Sponsored by the AICPA’s Government Performance & Accountability Committee (GPAC)
Setting government audit committees up for success | Government briefLori A. Sexton CPA, CGMA
Audit committees are a critical component to enhancing an organization’s governance and oversight. Entities operating in the public sector have a heightened transparent level of scrutiny and accountability required. The governing entity—whether federal, state or local—is expected to provide governance and oversight to the government’s financial reports and processes, internal controls and both internal and external auditors. The most effective manner to address the public’s need for transparency, accountability and effectiveness is through the government’s audit committee.
In this article, I explore the foundations of strong audit committees, from establishing roles and responsibilities to understanding and addressing enterprise risk management and I connect you to our series of reports detailing government audit committee best practices—all available for download below.
Part 1: Charter, roles and responsibilities
A government’s audit committee provides governance and accountability but must address the enhanced transparency expectations of the public which it serves. Developing an entity-specific charter as well as creating roles and responsibilities of the audit committee which may include unique requirements is the first step in achieving a successful audit committee.
There are certain limitations placed on the audit committee. The audit committee is not responsible for planning or conducting audits; this is the independent auditor’s responsibility. Neither is the audit committee responsible for
Preparing and fairly presenting the government entity's financial statements in accordance with generally accepted accounting principles;
Maintaining effective internal control over financial reporting; and
Ensuring the government entity's compliance with applicable laws, regulations, and other requirements.
These responsibilities are management’s, and the independent auditor and the audit committee have independent and complementary oversight responsibilities for determining that the related objectives of management’s responsibilities are achieved.
The audit committee begins its accountabilities by creating a charter that lays out its specific governance responsibilities, expectations and measures as applicable. This includes the committee’s purpose, reporting hierarchy, committee membership, authority and responsibilities. To learn more about roles and responsibilities as well as best practices for developing a government audit committee charter, download Part 1 of our series, Getting started: Creating a charter and defining roles and responsibilities.
Part 2: Understanding internal controls, fraud and audit findings
The management of risk is an activity that flows out of the government's audit committee provides responsibility to provide governance and accountability while addressing the enhanced transparency expectations of the public which it serves. The understanding and identification of an entity's risks include not only identification, assessment but the mature aspects of internal controls, mitigation, analysis as they relate to strategies and objectives.
As stated in Part 2 of our series Hitting your stride: Understanding internal controls, fraud and audit findings: “The primary responsibility of the audit committee with respect to the internal controls is the system of internal controls over financial reporting and compliance with laws, regulations, contracts, grant agreements, abuse and operations.” The ability to execute this responsibility relies upon the use of an accepted framework. In the U.S., the COSO framework is sited as an acceptable framework and is utilized in the Federal Government’s Green book. In other countries, similar frameworks are utilized, such as IFAC’s International Framework used by European governments. To assist the audit committee in executing their responsibilities a checklist is provided to assist in the demonstration of the committee’s commitment to integrity and ethics, oversight, competence and accountability.
The prevention and deterrence of fraud as well as oversite that appropriate actions are taken against those found perpetrating fraud are under the government audit committee’s responsibilities. The public’s heightened expectations regarding public sector fraud is addressed within Part 2 with explanations of the types of fraud to be escalated.
Part 3: Internal audit function, independent auditors and risk management
The audit committee governance and accountability responsibilities to both the internal audit function and the oversight of the independent auditors are shaped by the entity’s risk appetite and tolerance, limitations and are affected by the determined mitigation options and outcomes. The ongoing monitoring of both the internal and independent auditors ensures independence and objectivity are in place is a significant function to ensure a robust risk management program.
The considerations highlighted within Part 3 of our series There’s more to consider: Internal audit function, independent auditors and risk management, address internal controls, mitigation, and analysis within the entity’s strategies and objectives as they are carried out by both the internal audit function and the independent auditors. The performance of the internal audit function is assessed with a focus upon the implementation and maintenance of quality control improvements. In order to execute their function, the areas of spotlight begin with qualifications, training, reporting lines and outsourcing as necessary. This enables assurance of independence, completeness and effectiveness as the internal audit function maintains a balance between financial and operational involvement in execution and reporting.
The audit committee’s responsibility with the independent auditor lies in the charge to hire, compensate, evaluate, and terminate the independent auditor. Ensuring that the auditor has necessary staff, training, and experience is the beginning of any assessment. The audit committee is also responsible for reviewing documentation that ensures the independent auditor is working with and leveraging the work of the internal audit department, providing open communication throughout the planning, execution and reporting stages and preserving independence. At times, the audit committee may need to engage others outside of the services of the independent auditor and those considerations are addressed within Part 3 as well.
Part 4: Tools for government
Audit committee responsibilities, internal controls, fraud, internal and external audit functions are all executed with the use of the tools and resources. The content within Part 4: Tools for government provides best practices for the audit committees within a government entity. As previously noted, the audit committee governance and accountability responsibilities to both the internal audit function and the oversight of the independent auditors are shaped by the entity’s risk appetite and tolerance, limitations and are affected by the determined mitigation options and outcomes. The ongoing monitoring of both the internal and independent auditors ensures independence and objectivity are in place is a significant function to ensure a robust risk management program.
Overarching an effective audit committee is the identification of an appropriate strategy for the entity at a variety of levels. We’ve included a strategic ERM oversight tool within this report to guide the committee through identification, assessment and monitoring of the concerns of the organization. And we’ve provided a detailed explanation of the responsibilities that occur both inside and outside of the committee. No assessment is complete without a reference to and understanding of a risk heat map that includes a list of benefits as well as relevant questions to consider.
Featured within this report is a National Audit Office (NAO) guide (UK) directed toward management during the COVID-19 pandemic. This tool addresses reporting, fraud, control environments and expenditures. The Audit Committee COVID-19/disaster preparedness checklist directs management to essential considerations including culture and legislative concerns.
Download the Government Audit Committees – Part 1 – Charter, Roles and Responsibilities
File name: cgma-govt-audit-committee-part-1.pdf
Download the Government Audit Committees – Part 2 – Understanding internal controls, fraud and audit findings
File name: cgma-govt-audit-committee-part-2.pdf
Download the Government Audit Committees – Part 3 – There’s more to consider: Internal audit function, independent auditors and risk management
File name: cgma-govt-audit-committee-part-3.pdf
Download the Government Audit Committees Part 4 – Tools for government
File name: cgma-govt-audit-committee-part-4.pdf
Lori A. Sexton, CPA, CGMA
Lori Sexton is a Senior Technical Manager, Management Accounting with the Association of International Certified Professional Accountants (AICPA). Research and development of management accounting resources, serving as an advocate for the public sector and liaison to the Government Performance and Accountability Committee (GPAC) are included among her responsibilities. Other experiences include providing audit, attest, tax and consulting services to public sector and not-for-profit entities as well as those in healthcare, manufacturing, financial services and other niche sectors. Her roles within the private sector included international financial services and GSEs (Government Sponsored Entities) with a focus on financial and risk management.
What did you think of this?
Every bit of feedback you provide will help us improve your experience
What did you think of this?
Every bit of feedback you provide will help us improve your experience