What We Do
Ethics Reporting
Case Management
Ethics Education
Markets Served
About Us
Contact Us
Press Room


    "A good reputation is more valuable than money."

    Publilius Syrus
    100 B.C.

Does Risk Belong on the Audit Committee Workload?


As risk management becomes more of a priority for boards, nearly half of audit committee members in a recent survey are concerned that they’ve assumed too much responsibility for risk oversight, according to a study by KPMG’s Audit Committee Institute.

Several companies are trying to lighten the load that audit committee members feel. Rather than leave the task of enterprise risk management with the audit committees, they’ve handed it to separate committees. Surprisingly, how ever, many audit committee directors say risk management should remain in their control, although with the full board looking over their shoulders.

“Risk is the responsibility, ultimately, of the whole board,” says Alice Peterson, chairman of the audit committees at Hanesbrands and Williams Partners. “I don’t see the need for [special ERM committees]. But even if [ERM] is pulled out and handled separately, it should hold a key place on the agenda of the audit committee meetings.”

Another director concurs. “I’m comfortable with the audit committee being responsible,” says Dan Kearney, who sits on the audit committee at MGIC Investment and on the credit risk committee at MBIA. “You don’t want too many committees or pretty soon nobody’s accountable.”

Indeed, most boards have dumped responsibility for ERM onto audit committees in order to comply with Sarbanes-Oxley. For instance, the audit committee at Aflac has six stated functions, according to its proxy filed in March. One of them is “to review and monitor the adequacy of enterprise risk management activities of the company.”

The listing requirements for the NYSE mandate that while risk management is the job of the CEO, the audit committee has to review the company’s major financial risks and assess the steps that management is taking to address them. Now that oversight is becoming even more burdensome due to fears that the roiling credit crisis could spread.

Many respondents to the KPMG survey said overloaded agendas, compliance activities and inadequate communication with the board may be hampering audit committees’ effectiveness.

A few companies are trying to ease the strain. Almost 5% of public company board members surveyed said their boards have standing risk oversight committees, according to preliminary data from a survey by the National Association of Corporate Directors. Most of these, however, address specific types of risk such as credit risk, not the full panoply of risks that ERM should address.

For example, Kearney says the MGIC risk committee is only charged with screening risk to the company’s core business, insuring mortgages.

On the other hand, a small number of companies — including Applied Micro Circuits (AMC), King Pharmaceuticals and CA (formerly Computer Associates) — have designed committees especially to monitor the entire suite of risks at their companies. They call these ERM committees.

For two and a half years, the ERM committee at Applied Micro Circuits gauged risk management across 11 subsets. AMC managers assessed the company’s risks in sharp detail and presented a less detailed summary to the full board each year.

Last month, after deciding the ERM committee had set up a smooth risk assessment process that senior managers can successfully run, the board at AMC dissolved the committee.

The CFO at AMC emphasizes that neither the board nor the audit committee members are walking away.

Although AMC management is now responsible for ERM, the full board will review that periodically, says CFO Bob Gargus. “If the board is comfortable that management is doing the work properly, [it] may pass approval. If not, [it] may send them back to the drawing board.”

One academic who consults for companies and the SEC does advocate for special risk committees.

Parveen Gupta, the chair of the accounting department at Lehigh University, says boards at accelerated-filer companies should not require audit committees to take on ERM oversight. Separate committees should oversee ERM, Gupta says, because the crushing burden on audit committees poses a risk to reliable financial reporting. At non-accelerated-filer companies, however, Gupta recommends for the entire board to be responsible.

Yet Peterson, the audit chair at Hanesbrands and Williams Partners, disagrees. She recommends that the full board look at the company’s key risks every year and assure that management has assigned an individual to be accountable for managing and mitigating each key risk. Peterson urges boards to have internal audit people compile the risk list. She also finds when the full board chews on risk together it also discovers non-auditable risks in strategy and operations.

In essence, all of the directors who were interviewed are proponents of board-wide monitoring of enterprise risk management.

“In certain circumstances, a separate committee makes sense. But overall, ERM is something the full board needs to consider,” says Charles Elson, who directs the center for corporate governance at the University of Delaware and is a board member at AutoZone and HealthSouth. “To shove it to a separate committee denigrates its importance for all of the directors.”


Visit Agenda at www.agendaweek.com.
Get a highly effective employee reporting, helpline and case management system.
Know More>>
 
Same great service
for small companies.
Know More>>
 
©2005 SYRUS GLOBAL. All rights reserved. Legal Notice | Confidentiality Policy | Site Map