November 21, 2009
 
About the AICPA
Member Service Center
Membership Information
AICPA Mission
Corporate Governance
Understanding the Organization
Frequently Asked Questions
Media Center
People and Places
Jobs at the AICPA
Vision Project
Legal Briefs
Professional Resources
Accounting and Auditing
Accounting and Auditing Technical Help
Accounting Standards
Audit and Attest Standards
Audit Committee Effectiveness Center
Authoritative Standards
Business Reporting Assurance & Advisory Services
Enhanced Business Reporting
FASB Accounting Standards Codification
IFRS
Private Company Financial Reporting
Sarbanes-Oxley Resources
SEC Regulations Committee
XBRL
Tax
Business, Industry, and Government
Financial Management Center
Audit Committee Effectiveness Center
Audit Committee Matching System
Public Accounting Firm Resources
Center for Audit Quality
Employee Benefit Plan Audit Quality Center
Governmental Audit Quality Center
PCPS Firm Practice Center
Small Firm Corner
Peer Review
AICPA Peer Review Program
Peer Review Public File
National Peer Review Committee
Peer Review Transparency
Professional Ethics/Code of Conduct
Code of Conduct
Disciplinary Actions
Professional Ethics
Personal Financial Planning
Forensic and Valuation Services
Information Technology
Antifraud Resource Center
Financial Literacy
Exposure Drafts
CPA Marketing Toolkit
Public Meeting Notices
Conferences, Publications, CPE & the AICPA Library
AICPA Conferences
CPE
Publications
AICPA Library
Magazines and Newsletters
The CPA Letter
Journal of Accountancy
Journal of Accountancy Classified Ads
Newsletters
The Tax Adviser
Weekly News Updates
Copyright Information
Becoming a CPA/Academic Resources
Accounting Education Center
Students and CPA Candidates
Minority Initiatives
Start Here. Go Places.
Career Development and Workplace Issues
What's New
Career Advice
Job Search Tools
Mentoring Guidelines
Women in the Profession
Work-Life Balance
Young CPA Network
Consumer Information
360 Degrees of Financial Literacy
Antifraud Resource Center
Audit Committee Effectiveness Center
Audit Committee Matching System
Disciplinary Actions
Find a CPA
Peer Review Firm Terminations
Peer Review Public File
Web Trust
Media Center and Video Library
Media Center
Video Library
Legislative Activities and State Licensing Issues
Congressional and Federal Affairs
Mobility and State Licensing Issues
State News and Info
Home > Professional Resources > Business, Industry, and Government > Audit Committee Effectiveness Center > Not-for-Profit Organizations Toolkit > Conducting an Audit
Committee Executive Session: Guidelines and Questions
 
  Conducting an Audit Committee Executive Session: Guidelines and Questions
 



From The AICPA Audit Committee Toolkit. Copyright © 2005 by the American Institute of Certified Public Accountants, Inc., New York, New York.

Purpose of This Tool. Although it is generally accepted that audit committees should hold executive sessions with various members of the executive management, leaders of the financial management team, the leader of the internal audit team, and the independent auditor, audit committee members may not realize the type of questions and the extent of the questions they should ask. This tool is intended to help the audit committee ask the right first questions, bearing in mind that the audit committee should have the necessary expertise to evaluate the answers and the insight to identify the appropriate follow-up question. See the Other Questions for Management section of this tool for possible follow-up questions audit committee members can ask key members of the financial management team to improve their understanding of the day-to-day operating environment and management teams' decision-making processes and interactions.

 

What Is an Executive Session?

The purpose of an executive session is to ask questions of various members of the management team and the external auditors in a safe environment. During an executive session meeting, minutes are (usually) not recorded, and when meeting with members of the financial management team, anyone who is not a member of the audit committee is excluded from the meeting. Executive sessions should occur at every meeting of the audit committee, though not every individual needs be in an executive session at every meeting. For example, it may be appropriate for the chief audit executive (CAE), or equivalent, and the independent auditor to have an executive session at every meeting, but the director of financial reporting might be in executive session with the audit committee only at the meeting before the audit is accepted. The length of these sessions obviously varies depending on the issues that need to be discussed by the committee.

