The purpose of an executive session is to ask questions of various members
of the management team and the external auditors in a safe environment. During
an executive session meeting, minutes are (usually) not recorded, and when
meeting with members of the financial management team, anyone who is not
a member of the audit committee is excluded from the meeting. Executive sessions
should occur at every meeting of the audit committee, though not every individual
needs be in an executive session at every meeting. For example, it may be
appropriate for the chief audit executive (CAE), or equivalent, and the independent
auditor to have an executive session at every meeting, but the director of
financial reporting might be in executive session with the audit committee
only at the meeting before the audit is accepted. The length of these sessions
obviously varies depending on the issues that need to be discussed by the
committee.
It is recommended that executive sessions be
conducted with key members of the financial management team and external
auditors on a one-on-one basis. It is important that, when meeting with the
controller, for example, the chief financial officer (CFO) not be in the
room. Executive sessions should be a matter of routine at every audit committee
meeting, and not be done only on an exception basis. The audit committee
should avoid situations of asking in an open session whether an individual
has anything to discuss in an executive sessionthat question alone could
put the individual in an awkward position with others in the organization.
Asking open-ended questions in an executive session could be a major source
of information for the audit committee. This tool includes examples of the
kinds of questions the audit committee should ask. These are meant to be
sample questions to help start a conversation and create dialogue between
the individual and the audit committee. These sample questions are not
intended to be a checklist. Audit committee members need to have sufficient
financial expertise to understand the answers to the questions and to use
these answers to develop appropriate follow-up questions. Since it will not
be unusual to ask similar questions of key executives, the independent auditor,
and/or the internal auditor, a comparison of their respective responses could
be a good source of insight. Depending on the answers, follow-up action may
also be necessary, and the audit committee must be prepared to take that
action. The most important thing to do when conducting an executive session
is to listen to the answers that are given and follow up on anything
that is not clear!
Note that the questions for the executive session are such that the participants
may not feel free to answer honestly in the open environment of an executive
session. Nevertheless, there may be other information that the audit committee
wants to know. Following the suggested executive session questions is an
associated section of follow-up questions, Other Questions for Management. An
executive session may not be required for these questions, which nevertheless
may elicit information the audit committee wants.
Audit committee members should also consider the history of the organization,
the environment in which it operates, the current economic climate, the competitive
environment, and other factors, when asking questions in executive session.
Finally, each executive session should be concluded with a reminder to the
member of management, that audit committee members are accessible even outside
the meeting, and that they should feel free to reach out to the audit committee
member at other times if the need arises.
It is important to note that not every organization will have different
individuals in each position, as assumed in the following questions. Nevertheless,
the audit committee should be aware of the functions that are part of dual
roles, and adjust the questions accordingly. For example, in a small organization,
the CFO and controller might share the duties of the director of financial
reporting.
The audit committee should explore how a function or role is accomplished,
and compose questions accordingly. Also, the audit committee should consider
and take into account other roles in the organization. It may be that other
people within an organization should also be asked to meet with the audit
committee in executive session.
|
Conducting an
Executive SessionSample Questions
|
Comments
|
|
Chief Financial
Officer
|
|
|
1.
Do you believe the financial statements and applicable federal and state filings fairly present the organizations financial position and activities?
|
|
|
2.
Do you believe the disclosures are adequate and are understandable
by the average reader?
|
|
|
3.
Are you satisfied that an appropriate audit was performed by the independent auditors?
|
|
|
4.
Are you aware of any situations of revenue or expense manipulation
in the organization?
|
|
|
5.
Are you aware of any kind of fraud in the organization? Do you
know of any situations in which fraud could occur? |
|
|
6.
Is there any activity at the executive level of management that you consider to be a violation of laws, regulations, generally accepted accounting principles (GAAP), federal regulations (if the organization receives federal funding), professional, or accepted business practices?
|
|
|
7.
Have you encountered any situations in which the organization
complied with legal minimums of behavior, yet failed to demonstrate its commitment
to the highest ethical standards?
|
|
|
8.
Is there any activity in the organization that you are uncomfortable
with or consider unusual, or that warrants further investigation?
|
|
|
9.
Do you feel comfortable raising issues without fear of retribution?
|
|
|
10.
