions to the academic literature. First, we pro-vide detailed insights into audit conunittee processes at 42 U.S. public companies

CAR Vol 26 No. 1 (Spring 2009)


in the post-SOX environment. As a result, researchers can better understand whathappens in the boardroom in the post-SOX environment, and several opportunitiesfor future research are revealed (see below). Second, the study extends, and in somecases confirms, previous research on the audit committee process (Cohen et al.2002, 2007a; Gendron et al. 2004; Gendron and Bédard 2006; Spira 1999, 2002;Turley and Zaman 2007). The confirmation of earlier research results is notable,because previous researchers have often examined audit committee processes out-side the United States (i.e., in Canada and the United Kingdom). Finally, from atheoretical perspective, while most of the audit committee members we inter-viewed appeared committed to substantive monitoring of financial reporting, ourinterviews reveal a wide range of audit committee practices and attitudes. Becauseof the mix of substantive and ceremonial practices (which, overall, are weightedmore toward substantive oversight), it appears that neither agency theory nor insti-tutional theory fully explains our results, as is the case in Kalbers and Fogarty 1998and Nicholson and Kiel 2007. Accordingly, we believe that additional theoreticalwork should further examine the role of the audit committee.

Our results can be viewed in the context of earlier governance frameworks.First, Cohen et al. (2004) describe the central parties in the corporate governancemosaic as the audit committee, intemal auditor, extemal auditor, management,; andthe board. In many cases, we find evidence of frequent, meaningful interactionsamong these parties. Such interaction appears to be critical to effective audit com-mittee oversight. In addition, DeZoort et al. (2002) assert that audit committeeeffectiveness is a function of audit committee composition, authority, resources,and diligence. Our interviews reveal that financial expertise (composition) isreceiving a great deal of attention in the post-SOX environment. In addition, someof the interviews highlight the importance of the audit committee asserting itsauthority (e.g., to tmly oversee the extemal or intemal auditor), having access tokey intemal and extemal parties (resources), and spending the.time to fully reviewinformation (diligence). Overall, we believe that the substantive audit committeeprocesses presented in the paper fit into previous governance frameworks in theacademic literature quite well.

Our study is subject to certain limitations. First, our participant group isconvenience-based and may reflect more active and engaged audit committeemembers than is typical. This limits the extent to which our results necessarily gen-eralize to all U.S. public companies. Second, we cannot be certain that the auditcommittee members were always candid in their responses. However, we believethis risk is quite low. There is substantial variability among our respondents in allsix process areas, and the quotes included throughout the paper speak to the levelof candor that was evident throughout the interview process. Third, given the tense,almost fearful, nature of the U.S. corporate govemance environment in the imme-diate post-SOX period, we deemed it infeasible to tape record the interviews (seeNicholson and Kiel 2007 for a similar approach) and provide exact quotes from theinterviewees. However, we took extensive steps to ensure that we accurately cap-tured, transcribed, coded, and analyzed the information received from the auditcommittee members, and we did not find the note-taking process to be difficult. We



do not believe that the study's conclusions have been affected by our data collec-tion method.

We encourage research on four broad issues related to audit committees. First,Kalbers and Fogarty (1998) encourage efforts to combine elements of agency theoryand institutional theory to promote our understanding of the audit committee, andwe echo this recommendation. In our view, much of the tension between a substan-tive versus ceremonial role for the audit committee derives from management'sattitude about governance and monitoring. Many of our interviewees indicated thatthey carefully assess management's commitment to governance as they evaluatepotential board opportunities. The audit committee members' goal is to avoid asso-ciating with managers who want the board and audit committee to be ceremonial.If management and the other directors take governance seriously, then there is sig-nificant potential for the audit committee to function as an effective, independentmonitor through its formal and informal processes. Conversely, if managementdoes not take governance seriously, then it may be difficult to attract vigilant boardmembers, such that the audit committee's role is primarily ceremonial and builtaround over-reliance on management. We encourage additional research and theorydevelopment on the role of management's attitude toward governance in influenc-ing the substance of governance processes.

