Talking sense about the Audit Committee

I am tired of seeing nonsense written about the responsibilities of the audit committee when it comes to their oversight of risk, especially cyber risk. The latest (members-only, which may be a relief) is from Compliance Week; it says the audit committee must have an in-depth understanding of cyber risk – and pays no attention to whether a breach might affect either the integrity of the financial statements or the achievement of enterprise objectives. It also confuses the roles of management and the board.

McKinsey has a far better article, but still misses the mark.

It’s time to go back to basics!

What are the responsibilities of the audit committee of the board?

In 2018, Deloitte published a sample audit committee charter designed for US public companies. It said that:

The audit committee is established by and among the board of directors for the primary purpose of assisting the board in:

• Overseeing the integrity of the company’s financial statements [NYSE Corporate Governance Rule 303A.07(b)(i)(A)] and the company’s accounting and financial reporting processes and financial statement audits [NASDAQ Corporate Governance Rule 5605(c)(1)(C)] • Overseeing the company’s compliance with…