Are there any questions we have not asked that should have been asked? If so, what are those questions?
|
|
|
Executive Director
|
|
- Do you believe the financial
statements, IRS Form 990, and Form 990T, fairly present the
organizations financial position?
|
|
|
2. Do
you believe the disclosures are adequate and are understandable by the
average reader?
|
|
|
3. Are
you satisfied that an appropriate audit was performed by the independent
auditors?
|
|
|
4. Are
you aware of any situations of revenue or expense manipulation in the
organization?
|
|
|
5. Are
you aware of any disagreements between management of the organization and the
independent auditors? If any, please provide details of the disagreement.
|
|
|
6. Are
you aware of any disagreements between management and the internal auditors?
If any, please provide details of the disagreement.
|
|
|
7. Is
there any activity at the executive level of management that you consider to
be a violation of laws, regulations, GAAP, federal regulations (if the
organization receives federal funding), professional practice, or the mores
of business?
|
|
|
8. Have
you encountered any situations in which the organization complied with legal
minimums of behavior, yet failed to go the extra mile to demonstrate its
commitment to the highest ethical standards?
|
|
|
9. Is
there any activity in the organization that you are uncomfortable with or
consider unusual, or that warrants further investigation?
|
|
|
10. Are there
any questions we have not asked that should have been asked? If so,
what are those questions?
|
|
|
Chief Audit Executive (leader of Internal
Audit Team)
|
|
|
1. Overall,
is management cooperating with the internal audit team? Does management have
a positive attitude in responding to findings and recommendations, or is it
insecure and defensive of findings?
|
|
|
2. Has
management set an appropriate tone at the top with respect to the
importance of and compliance with the internal control system around
financial reporting?
|
|
|
3. Are
you aware of any current or past occurrence of any type of fraud in the
organization? Do you know of any situations where fraud could occur?
|
|
|
4. Are
you aware of any situations of revenue or expense manipulation in the
organization? Has the organization taken any tax positions that could be
construed as aggressive?
|
|
|
5. Have
you encountered any situations in which the organization complied with legal
minimums of behavior, yet failed to go the extra mile to demonstrate its
commitment to the highest ethical standards?
|
|
- Do you have the freedom to conduct
audits as necessary throughout the organization?
|
|
- Were you restricted or denied
access to requested information?
|
|
- Have you been pressured to change
findings, or minimize the language in those findings so as to not
reflect badly on another member of management? Are findings and
recommendations given the level of discussion needed to properly satisfy
any issues raised, to your satisfaction?
|
|
- Do you feel comfortable raising
issues without fear of retribution?
|
|
- Is there any activity at the
executive level of management that you consider to be a violation of
laws, regulations, GAAP, federal regulations (if the organization
receives federal funding), professional practice, or the mores of
business?
|
|
- Are there any questions we have not
asked that should have been asked? If so, what are those questions?
|
|
|
Controller
|
|
- Do you believe the financial
statements and IRS Form 990 fairly present the organizations financial
position?
|
|
- Do you believe the disclosures are
adequate and are understandable to the average reader?
|
|
- If you were the CFO, how would you
change the financial statements and accompanying footnotes?
|
|
- Are you aware of any current or
past occurrence of any type of fraud in the organization? Do you know of
any situations in which fraud could occur?
|
|
- Are you aware of any situations of
revenue or expense manipulation in the organization? Has the
organization taken any tax positions that could be construed as
aggressive?
|
|
- Are you satisfied that an
appropriate audit was performed by the independent auditors?
|
|
- Are you aware of any disagreements
between the management of the organization and the independent auditors?
|
|
- Has management set an appropriate
tone at the top with respect to the importance of and compliance with
the internal control system around financial reporting?
|
|
- Do you feel comfortable raising
issues without fear of retribution?
|
|
- Have you encountered any situations
in which the organization complied with legal minimums of behavior, yet
failed to go the extra mile to demonstrate its commitment to the highest
ethical standards?
|
|
- Is there any activity at the
executive level of management that you consider to be a violation of
laws, regulations, GAAP, federal regulations (if the organization
receives federal funding), professional practice, or the mores of
business?
|
|
- Is there any activity in the organization
that you are uncomfortable with or consider unusual, or that warrants
further investigation?
|
|
- Are there any questions we have not
asked that should have been asked? If so, what are those questions?
|
|
|
Director of
Financial Reporting
|
|
- Do you believe the financial
statements and IRS Form 990 fairly present the organizations financial
position?