Second, our study represents a positivist approach to the audit committeeprocess, in which we generalize results across contexts and attempt to identify theprevailing reality and its correspondence to a particular theory. This approach is incontrast to such studies as Gendron and Bédard 2006 (212) that use a socialconstructivist approach, "predicated on the point of view that 'reality' is sociallyconstructed and that the main task of social scientists consists of analyzing the pro-cess by which perceptions of reality develop". We encourage additional researchand theory development using a variety of approaches.

Third, our results are consistent with previous studies highlighting the impor-tance of informal interactions and communications in accomplishing the auditcommittee's objectives (Gendron and Bédard 2006; Spira 2002; Turley and Zaman2007). and we find significant variability in audit committee processes. We encour-age additional researcb on the relation between audit committee formal and informalprocesses and financial reporting and governance outcomes. Of particular impor-tance is whether variations in process are associated with variations in financialreporting and governance outcomes, above and beyond previously documentedrelations between audit committee characteristics and financial reporting outcomes.

Finally, our study examines audit committee practices as of 2004-5, but wecannot rigorously assess changes in audit committee processes over time. Longitu-dinal research on audit committee processes could provide important insights intoaudit committee isomorphism, specifically to what extent audit committee pro-cesses are becoming more homogeneous over time, and if so, why this occurs.

Beyond research on these four broad issues, we encourage additional researchon certain audit committee process areas that we examine in this study. First, ourresults suggest that some audit committee members look to intemal and extemalauditors as having primary responsibility for fraud prevention and detection.

CAR Vol 26 No. 1 (Spring 2009)


Research may be needed to determine whether this view of delegated fraud over-sight impacts audit committee effectiveness. Also, more research is needed tounderstand what factors improve an audit committee's ability to identify andrespond to high-risk fraud conditions. Although prior research documents aninverse association between the independence of audit committees and financialreporting problems (e.g., Abbott et al. 2004), little is known about specific auditcommittee procedures (e.g., brainstorming — American Institute of Certified Pub-lic Accountants [AICPA] 2005) that might help the audit committee to identifyhigh-fraud risk conditions. '•

Second, more research is needed to identify whether there are behavioral char-acteristics observable by audit committees that might signal a lack of managementintegrity. Research is needed to identify whether certain personal characteristics,training, or backgrounds could increase an audit committee member's ability toidentify deficient management integrity.

Finally, our results highlight the often nebulous, informal nature of internalaudit oversight by the audit committee and management (i.e., intemal audit is over-seen by two parties). Research is needed to examine the effects of various internalaudit oversight arrangements on the audit committee's effectiveness and access toobjective information about company risks and controls.

In addition to the research implications highlighted by our results, there; aremany aspects of the audit committee process that remain to be examined usinginterview-based research. Among the research questions that could be addressed infuture studies are the following: (a) How broadly do audit committee membersdefine their financial reporting oversight responsibilities (e.g., with respect to eam-ings guidance and other communications with the investment community)?(b) What processes do audit committee members use to evaluate intemal controlmaterial weaknesses and related remediation efforts? (c) What steps do audit com-mittee members take to resolve auditor-management accounting disagreements?and (d) How do audit committee members evaluate the efforts (audit scope) ofextemal and intemal auditors?22

The role and responsibilities of the audit committee have expanded draniati-cally in this decade, and a small body of research is emerging that examines: theprocesses audit committees use to monitor the financial reporting process. We hopethat our results will provide researchers with useful insights and will prompt addi-tional research and theory development. r



Appendix: Research questions in audit committee process areas

Process area 1: Acceptance and continuance due diligence processes

RQ #1 What steps do directors take before agreeing to join a company's boardand before agreeing to remain on a board?

RQ #2 Why would a director decline to serve on a board or leave an existingboard?