It is recommended that executive sessions be conducted with key members of the financial management team and external auditors on a one-on-one basis. It is important that, when meeting with the controller, for example, the chief financial officer (CFO) not be in the room. Executive sessions should be a matter of routine at every audit committee meeting, and not be done only on an exception basis. The audit committee should avoid situations of asking in an open session whether an individual has anything to discuss in an executive sessionthat question alone could put the individual in an awkward position with others in the organization.

Asking open-ended questions in an executive session could be a major source of information for the audit committee. This tool includes examples of the kinds of questions the audit committee should ask. These are meant to be sample questions to help start a conversation and create dialogue between the individual and the audit committee. These sample questions are not intended to be a checklist. Audit committee members need to have sufficient financial expertise to understand the answers to the questions and to use these answers to develop appropriate follow-up questions. Since it will not be unusual to ask similar questions of key executives, the independent auditor, and/or the internal auditor, a comparison of their respective responses could be a good source of insight. Depending on the answers, follow-up action may also be necessary, and the audit committee must be prepared to take that action. The most important thing to do when conducting an executive session is to listen to the answers that are given and follow up on anything that is not clear!

Note that the questions for the executive session are such that the participants may not feel free to answer honestly in the open environment of an executive session. Nevertheless, there may be other information that the audit committee wants to know. Following the suggested executive session questions is an associated section of follow-up questions, Other Questions for Management. An executive session may not be required for these questions, which nevertheless may elicit information the audit committee wants.

Audit committee members should also consider the history of the organization, the environment in which it operates, the current economic climate, the competitive environment, and other factors, when asking questions in executive session. Finally, each executive session should be concluded with a reminder to the member of management, that audit committee members are accessible even outside the meeting, and that they should feel free to reach out to the audit committee member at other times if the need arises.

It is important to note that not every organization will have different individuals in each position, as assumed in the following questions. Nevertheless, the audit committee should be aware of the functions that are part of dual roles, and adjust the questions accordingly. For example, in a small organization, the CFO and controller might share the duties of the director of financial reporting.

The audit committee should explore how a function or role is accomplished, and compose questions accordingly. Also, the audit committee should consider and take into account other roles in the organization. It may be that other people within an organization should also be asked to meet with the audit committee in executive session.


Instructions for Using This Tool.This tool is intended to help audit committees ask the right first questions, bearing in mind that the audit committee should have the necessary expertise to evaluate the answers and the insight to identify the appropriate follow-up question. Audit committee members may want to use the questions in the “Other Questions for Management” section in conjunction with this one to formulate and ask the appropriate follow-up question. As a reminder, not every organization will have different individuals in each position, as assumed in the following questions. Nevertheless, the audit committee should be aware of the functions that are part of such dual roles, and adjust the questions accordingly.

 

Conducting an Executive SessionSample Questions

Comments

Chief Financial Officer

1.      Do you believe the financial statements and applicable federal and state filings fairly present the organizations financial position and activities?

2.      Do you believe the disclosures are adequate and are understandable by the average reader?

3.      Are you satisfied that an appropriate audit was performed by the independent auditors?

4.      Are you aware of any situations of revenue or expense manipulation in the organization?

5.      Are you aware of any kind of fraud in the organization? Do you know of any situations in which fraud could occur?

6.      Is there any activity at the executive level of management that you consider to be a violation of laws, regulations, generally accepted accounting principles (GAAP), federal regulations (if the organization receives federal funding), professional, or accepted business practices?

7.      Have you encountered any situations in which the organization complied with legal minimums of behavior, yet failed to demonstrate its commitment to the highest ethical standards?

8.      Is there any activity in the organization that you are uncomfortable with or consider unusual, or that warrants further investigation?

9.      Do you feel comfortable raising issues without fear of retribution?

10.      Are there any questions we have not asked that should have been asked? If so, what are those questions?

Executive Director

 
  1. Do you believe the financial statements, IRS Form 990, and Form 990T, fairly present the organizations financial position?

 

2.      Do you believe the disclosures are adequate and are understandable by the average reader?

 

3.      Are you satisfied that an appropriate audit was performed by the independent auditors?

 

4.      Are you aware of any situations of revenue or expense manipulation in the organization?

 

5.      Are you aware of any disagreements between management of the organization and the independent auditors? If any, please provide details of the disagreement.