|
|
- Are there any issues since our
last meeting that you wish to discuss with the audit committee?
|
|
- Are you aware of any current or
past occurrences of any type of fraud in the organization? Do you know
of any situations in which fraud could occur?
|
|
- Are you aware of any situations of
revenue or expense manipulation in the organization?
|
|
- Do you believe the financial
statements and related disclosures adequately convey the financial
situation in the organization to an average reader?
|
|
- Now that you have the opportunity,
is there anything you want to tell the audit committee? Is there
anything else that we need to know?
|
|
- Are you aware of any disagreements
between management of the organization and the independent auditors?
|
|
- Do you feel comfortable raising
issues without fear of retribution?
|
|
- Is there any activity at the executive
level of management that you consider to be a violation of laws
regulations, GAAP, federal regulations (if the organization receives
federal funding), professional practice, or the mores of business?
|
|
- Is there anything going on in the
organization with which you are uncomfortable?
|
|
- Are there any questions we have not
asked that should have been asked? If so, what are those questions?
|
|
|
General Counsel
|
|
- Are you aware of any issues that
could cause embarrassment to the organization?
|
|
- Have you ever been told anything in
confidence or otherwise that would embarrass the organization if it were
known publicly?
|
|
- Are you aware of any situations of
revenue or expense manipulation in the organization?
|
|
- Are there any items that have
significant financial statement impact that you have discussed with the executive
director, CFO or other officers, or outside counsel, that the audit
committee is not already aware of?
|
|
- Are you aware of any disagreements
between management of the organization and the independent auditors?
|
|
- Do you feel comfortable raising
issues without fear of retribution?
|
|
- Is there any activity at the
executive level of management that you consider to be a violation of
laws, regulations, GAAP, federal regulations (if the organization
receives federal funding), professional practice, or the mores of
business?
|
|
- Have you encountered any situations
in which the organization complied with legal minimums of behavior, yet
did not go the extra mile to demonstrate its commitment to the highest
ethical standards?
|
|
- Is there any activity in the
organization that you are uncomfortable with, consider unusual or
warrants further investigation?
|
|
- Are there any questions we have not
asked that should have been asked? If so, what are those questions?
|
|
|
Chief
Information Officer
|
|
- Is there any activity in the
organization that you are uncomfortable with or consider unusual, or
that warrants further investigation?
|
|
- Do you feel comfortable raising
issues without fear of retribution?
|
|
- Has management set an appropriate
tone at the top with respect to the importance of and compliance with
the internal control system around financial reporting?
|
|
- Are there any items that have
financial statement impact that you have discussed with the executive
director, CFO or other officers, or outside counsel, that the audit
committee is not already aware of?
|
|
- Are there any questions we have not
asked that should have been asked? If so, what are those questions?
|
|
Conducting an
Executive SessionSample Questions
|
|
Independent Auditors
|
|
Note that there are certain communications that are required between the independent auditors and the audit committee. A separate tool, Discussions With the Independent Auditors: What to Expect, has been prepared for the audit committee to ensure completeness of the committees required communication with the independent auditors. These suggested questions are meant to be in addition to the required communications.
|
|
1. Explain the
process your firm goes through to ensure that all of your engagement
personnel are independent and objective with respect to our audit. Particularly,
with respect to nonaudit services, how do those services affect the work that
you do or the manner in which the engagement team or others are compensated?
Are you aware of any anticipated event that could possibly impair the
independence, in fact or in appearance, of the firm and any member of the
engagement team?
|
|
Comments:
|
|
|
|
|
|
|
|
2. Has
management, legal counsel, or others made you aware of anything that could be
considered a violation of laws, regulations, GAAP, federal regulations (if
the organization receives federal funding), professional practice, or the
ethics of business?
|
|
Comments:
|
|
|
|
|
|
|
|
3. Are there
any areas of the financial statements and the notes that you believe could be
more explicit or transparent, or provide more clarity to help a user better
understand our financial statements?
|
|
Comments:
|
|
|
|
|
|
|
|
4. Have you
expressed any concerns or comments to management with respect to how our
financial statement presentation could be improved?
|
|
Comments:
|
|
|
|
|
|
|
|
5. Which
accounting policies or significant business transactions do you think a reader
will have trouble understanding based on our disclosure? What additional
information could (should) we provide?