Process area 2: Selection of audit committee nominees

RQ #3 How are directors identified to serve on a corporate board, and why arethey asked to join the audit committee?

Process area 3: Audit committee meeting processes

RQ #4 How often do audit committees meet, for how long, and which groupsare included in meetings?

RQ #5 How, when, and by whom are the agendas for audit committee meetingsprepared?

RQ#6 Who determines the information included in the information packetreceived before committee meetings, when is the information packetreceived, what information is included in the packet, how do audit com-mittee members review the information, and what are they looking for asthey review the infonnation?

RQ #7 What types of information do audit committee members receive betweenmeetings, from whom is this information received, and how often isinformation received?

Process area 4: Audit committee oversight of the financial reporting process

RQ #8 What financial reporting risk areas are reviewed by the audit committee?RQ #9 What is the nature of the audit committee's involvement in reviewing the

compatiy's accounting policies and accounting estimates/judgments/assumptions?

RQ#10 What is the nature of the audit committee's involvement in reviewingalternative accounting treatments available under GAAP?

RQ #11 How does the audit committee assess the risk of fraudulent financialreporting, including how it assesses management's integrity and inter-acts with the internal and extemal auditors in making this assessment?

Process area 5: Oversight of the internal and external audit processes

RQ#12 What is the nature of the audit committee's interaction with internalaudit (hiring and firing authority, setting budgets and scope of work,reporting relationships, and meeting frequency and type)?

RQ #13 What is the nature of meetings and other communications between theaudit committee and the extemal auditor?

RQ #14 What types of purchases of nonaudit services are approved by the auditcommittee, what factors are considered by the committee before approving



the purchase of nonaudit services, and are there any allowable nonauditservices that the audit committee would not purchase?

Process area 6: Other audit committee activities

RQ #15 How, and to what extent, does the audit committee benchmark its practicesagainst "best practices"?

RQ #16 How, and to what extent, is the audit committee involved in reviewingthe company's code of conduct?

RQ#17 On an overall basis, how comfortable is the audit committee that itunderstands the company's key financial reporting risks? ]

RQ #18 How do audit committee members evaluate the strength of intemal control?RQ #19 What do audit committee members view as their most important task in

fulfilling their responsibilities?RQ #20 What do audit committee members view as the most important personal

attribute/characteristic needed to be an effective audit committee member?

Endnotes

1. Resource dependence theory does not appear to be consistent with the auditcommittee's monitoring role under SOX, and it is unlikely that stewardship theory isconsistent with audit committee skepticism. Also, in the post-SOX era, it is unlikelythat managerial hegemony is the prevailing view of audit committees, although thistheory is similar to institutional theory in some respects.

2. Similarly, Gibbins, Salterio, and Webb (2001) report that auditors perceive that auditcommittee quality varies widely across companies.

3. KPMG (2003b) identifies the following elements of the audit committee process:(a) audit committee organization and operation, (b) risk assessment, (c) intemal controlover financial reporting, (d) audit processes, (e) financial reporting, (f ) continuous'improvement, and (g) audit committee reporting.

4. Some of our interview questions were suggested by Doug Carmichael and Tom Ray,the former chief auditor and current chief auditor, respectively, of the Public CompanyAccounting Oversight Board. These questions were added to our script in August 2004and were asked of 31 of the interviewees.

5. One person had just retired from audit committee service prior to the interview, andone interviewee served on the audit committee of a mutual fund, which is subject toSEC regulation.

6. Given the method used to contact potential interviewees, it is not possible to detemiinehow many people were invited to participate, but chose not to do so. Eor example, twochapters of professional organizations solicited volunteers from their membership, butwe do not know how many audit committee members were contacted (or exactly howmany audit committee members are in the chapters). In terms of one-on-oneinvitations, the vast majority of individuals agreed to the interview. We do not haveclose personal or business ties to any of the interviewees.