 

6.      Are you aware of any disagreements between management and the internal auditors? If any, please provide details of the disagreement.

 

7.      Is there any activity at the executive level of management that you consider to be a violation of laws, regulations, GAAP, federal regulations (if the organization receives federal funding), professional practice, or the mores of business?

 

8.      Have you encountered any situations in which the organization complied with legal minimums of behavior, yet failed to go the extra mile to demonstrate its commitment to the highest ethical standards?

 

9.      Is there any activity in the organization that you are uncomfortable with or consider unusual, or that warrants further investigation?

 

10.  Are there any questions we have not asked that should have been asked? If so, what are those questions?

 

Chief Audit Executive (leader of Internal Audit Team)

 

 

1.      Overall, is management cooperating with the internal audit team? Does management have a positive attitude in responding to findings and recommendations, or is it insecure and defensive of findings?

 

2.      Has management set an appropriate tone at the top with respect to the importance of and compliance with the internal control system around financial reporting?

 

3.      Are you aware of any current or past occurrence of any type of fraud in the organization? Do you know of any situations where fraud could occur?

 

4.      Are you aware of any situations of revenue or expense manipulation in the organization? Has the organization taken any tax positions that could be construed as aggressive?

 

5.      Have you encountered any situations in which the organization complied with legal minimums of behavior, yet failed to go the extra mile to demonstrate its commitment to the highest ethical standards?

 
  1. Do you have the freedom to conduct audits as necessary throughout the organization?

 
  1. Were you restricted or denied access to requested information?

 
  1. Have you been pressured to change findings, or minimize the language in those findings so as to not reflect badly on another member of management? Are findings and recommendations given the level of discussion needed to properly satisfy any issues raised, to your satisfaction?

 
  1. Do you feel comfortable raising issues without fear of retribution?

 
  1. Is there any activity at the executive level of management that you consider to be a violation of laws, regulations, GAAP, federal regulations (if the organization receives federal funding), professional practice, or the mores of business?

 
  1. Are there any questions we have not asked that should have been asked? If so, what are those questions?

 

Controller

 
  1. Do you believe the financial statements and IRS Form 990 fairly present the organizations financial position?

 
  1. Do you believe the disclosures are adequate and are understandable to the average reader?

 
  1. If you were the CFO, how would you change the financial statements and accompanying footnotes?

 
  1. Are you aware of any current or past occurrence of any type of fraud in the organization? Do you know of any situations in which fraud could occur?

 
  1. Are you aware of any situations of revenue or expense manipulation in the organization? Has the organization taken any tax positions that could be construed as aggressive?

 
  1. Are you satisfied that an appropriate audit was performed by the independent auditors?

 
  1. Are you aware of any disagreements between the management of the organization and the independent auditors?

 
  1. Has management set an appropriate tone at the top with respect to the importance of and compliance with the internal control system around financial reporting?

 
  1. Do you feel comfortable raising issues without fear of retribution?

 
  1. Have you encountered any situations in which the organization complied with legal minimums of behavior, yet failed to go the extra mile to demonstrate its commitment to the highest ethical standards?

 
  1. Is there any activity at the executive level of management that you consider to be a violation of laws, regulations, GAAP, federal regulations (if the organization receives federal funding), professional practice, or the mores of business?

 
  1. Is there any activity in the organization that you are uncomfortable with or consider unusual, or that warrants further investigation?

 
  1. Are there any questions we have not asked that should have been asked? If so, what are those questions?

 

Director of Financial Reporting

 
  1. Do you believe the financial statements and IRS Form 990 fairly present the organizations financial position?

 
  1. Are there any issues since our last meeting that you wish to discuss with the audit committee?

 
  1. Are you aware of any current or past occurrences of any type of fraud in the organization? Do you know of any situations in which fraud could occur?

 
  1. Are you aware of any situations of revenue or expense manipulation in the organization?

 
  1. Do you believe the financial statements and related disclosures adequately convey the financial situation in the organization to an average reader?