|
|
Comments:
|
|
|
|
|
|
|
|
6. Based on
your auditing procedures, do you have any concerns about how management may
be recording revenues and expenses? Have you noticed any biases as a result
of your audit tests with respect to estimates?
|
|
Comments:
|
|
|
|
|
|
|
|
7. Are there
areas in which you and management have disagreed?
|
|
Comments:
|
|
|
|
|
|
|
|
8. Discuss your
impressions of the performance of the chief audit executive in terms of the
completeness, accuracy, and faithfulness of the financial reporting process.
|
|
Comments:
|
|
|
|
|
|
|
|
9. Has the firm
been engaged to provide any services besides the independent audit and
preparation of the IRS Form 990 or Form 990T of which the audit committee is
not already aware?
|
|
Comments:
|
|
|
|
|
|
|
|
10. How can
management improve in terms of setting an appropriate tone at the top?
|
|
Comments:
|
|
|
|
|
|
|
|
11. Describe
the ideas you have discussed with management for improving the internal
control system over financial reporting.
|
|
Comments:
|
|
|
|
|
|
|
|
12. Describe
for us any situation in which you believe management has attempted to
circumvent the spirit of GAAP, but has yet complied with GAAP.
|
|
Comments:
|
|
|
|
|
|
|
|
13. Is there
anything going on in the organization that you are uncomfortable with or
consider unusual, or that warrants further investigation?
|
|
Comments:
|
|
|
|
|
|
|
|
14. Are there
any questions we have not asked that you wish to share with the audit
committee?
|
|
Comments:
|
|
|
|
|
|
|
|
Other Questions for
Management
|
Comments
|
|
Chief Financial
Officer
|
|
- Describe your working relationship
with the executive director.
|
|
- If you were the partner-in-charge of
the audit, what would you do differently?
|
|
- Are you aware of any disagreements
between management of the organization and the independent auditors?
|
|
- How frequently do you meet with the
lead audit partner? Describe your relationship with him or her.
|
|
- Are you aware of any disagreements
between management and the internal auditors?
|
|
- Describe your relationship with the
chief audit executive (CAE). Discuss your impressions of his or her
performance.
|
|
- How do you interface with the
internal audit function?
|
|
- Has the independent auditor been
engaged for any services other than the annual audit and preparation of
the IRS Form 990 of which the audit committee is not already aware?
|
|
- Are the computer systems upon which
you rely integrated, or is manual intervention required to integrate
your systems?
|
|
- Which systems are the most difficult
to work with?
|
|
- Are there any new systems or
functionality that you would like to purchase but have delayed due to
cost considerations?
|
|
- What procedures or oversight do you
apply to manual journal entries that are proposed during the
book-closing process?
|
|
- Do the accounting and finance
departments of the organization have adequate personnel, both in numbers
and quality, to meet all their obligations?
|
|
- What are the most difficult
challenges facing the accounting and finance organization today?
|
|
- Which departments might benefit the
most from additional human resources?
|
|
- What are the personnel turnover rates
in the accounting and finance departments for the last year?
|
|
- What are the biggest risks facing
the organization in the next year? What steps do you think the
organization should take to address those risks?
|
|
- What are the biggest risks facing
the organization over the long term? What measures do you believe the
organization should take to address those risks?
|
|
|
Executive Director
|
|
|
1. Discuss
your impressions of the performance of the chief audit executive (CAE), chief
financial officer (CFO), and controller.
|
|
|
2. Has
the independent auditor been engaged for any services other than the annual
audit and preparation of the IRS Form 990 of which the audit committee is not
already aware?
|
|
|
3. What
are the biggest risks facing the organization in the next year? What steps do
you think the organization should take to address those risks?
|
|
|
4. What
are the biggest risks facing the organization over the long term? What
measures do you believe the organization should take to address those risks?
|
|
|
Chief Audit
Executive (leader of Internal Audit function)
|
|
- What procedures do you apply to the
review of manual journal entries made during the book-closing process,
and to other entries that could be termed as a management override of
the internal control system around financial reporting?
|
|
- If you were the executive director,
how would you do things differently in the internal audit department?
|
|
- Do you believe you have adequate
resources available to you to fulfill the charge of the department? If
not, what additional resources are needed?
|
|
- Did you encounter any disagreements
or difficulties between the internal audit team and the independent
auditors in connection with the recently completed audit of the
organizations financial statements? How will you approach the financial
statement audit differently next year?