7. Although in-person interviews might be preferable, it was prohibitively costly to travelto each city to interview every audit committee member. We believe that the nature ofthe responses we received from the interviews conducted by phone was similar to that



of the responses received from the interviews conducted in person. Conductingapproximately 50 percent of our interviews by phone is consistent with the existingliterature. For example, Graham et al. (2005) conducted 70 percent of their interviewswith CFOs by phone.

8. Seven of our 42 interviews were conducted solely by one of the authors. This wassometimes due to an earlier interview running much longer than expected, such thatonly one author was available to start the next interview.

9. In cases where a graduate student was used to create our second set of interview notes,the author present at the interview reread the typed notes to ensure that they wereconsistent with the handwritten notes taken during the interview by the graduatestudent.

10. Per Gibbins et al. 1990, a word or phrase is significant if it succinctly captures aspectsof audit committee processes, outcomes, or behaviors.

11. The Kappa statistic recognizes that some portion of the overall agreement percentagecould be due to chance. The Kappa statistic rescales the overall agreementpercentage to range from zero to one, such that the statistic equals zero when theoverall agreement percentage equals the expected agreement percentage (i.e., due tochance), and the statistic equals one when the overall agreement percentage is 100percent (Cohen 1960).

12. Our interviewee group is obviously>choice- (convenience-) based and may include aself-selection of more engaged audit committee members. As a result, and given thesubstantial expertise in accounting and finance possessed by the interviewees, ourresponses may represent what some might view as "best practices" for audit committeeoversight of the financial reporting process. Studies using randomly selected auditcommittee members may find fewer or less detailed activities being performed.

13. Throughout the paper, we present "quotations" from audit committee members. Givenour method (no tape-recording), these quotations are careful paraphrases of theinterviewees' exact words. Thirty-nine of the 42 interviewees are represented in thequotations.

14. Access to corporate boards through personal relationships with senior members of firmmanagement has been common in the past (Lorsch and Maclver 1989). It is importantto note that 26 of the 42 interviewees were identified to serve on the audit committeebefore the recent govemance reforms (e.g., SOX). Gendron and Bédard (2006) alsofind concerns regarding audit committee members' true independence.

15. Of the 28 individuals in Table 4 who were appointed to the audit committee as a resultof their financial expertise, 26 (93 percent) joined the board and audit committee at thesame time. This suggests that these directors were specifically targeted for auditcommittee service.

16. Cohen et al. (2007a) document a marked increase in audit committee meetings with theauditor pre-SOX versus post-SOX.

17. We conduct exploratory analyses to examine the relation between (a) the extensivenessof meeting packet review and (b) audit committee members' prior experience withcompany management and other board members. The extensiveness of review ismeasured as high (low) if the level of review performed by the audit committeemember of the pre-meeting information packet is above (below) the median (on the

CAR Wo\. 26 No. 1 (Spring 2009)


basis of the number of items the audit committee member does or looks for whenreviewing the packet). Results indicate that audit committee members who have priorexperience with company management are less likely to engage in extensive review(p = 0.06), while those members with prior experience with other board members aremore likely to engage in extensive review (p < 0.01). '

18. The extemal auditor is required to discuss with the audit committee alternativeaccounting treatments available under GAAP that have been discussed with ;management, including the ramifications of the use of such alternative treatments andthe treatment preferred by the accounting firm (SEC 2003). It is possible that the :auditor did not discuss alternative accounting treatments available under GAAP withmanagement for most, if not all, of those companies where the audit committee did notdiscuss this issue with the extemal auditor.

19. Beyond adhering to directors' fiduciary responsibilities, the audit committee'sregulatory duty to detect fraud is not well specified. SOX (2002) does not specificallycharge the audit committee with fraud detection, but audit committee members andother directors can be sued or sanctioned by the SEC in cases of negligence (or moreserious departures from expected behavior).