 
  1. Now that you have the opportunity, is there anything you want to tell the audit committee? Is there anything else that we need to know?

 
  1. Are you aware of any disagreements between management of the organization and the independent auditors?

 
  1. Do you feel comfortable raising issues without fear of retribution?

 
  1. Is there any activity at the executive level of management that you consider to be a violation of laws regulations, GAAP, federal regulations (if the organization receives federal funding), professional practice, or the mores of business?

 
  1. Is there anything going on in the organization with which you are uncomfortable?

 
  1. Are there any questions we have not asked that should have been asked? If so, what are those questions?

 

General Counsel

 
  1. Are you aware of any issues that could cause embarrassment to the organization?

 
  1. Have you ever been told anything in confidence or otherwise that would embarrass the organization if it were known publicly?

 
  1. Are you aware of any situations of revenue or expense manipulation in the organization?

 
  1. Are there any items that have significant financial statement impact that you have discussed with the executive director, CFO or other officers, or outside counsel, that the audit committee is not already aware of?

 
  1. Are you aware of any disagreements between management of the organization and the independent auditors?

 
  1. Do you feel comfortable raising issues without fear of retribution?

 
  1. Is there any activity at the executive level of management that you consider to be a violation of laws, regulations, GAAP, federal regulations (if the organization receives federal funding), professional practice, or the mores of business?

 
  1. Have you encountered any situations in which the organization complied with legal minimums of behavior, yet did not go the extra mile to demonstrate its commitment to the highest ethical standards?

 
  1. Is there any activity in the organization that you are uncomfortable with, consider unusual or warrants further investigation?

 
  1. Are there any questions we have not asked that should have been asked? If so, what are those questions?

 

Chief Information Officer

 
  1. Is there any activity in the organization that you are uncomfortable with or consider unusual, or that warrants further investigation?

 
  1. Do you feel comfortable raising issues without fear of retribution?

 
  1. Has management set an appropriate tone at the top with respect to the importance of and compliance with the internal control system around financial reporting?

 
  1. Are there any items that have financial statement impact that you have discussed with the executive director, CFO or other officers, or outside counsel, that the audit committee is not already aware of?

 
  1. Are there any questions we have not asked that should have been asked? If so, what are those questions?

 

Conducting an Executive SessionSample Questions

Independent Auditors

Note that there are certain communications that are required between the independent auditors and the audit committee. A separate tool, Discussions With the Independent Auditors: What to Expect, has been prepared for the audit committee to ensure completeness of the committees required communication with the independent auditors. These suggested questions are meant to be in addition to the required communications.

1. Explain the process your firm goes through to ensure that all of your engagement personnel are independent and objective with respect to our audit. Particularly, with respect to nonaudit services, how do those services affect the work that you do or the manner in which the engagement team or others are compensated? Are you aware of any anticipated event that could possibly impair the independence, in fact or in appearance, of the firm and any member of the engagement team?

Comments:

 

 

 

2. Has management, legal counsel, or others made you aware of anything that could be considered a violation of laws, regulations, GAAP, federal regulations (if the organization receives federal funding), professional practice, or the ethics of business?

Comments:

 

 

 

3. Are there any areas of the financial statements and the notes that you believe could be more explicit or transparent, or provide more clarity to help a user better understand our financial statements?

Comments:

 

 

 

4. Have you expressed any concerns or comments to management with respect to how our financial statement presentation could be improved?

Comments:

 

 

 

5. Which accounting policies or significant business transactions do you think a reader will have trouble understanding based on our disclosure? What additional information could (should) we provide?

Comments:

 

 

 

6. Based on your auditing procedures, do you have any concerns about how management may be recording revenues and expenses? Have you noticed any biases as a result of your audit tests with respect to estimates?

Comments:

 

 

 

7. Are there areas in which you and management have disagreed?

Comments:

 

 

 

8. Discuss your impressions of the performance of the chief audit executive in terms of the completeness, accuracy, and faithfulness of the financial reporting process.

Comments:

 

 

 

9. Has the firm been engaged to provide any services besides the independent audit and preparation of the IRS Form 990 or Form 990T of which the audit committee is not already aware?