|
|
- What critical risks are being
monitored by the internal audit team on a periodic or regular basis? How
do you address the continuous auditing of these critical risks, and is
automation and integrated system reporting assisting you in this effort?
|
|
- Are you aware of any other
disagreements between management of the organization and the independent
auditors?
|
|
- Are there any disagreements between
the internal audit team and management?
|
|
- Has the independent auditor been
engaged for any services other than the annual audit and preparation of
the IRS Form 990 of which the audit committee is not already aware?
|
|
- Are the computer systems upon which
you rely integrated, or is manual intervention required to integrate
your systems?
|
|
- Do you monitor payments to the
independent audit firm to ensure that the auditor is only providing
services that are related to the audit, or other services that have been
preapproved by the audit committee (e.g., preparation of the IRS Form
990 and/or Form 990T)?
|
|
- What are the biggest risks facing
the organization in the next year? What steps do you think the
organization should take to address those risks?
|
|
- What are the biggest risks facing
the organization over the long term? What measures do you believe the
organization should take to address those risks?
|
|
|
Controller
|
|
- Has the independent auditor been
engaged for any services other than the annual audit and preparation of
the IRS Form 990 and/or Form 990T of which the audit committee is not
already aware?
|
|
- If you were the partner-in-charge of
the audit, what would you do differently?
|
|
- Discuss your impressions of the
performance of the chief audit executive.
|
|
- Are the computer systems upon which
you rely integrated, or does it require manual intervention to integrate
your systems?
|
|
- What procedures do you apply to
review manual journal entries proposed during the book-closing process,
or to other entries that could be termed as a management override of the
internal control system around financial reporting?
|
|
- What are the biggest risks facing
the organization in the next year? What steps do you think the
organization should take to address those risks?
|
|
- What are the biggest risks facing
the organization over the long term? What measures do you believe the
organization should take to address those risks?
|
|
|
Director of
Financial Reporting
|
|
- How could the financial statements
and related disclosures be improved?
|
|
- Are the computer systems upon
which you rely integrated, or is manual intervention required to
integrate your systems?
|
|
|
General Counsel
|
|
- Discuss your impressions of the
performance of the chief audit executive.
|
|
- Has the independent auditor been
engaged for any services other than the annual audit and preparation of
the IRS Form 990 of which the audit committee is not already aware?
|
|
- What are the biggest risks facing
the organization in the next year? What steps do you think the
organization should take to address those risks?
|
|
- What are the biggest risks facing
the organization over the long term? What measures do you believe the
organization should take to address those risks?
|
|
|
Chief
Information Officer
|
|
- Are you satisfied with the integrity
of the information running through the systems in the organization? How
could technology improve the integrity of the information?
|
|
- What exposure is associated with the
organizations firewalls?
|
|
- If you had an unlimited budget, how
would you spend money to improve the organizations information
architecture?
|
|
- What do you consider your critical
risk areas?
|
|
- Describe your relationship with the
CFO and other key people in the accounting and finance departments.
|
|
- Are manual journal entries
identified and approved? Are they brought to the attention of the CAE,
or other officer(s) that did not have a hand in creating the journal
entries?
|
|
- Is documentation updated every time
there is a change to the internal controls process?
|
|
- What are the biggest risks facing
the organization in the next year? What steps do you think the
organization should take to address those risks?
|
|
- What are the biggest risks facing
the organization over the long term? What measures do you believe the
organization should take to address those risks?
|
|
|
Independent
Auditor
|
|
- What role, if any, did your firm
have in managements documentation and assessment of the organizations
internal control structure?
|
|
- What audit procedures do you apply
to manual journal entries that are proposed during the book-closing
process, or to other journal entries that could be termed as a
management override of the internal control system around financial
reporting?
|
|
- Was any audit work not performed
due to any limitations placed on you by management (e.g., any areas scoped
out by management, or any restriction on fees that limited the scope of
your work)?
|
|
- What, if any, changes do you
believe need to be made in these areas?
|
|
- What are the biggest risks facing
the organization in the next year? What steps do you think the
organization should take to address those risks?
|
|
- What are the biggest risks facing
the organization over the long term?
|
|
|
7. What measures do you believe
the organization should take to address those risks?
|
|
|
Notes
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|