Audit Committee

What Is Audit Committee?

An audit committee is a subcommittee of a corporation's board of directors charged with independent oversight of financial reporting, internal controls, and the external audit process. It serves as the primary governance mechanism through which a board exercises its fiduciary duty over the integrity of financial statements and the adequacy of risk management practices. Members are drawn from independent directors who are not part of management, ensuring that the committee's scrutiny of financial matters is free from executive influence.

The modern audit committee took its current form largely through regulatory action following corporate accounting scandals in the early 2000s. The Sarbanes-Oxley Act of 2002 (SOX) established mandatory audit committee requirements for U.S. publicly traded companies, and the Securities and Exchange Commission subsequently codified the rules that govern committee composition, charter, and responsibilities. The SEC's 2003 rulemaking on listed company audit committees defines the independence criteria and financial expertise requirements that remain in force today.

Structure and Independence

Audit committee members must satisfy independence standards set by the SEC and by the stock exchanges on which a company is listed, including the New York Stock Exchange and Nasdaq. These standards prohibit directors from accepting consulting fees from the company or from being affiliated with any entity that provides advisory services to the company. At least one member must qualify as an "audit committee financial expert," possessing experience in preparing or auditing financial statements, an understanding of generally accepted accounting principles (GAAP), and familiarity with internal control assessment. The committee meets regularly with the external auditor, the head of internal audit, and the chief financial officer, typically in separate executive sessions that allow frank disclosure without management present.

Financial Reporting Oversight

The committee's central responsibility is overseeing the preparation and disclosure of financial statements. It reviews quarterly and annual financial filings for accuracy and completeness, approves or challenges significant accounting policies and estimates, and evaluates material changes in accounting standards that affect reported results. The external auditor is formally appointed by, and reports directly to, the audit committee rather than to management, giving the committee authority to determine audit scope, negotiate fees, and replace the auditor if necessary. SOX Section 301 made the committee directly responsible for the appointment, compensation, and oversight of any registered public accounting firm engaged for audit services, a structural change documented in SEC guidance on audit committee responsibilities.

Risk and Internal Controls

Beyond financial statements, audit committees oversee internal control over financial reporting (ICFR), as required by SOX Section 404. Management must assess and certify the effectiveness of internal controls annually, and the external auditor must independently attest to that assessment at larger public companies. The committee reviews this assessment, examines any material weaknesses or significant deficiencies identified, and monitors remediation. Its purview extends to enterprise risk, cybersecurity exposure, fraud programs, and ethics and compliance systems, areas where regulators and institutional investors have increasingly expected audit committees to be actively engaged. Deloitte's Center for Board Effectiveness audit committee guidance provides a widely referenced framework for structuring these broader oversight activities.

Applications

Audit committees have applications in a range of organizational contexts, including:

  • U.S. publicly traded companies required to list on NYSE or Nasdaq exchanges
  • Regulated financial institutions subject to Federal Reserve or OCC oversight
  • Technology companies disclosing material cybersecurity risks in SEC filings
  • Government-owned enterprises and public-sector entities with statutory audit requirements
  • Nonprofit organizations with significant public accountability obligations
Loading…