Methodology — WhatWhoHowDo™
The Board Benchmarking methodology is based on the unique WhatWhoHowDo Framework, designed by a world leader in corporate governance and board effectiveness. The WhatWhoHowDo Framework was created after many years of interviewing hundreds of directors around the globe and internally observing dozens of boards in action.
Each element of the WhatWhoHowDo Framework is explained below:
“What” — Committee structure and role clarity
The “What” describes the scope of the audit committee’s responsibilities.
Most importantly, the “What” sets out the “road-map” or “rule-book” for proper corporate governance. This component of the framework considers the extent of the documentation of roles and responsibilities of an organisation’s audit committee, the committee chair and individual committee members. The appropriateness of the size and structure of the committee, the clarity of performance expectations for individual committee members and the extent to which the committee is independent of management (including having independence of mind and judgment) are all dealt with under “What”.
“Who” — Committee composition
The “Who” describes who is on the committee.
This section focuses on the competencies and skills of committee members, including their effectiveness. It also considers how new committee members are appointed to the committee, their induction, their opportunities for continuing education and development, important qualities that committee members should possess, whether committee member performance is regularly assessed, how under-performance is dealt with and the adequacy of committee member remuneration. Good practice requires that at least one committee member possesses the relevant level of financial expertise, but that the committee does not become overly reliant on that person in relation to financial matters.
“How” — Committee process
The “How” describes how the committee carries out its main tasks.
How a committee comes together to discharge its oversight responsibilities is a critical determinant of the quality of its review processes and recommendations, and ultimately its overall effectiveness. How audit committees act — or fail to act — is a complex interaction and the result of many factors including:
- the leadership of the committee chair and committee member behaviours and dynamics;
- how committee meetings are planned, operated and documented; and
- the nature of the audit committee’s relationships, the appropriateness of information received by the committee and of the committee’s reporting to the board.
In short, these items are the “hard” and “soft” elements of “committee process” or “How” the committee makes decisions. Because so many of these factors manifest themselves “inside the committee room”, or at least “behind closed doors,” little is known of the effectiveness of audit committees at these processes, nor is much of this information disclosed publicly. Nonetheless, research suggests committee process lies at the heart of whether a committee will be “effective” or not at carrying out its tasks. If the “How” is carried out well, this will increase the effectiveness of the committee as it carries out its main tasks.
“How” — a) Committee leadership, behaviours and dynamics
The leadership skills of the committee chair are central to an effective committee process. Effective audit committees are invariably led by a strong, diligent chair, a chair that builds healthy committee dynamics and who is trusted by the other committee members. This section also considers the extent to which the committee works constructively as a team, creates organisational value through the quality of its review process and recommendations and whether committee members listen to and respect one another. It also addresses how undesirable committee member behaviours are dealt with and whether any organisational topics are off limits.
“How” — b) Agendas, meetings and minutes
The appropriateness of the audit committee’s agendas, meetings and minutes are also key indicators of performance. How well a committee plans its annual agenda of meeting topics, including how it allocates its time among substantial matters is essential for a proper functioning committee. This section also considers whether management inappropriately influences agendas or meetings and how well significant issues are followed up by the committee. Whether management’s involvement in committee meetings contributes to the audit committee’s effectiveness, is also addressed in this section.
“How” — c) Relationships, information and board reporting
Effective oversight is impacted by the quality and nature of the relationship between the committee and management and the committee and assurance providers. Information is the “life-blood” of an effective audit committee. This section also considers whether the committee receives information in the quality, quantity and format that it deems appropriate and whether the committee has unrestricted access to management, assurance providers and relevant information. How the audit committee receives information will impact an audit committee’s ability to apply the skills, knowledge and experience of committee members to oversee management and the organisation. The time between committee and board meetings and the effectiveness of the committee chair’s reporting to the board are also addressed.
“Do” — Committee tasks
The “Do” describes what the committee does in terms of their main tasks.
The audit committee’s most important tasks include oversight of the following:
- risk management
- internal control and compliance
- the internal audit function
- financial reporting
- the external auditor
If a committee carries out its most important tasks well, it can significantly enhance the board’s decision-making capability and make a significant contribution to the board’s ability to meet its oversight responsibilities. If it is unable to meet these fundamental responsibilities, the board and the organisation are likely to suffer as a result.
“Do” — a) Risk management
The organisation’s ability to adopt a culture consistent with its agreed risk appetite is a foundation stone for sound risk management. This section also considers whether an appropriate process exists to identify all relevant material risks and whether there are effective systems to manage those risks. The extent to which the committee displays confidence in the senior executives responsible for risk management and whether the committee’s reporting to the board in relation to risk, enhances the board’s strategic decision-making capability, are also addressed.
“Do” — b) Internal control and compliance
Determining whether the organisation adopts a culture of integrity, transparency and accountability that supports the effective operation of the organisation’s internal control systems, is a very important but difficult function of the audit committee. This section also deals with the extent to which the committee reviews and takes appropriate action in relation to the effectiveness of the operation of the internal control environment, the effectiveness of internal controls over complex matters and the effectiveness of the compliance framework in place to manage the organisation’s obligations. The extent to which the committee ensures that employees have sufficient competencies to enable them to fulfill their compliance obligations is also addressed.
“Do” — c) Internal audit
To be effective, an internal audit function must be appropriately resourced, have access to the board chair or audit committee chair, as appropriate, and not have its independence compromised in any way. This section also deals with the appropriateness of the scope of the internal audit work planned, whether such plan and any changes thereto are approved by the committee and whether the internal audit recommendations are appropriate. Whether internal audit activities are subject to undue management influence and whether management responds to internal audit findings in the appropriate manner, are also addressed.
“Do” — d) Financial reporting
Whether the audit committee establishes the right “tone at the top” and whether the organisation’s Chief Financial Officer (CFO) or equivalent has a high level of integrity, will have a large bearing on the reliability of the organisation’s financial reporting. This section also addresses the extent to which there is agreement between the audit committee and management as to the basis upon which the organisation’s financial reporting should be prepared and whether there is clear agreement on the appropriate accounting treatment for areas of greatest financial risk. Other important matters, such as the committee’s understanding of how the pressures upon management may impact the organisation’s financial reporting, the reliability of CEO/CFO certifications and the utility of reporting are also addressed.
“Do” — e) External audit
The external audit function is more likely to be effective if the audit committee has appropriate oversight of the external auditor. The external audit plan needs to be sufficiently comprehensive, with a regular and comprehensive review of the effectiveness of the external auditor. This section also considers the extent to which the external auditor conducts a thorough audit of the reporting processes used to prepare the organisation’s financial statements, including whether external audit activities are not subject to undue management influence. Whether the committee and external auditor are in agreement in relation to all material external audit matters and whether management responses to the external auditor’s findings are appropriate are also addressed.