20. In presenting these results, we are caufious when mixing personal traits and companypractices. For example, we find that older interviewees serve on audit committees thatset the meeting agenda earlier; however, we question whether this result is meaningful.Thus, when analyzing variations based on personal characteristics, we tend to focus onresponses in process areas 1 and 2, as well as on demographic variables. Whenanalyzing differences based on company characteristics, we tend to focus on processareas 3 through 6. Also, we caution the reader that the interviewees are classified intogroups based only on the one company that served as the basis for their responses.Thus, there are cases, for example, in which an interviewee is classified as NYSE(because the one company serving as the basis for the responses is NYSE), but theperson also serves on a NASDAQ audit committee.

21. Within the group of accounting experts, those with auditing expertise generallyprovided similar responses to those without auditing expertise.

22. We thank Larry Abbott for these suggestions.

References

Abbott, L. J., S. Parker, and G. F. Peters. 2004. Audit committee characteristics andrestatements. Auditing: A Journal of Practice & Theory 23 (1): 69-87.

Agrawal, A., and S. Chadha. 2005. Corporate govemance and accounting scandals. Journalof Law and Economics 48 (2): 371-406.

Ahrens, T., and C. S. Chapman. 2006. Doing qualitative field research in management.accounting: Positioning data to contribute to theory. Accounting, Organizations andSoc/eO'31 (8): 819-41.

American Institute of Certified Public Accountants (AICPA). 2005. Management overrideof intemal controls: The Achilles' heel of fraud prevention. New York: AICPA.

Barreto, I., and C. Baden-Fuller. 2006. To conform or to perform? Mimetic behavior,legitimacy-based groups and performance consequences. Journal of ManagementStudies A3 (1): 1559-81.



Batson, N. 2003. Final report of Neal Batson, court-appointed examiner in re: Enron Corp.(Chapter 11 case no. 01-16034) (November).

Beasley, M. S., J. V. Carcello, D. R. Hermanson, and P. D. Lapides. 2000. Fraudulentfinancial reporting: Consideration of industry traits and corporate govemancemechanisms. Accounting Horizons 14 (4): 441-54.

Bédard, J., S. M. Chtourou, and L. Courteau. 2004. The effect of audit committee expertise,independence, and activity on aggressive eamings management. Auditing: A Journal ofPractice & Theory 23 (2): 13-35.

Blue Rihbon Committee (BRC). 1999. Report and recommendations of the Blue RibbonCommittee on Improving the Effectiveness of Corporate Audit Committees. New York:

BRC.Breeden, R. C. 2003. Restoring trust. Report to the Honorable Jed S. Rakoff — The United

States District Court for the Southern District of New York — on corporate govemance

for the future of MCI, Inc., August.Carcello, J. V., D. R. Hermanson, and T. L. Neal. 2002. Disclosures in audit committee

charters and reports. Accounting Horizons 16 (4): 291-304.Carcello, J. V., and T. L. Neal. 2000. Audit committee composition and auditor reporting.

The Accounting Review 75 (4): 453-67.Carcello, J. V., and T. L. Neal. 2003. Audit committee characteristics and auditor dismissals

following "new" going-concem reports. The Accounting Review 1% (1): 95-117.Cohen, J. 1960. A coefficient of agreement for nominal scales. Educational and

Psychological Measurement 20 (1): 37-46.Cohen, J., G. Krishnamoorthy, and A. M. Wright. 2002. Corporate govemance and the audit

process. Contemporary Accounting Research 19 (4): 573-94.Cohen, J., G. Krishamoorthy, and A. M. Wright. 2004. The corporate govemance mosaic

and financial reporting quality. Journal of Accounting Literature 23: 87-152.Cohen, J., G. Krishnamoorthy, and A. M. Wright. 2007a. Corporate govemance and the

audit process in the post Sarbanes-Oxley era: Do auditors perceive substantivechanges? Working paper, Boston College.

Cohen, J., G. Krishnamoorthy, and A. M. Wright. 2007b. Form versus substance: Theimplications for auditing practice and research of altemative perspectives on corporategovemance. Working paper, Boston College.