Comments:

 

 

 

10. How can management improve in terms of setting an appropriate tone at the top?

Comments:

 

 

 

11. Describe the ideas you have discussed with management for improving the internal control system over financial reporting.

Comments:

 

 

 

12. Describe for us any situation in which you believe management has attempted to circumvent the spirit of GAAP, but has yet complied with GAAP.

Comments:

 

 

 

13. Is there anything going on in the organization that you are uncomfortable with or consider unusual, or that warrants further investigation?

Comments:

 

 

 

14. Are there any questions we have not asked that you wish to share with the audit committee?

Comments:

 

 

 

Other Questions for Management

Purpose of This Section. It is important for the audit committee to have a solid familiarity with the management team, since the committee relies heavily on them. In some large organizations, there is an expectation that members of the board will interact with members of management one-on-one on a regular basis. However, such interaction is not always possible. This section lists other questions that the audit committee may wish to address to key members of the financial management team. These questions need not be asked in an executive session, but can be addressed more informally as opportunities arise.

 

Other Questions for Management

Comments

Chief Financial Officer

 
  1. Describe your working relationship with the executive director.

 
  1. If you were the partner-in-charge of the audit, what would you do differently?

 
  1. Are you aware of any disagreements between management of the organization and the independent auditors?

 
  1. How frequently do you meet with the lead audit partner? Describe your relationship with him or her.

 
  1. Are you aware of any disagreements between management and the internal auditors?

 
  1. Describe your relationship with the chief audit executive (CAE). Discuss your impressions of his or her performance.

 
  1. How do you interface with the internal audit function?

 
  1. Has the independent auditor been engaged for any services other than the annual audit and preparation of the IRS Form 990 of which the audit committee is not already aware?

 
  1. Are the computer systems upon which you rely integrated, or is manual intervention required to integrate your systems?

 
  1. Which systems are the most difficult to work with?

 
  1. Are there any new systems or functionality that you would like to purchase but have delayed due to cost considerations?

 
  1. What procedures or oversight do you apply to manual journal entries that are proposed during the book-closing process?

 
  1. Do the accounting and finance departments of the organization have adequate personnel, both in numbers and quality, to meet all their obligations?

 
  1. What are the most difficult challenges facing the accounting and finance organization today?

 
  1. Which departments might benefit the most from additional human resources?

 
  1. What are the personnel turnover rates in the accounting and finance departments for the last year?

 
  1. What are the biggest risks facing the organization in the next year? What steps do you think the organization should take to address those risks?

 
  1. What are the biggest risks facing the organization over the long term? What measures do you believe the organization should take to address those risks?

 

Executive Director

 

1.      Discuss your impressions of the performance of the chief audit executive (CAE), chief financial officer (CFO), and controller.

 

2.      Has the independent auditor been engaged for any services other than the annual audit and preparation of the IRS Form 990 of which the audit committee is not already aware?

 

3.      What are the biggest risks facing the organization in the next year? What steps do you think the organization should take to address those risks?

 

4.      What are the biggest risks facing the organization over the long term? What measures do you believe the organization should take to address those risks?

 

Chief Audit Executive (leader of Internal Audit function)

 
  1. What procedures do you apply to the review of manual journal entries made during the book-closing process, and to other entries that could be termed as a management override of the internal control system around financial reporting?

 
  1. If you were the executive director, how would you do things differently in the internal audit department?

 
  1. Do you believe you have adequate resources available to you to fulfill the charge of the department? If not, what additional resources are needed?

 
  1. Did you encounter any disagreements or difficulties between the internal audit team and the independent auditors in connection with the recently completed audit of the organizations financial statements? How will you approach the financial statement audit differently next year?

 
  1. What critical risks are being monitored by the internal audit team on a periodic or regular basis? How do you address the continuous auditing of these critical risks, and is automation and integrated system reporting assisting you in this effort?

 
  1. Are you aware of any other disagreements between management of the organization and the independent auditors?

 
  1. Are there any disagreements between the internal audit team and management?

 
  1. Has the independent auditor been engaged for any services other than the annual audit and preparation of the IRS Form 990 of which the audit committee is not already aware?

 
  1. Are the computer systems upon which you rely integrated, or is manual intervention required to integrate your systems?

