Evolving board dynamics: Are audit committee chairs becoming the ‘super CFOs’?
Audit committee roles have been rapidly evolving and increasingly onerous—driven by SEBI, the Companies Act, and NFRA. In fact, in some areas like Related Party Transactions and, recently, KPIs disclosed in DRHPs, the law requires specific audit committee approval. This is leading to a number of discussions amongst independent directors—are lines blurring between Doing, Approval, and Oversight? Adding to this conundrum are the new areas which constantly keep getting onto the Audit Committee focus areas—Cybersecurity, ESG et al.
Oversight on Audit Quality is really among the most important functions of the Audit Committee. Here, the engagement between Management (in particular the CEO and the CFO), the Statutory Auditors, the Internal Auditors, and the other Board members of the company is critical. The prime responsibility of the controls and the financial accounts rests with the CEO and the CFO. It culminates in the certification of the CEO and CFO. In reviewing the certificate, the audit committee relies on the three lines of defense.
The first line of defense focuses on the lowest logical unit of a company (in a hotel company, for instance, this is the Hotel Unit). At the trenches, we want systems, processes, and attitudes that are self-diagnostic and self-correcting. You can't keep sending a team from HO to check all the time that things are okay. The second line of defense (which is usually below the CEO/CFO) is responsible for overseeing the work done at the lowest logical level. The quality of this supervision is critical to provide comfort to the CEO and the CFO. The third line of defense is the Internal Audit.
The Statutory Auditor also relies on the three lines of defense. In addition to the CEO/CFO certification given to the Board, the Auditor also relies on the management representation letter—these represent many assertions that the CEO and CFO provide to the auditors. The Audit Committee must ensure the three lines of defense are effective by carefully reviewing the Management Letter to confirm consistency with these defenses.
Being an independent director, and that too on an audit committee, is a serious job. The interactions among the company management, statutory auditors, internal auditors, and the audit committee are now proving to be of utmost importance. Ultimately, great audit quality ensures trust from investors and regulators.