Cohen, J., G. Krishnamoorthy, and A. M. Wright. 2007c. The impact of roles of the board onauditors' risk assessments and program planning decisions. Auditing: A Journal ofPractice & Theory 26 (1): 91-112.

Cooper, D. J., and W. Morgan. 2008. Case study research in accounting. AccountingHorizons 22 (2): 159-78.

Dacin, M. T. 1997. Isomorphism in context: The power and prescription of institutionalnorms. Academy of Management Journal 40 (1): 46-81.

DeFond, M. L., R. N. Hann, and X. Hu. 2005. Does the market value financial expertise onaudit committees of boards of directors? Journal of Accounting Research 43 (2): 153-93.

DeZoort, F. T, D. R. Hermanson, D. Archambeault, and S. Reed. 2002. Audit committeeeffectiveness: A synthesis of the empirical audit committee literature. Journal ofAccounting Literature 21: 38-75.

CARYoX. 26 No. 1 (Spring 2009)


DeZoort, F. T., D. R. Hermanson, and R. W. Houston. 2008. Audit committee membersupport for proposed audit adjustments: Pre-SOX versus post-SOX judgments.Auditing: A Journal of Practice & Theory 27 (1): 85-104.

DiMaggio, P. J., and W. W. Powell. 1983. The iron cage revisited: Institutional isomorphismand collective rationality in organizational fields. American Sociological Review48 (2): 147-60.

Fama, E. F., and M. C. Jensen. 1983. Separation of ownership and control. Journal of Lawand Economics 26 (2): 301 -25.

Ferguson, A., J. R. Francis, and D. J. Stokes. 2003. The effects of firm-wide and office-levelindustry expertise on audit pricing. The Accounting Review 78 (2): 429-48. '

Fogarty, T. J., and R. K. Rogers. 2005. Financial analysts' reports: An extended institutionaltheory perspective. Accounting, Organizations and Society 30 (4): 331 -56.

Francis, J. R., K. Reichelt, and D. Wang. 2006. National versus office-specific measures ofauditor industry expertise and effects on client eamings quality. Working paper, 'University of Missouri.

Gaynor, L. M., L. S. McDaniel, and T L. Neal. 2006. The effects of joint provision anddisclosure of non-audit services on audit committee members' decisions and investors'preferences. The Accounting Review 81 (4): 873-96.

Gendron, Y., and J. Bédard. 2006. On the constitution of audit committee effectiveness.Accounting, Organizations and Society 31 (3): 211-39.

Gendron, Y., J. Bédard, and M. Gosselin. 2004. Getting inside the black box: A field studyof practices in "effective" audit committees. Auditing: A Journal of Practice & Theory

23(1): 153-71.Gibbins, M., A. Richardson, and J. Waterhouse. 1990. The management of corporate

financial disclosures: Opportunism, ritualism, policies, and processes. Journal ofAccounting Research 28 (1): 121-43.

Gibbins, M., S. Salterio, and A. Webb. 2001. Evidence about auditor-client managementnegotiations concerning clients' financial reporting. Journal of Accounting Research39 (3): 535-63.

Graham, J. R., C. R. Harvey, and S. Rajgopal. 2005. The economic implications ofcorporate financial reporting. Journal of Accounting and Economics 40 (1-3): 3-73.

Hirst, D. E., and L. Koonce. 1996. Audit analytical procedures: A field investigation.Contemporary Accounting Research 13 (2): 457-86.

Jensen, M. C, and W. H. Meckling. 1976. Theory of the firm: Managerial behavior, agencycosts, and ownership structure. Journal of Einancial Economics 3 (4): 305-60.

Kalbers, L. P., and T. J. Fogarty. 1993. Audit committee effectiveness: An empiricalinvestigation of the contribution of power. Auditing: A Journal of Practice & Theory12(1): 24-49.

Kalbers, L. P., and T. J. Fogarty. 1998. Organizational and economic explanations of auditcommittee oversight. Journal of Managerial Issues 10 (2): 129-50.