 
  1. Do you monitor payments to the independent audit firm to ensure that the auditor is only providing services that are related to the audit, or other services that have been preapproved by the audit committee (e.g., preparation of the IRS Form 990 and/or Form 990T)?

 
  1. What are the biggest risks facing the organization in the next year? What steps do you think the organization should take to address those risks?

 
  1. What are the biggest risks facing the organization over the long term? What measures do you believe the organization should take to address those risks?

 

Controller

 
  1. Has the independent auditor been engaged for any services other than the annual audit and preparation of the IRS Form 990 and/or Form 990T of which the audit committee is not already aware?

 
  1. If you were the partner-in-charge of the audit, what would you do differently?

 
  1. Discuss your impressions of the performance of the chief audit executive.

 
  1. Are the computer systems upon which you rely integrated, or does it require manual intervention to integrate your systems?

 
  1. What procedures do you apply to review manual journal entries proposed during the book-closing process, or to other entries that could be termed as a management override of the internal control system around financial reporting?

 
  1. What are the biggest risks facing the organization in the next year? What steps do you think the organization should take to address those risks?

 
  1. What are the biggest risks facing the organization over the long term? What measures do you believe the organization should take to address those risks?

 

Director of Financial Reporting

 
  1. How could the financial statements and related disclosures be improved?

 
  1. Are the computer systems upon which you rely integrated, or is manual intervention required to integrate your systems?

 

General Counsel

 
  1. Discuss your impressions of the performance of the chief audit executive.

 
  1. Has the independent auditor been engaged for any services other than the annual audit and preparation of the IRS Form 990 of which the audit committee is not already aware?

 
  1. What are the biggest risks facing the organization in the next year? What steps do you think the organization should take to address those risks?

 
  1. What are the biggest risks facing the organization over the long term? What measures do you believe the organization should take to address those risks?

 

Chief Information Officer

 
  1. Are you satisfied with the integrity of the information running through the systems in the organization? How could technology improve the integrity of the information?

 
  1. What exposure is associated with the organizations firewalls?

 
  1. If you had an unlimited budget, how would you spend money to improve the organizations information architecture?

 
  1. What do you consider your critical risk areas?

 
  1. Describe your relationship with the CFO and other key people in the accounting and finance departments.

 
  1. Are manual journal entries identified and approved? Are they brought to the attention of the CAE, or other officer(s) that did not have a hand in creating the journal entries?

 
  1. Is documentation updated every time there is a change to the internal controls process?

 
  1. What are the biggest risks facing the organization in the next year? What steps do you think the organization should take to address those risks?

 
  1. What are the biggest risks facing the organization over the long term? What measures do you believe the organization should take to address those risks?

 

Independent Auditor

 
  1. What role, if any, did your firm have in managements documentation and assessment of the organizations internal control structure?

 
  1. What audit procedures do you apply to manual journal entries that are proposed during the book-closing process, or to other journal entries that could be termed as a management override of the internal control system around financial reporting?

 
  1. Was any audit work not performed due to any limitations placed on you by management (e.g., any areas scoped out by management, or any restriction on fees that limited the scope of your work)?

 
  1. What, if any, changes do you believe need to be made in these areas?

 
  1. What are the biggest risks facing the organization in the next year? What steps do you think the organization should take to address those risks?

 
  1. What are the biggest risks facing the organization over the long term?

 

7. What measures do you believe the organization should take to address those risks?

 

Notes

 

 

 

 

 

 

 

 

 

 

 

From The AICPA Audit Committee Toolkit. Copyright © 2005 by the American Institute of Certified Public Accountants, Inc., New York, New York.

  
 
To ensure that you can receive email messages from the AICPA, remember to update your member profile. Also, add the AICPA's email domains ("aicpa.org" and "email.aicpa.org") to your Sender Safe List, or contact your IT administrator to update your firm's email software.

©2006-2009 The American Institute of Certified Public Accountants, ISO 9001 Certified
AICPA Privacy Policy and Copyright Information | Jobs at the AICPA | Contact Us
AICPA, 1211 Avenue of the Americas, New York, NY 10036
Trusted Commerce