Klein, A. 2002. Audit committee, board of director characteristics, and eamingsmanagement. Journal of Accounting and Economics 33 (3): 375-400.

KPMG Audit Committee Institute. 2003a. Audit Committee Quarterly (Fall). Montvale, NJ:KPMG.



KPMG Audit Committee Institute. 2003b. Building a framework for effective audit

committee oversight. Montvale, NJ: KPMG.Krishnamoorthy, G., A. Wright, and J. Cohen. 2003. Audit committee effectiveness and

financial reporting quality: Implications for auditor independence. Australian

Accounting Review 13 (29): 3-13. 'Levitt, A. 2000. Remarks before the conference on the rise and effectiveness of new

corporate govemance standards. Federal Reserve Bank of New York,December 12.

Lorsch, J. W., and E. Maclver. 1989. Pawns or potentates: The reality of America'scorporate boards. Boston: Harvard Business School Press.

National Association of Corporate Directors (NACD). 1996. Report of the NACD BlueRibbon Commission on Director Professionalism. Washington, DC: NACD.

New York Stock Exchange (NYSE). 2004. NYSE corporate govemance rules (section303A). New York: NYSE.

Nicholson, G. J., and G. C. Kiel. 2007. Can directors impact performance? A case-based testof three theories of corporate govemance. Corporate Govemance: An IntemationalReview 15 (4): 585-608.

Paris, G. A., G. W. Savage, and R. G. H. Seitz. 2004. Report of the investigation by theSpecial Committee of the Board of Directors of Hollinger Intemational Inc. (Parisreport) Greenwich, CT: Richard C. Breeden & Co.

Patton, M. W. 1990. Qualitative evaluation and research methods, 2nd ed. Newbury Park,CA: Sage Publications.

Pomeroy, B. 2007. Audit committee member investigation of significant accountingdecisions. Working paper. University of Alberta.

Salterio, S. E., and R. A. Denham. 1997. Accounting consultation units: An organizationalmemory analysis. Contemporary Accounting Research 14 (4): 669-91.

Sarbanes-Oxley Act (SOX) of 2002. 2002. Public L. no. 107-204, 116 Stat. 745.Scheid-Cook, T. L. 1990. Ritual conformity and organizational control: Loose coupling or

professionalization? Joumal of Applied Behavioral Science 26 (2): 183-99.Scott, W. R. 1987. The adolescence of institutional theory. Administrative Science Quarterly

32 (4): 493-511.Securities and Exchange Commission (SEC). 2003. Final rule: Standards relating to listed

company audit committees. Release 33-8220.Spira, L. F. 1999. Ceremonies of govemance: Perspectives on the role of the audit

committee. Joumal of Management and Govemance 3 (3): 231 -60.Spira, L. F. 2002. The audit committee: Performing corporate govemance. London: Kluwer

Academic Publishers.Srinivasan, S. 2005. Consequences of financial reporting failure for outside directors:

Evidence from accounting restatements and audit committee members. Joumal ofAccounting Research 43 (2): 291-334.

Turley, S., and M. Zaman. 2004. The corporate govemance effects of audit committees.Joumal of Management and Govemance 8 (3): 305-32.

Turley, S., and M. Zaman. 2007. Audit committee effectiveness: Informal processes andbehavioral effects. Accounting, Auditing and Accountability Joumal 20 (5): 765-88.

eARVol 26 No. 1 (Spring 2009)

122 Contemporary Accounting Research. . i

United States v. Conrad Black, John Boultbee, Peter Atkinson, and Mark Kipnis {Hollingercase). 2007. Case no. 05 CR 727 — 1, 2, 3, 5. United States District Court, NorthernDistrict of Illinois. . ., • j

Veasey, E. N. 2005. A perspective on liability risks to directors in light of current events.Insights: The Corporate & Securities Law Advisor 19 (2): 9-16. |


the audit cotnmittee oversight process* · 2010-05-05 · the audit cotnmittee oversight process*...

Documents