Driving Change through the Audit Committee Agenda
February 13, 2019
Within the Nevada System of Higher Education, every Audit Committee agenda had looked the same for decades. Work plans were driven by historical data, findings often did not represent areas of significant risk, and Committee meetings elicited minimal engagement from stakeholders. Recognizing these limitations, the Chief Internal Auditor (CIA) and the Audit Committee Chair decided to overhaul the meeting agenda to help achieve their mutually identified goal of enhancing the Audit Department’s relevance to the broader organization. Essentially, the CIA and Chair changed the allocation of the Audit Committee’s time by updating its agenda to reflect a risk-based approach as they looked at the organization from a hierarchical perspective. They started by understanding the risks that were of greatest interest to the Board, moved down to senior leadership and, eventually, to the roots of the organization.
The CIA did not eliminate routine, but necessary, audits from the agenda. Instead, the results of those audits were moved into the Committee’s consent agenda.[1] Now, the consent agenda includes routine, recurring items: meeting minutes, follow-up audits, and administrative items from external auditors. While the Committee still takes appropriate action to accept the items, moving them to the consent agenda provides the opportunity to devote more time and energy to discussion of higher-risk areas.
Another step taken to redirect Committee time was to change the presentation of other routine audits. Previously, the audits were presented in a long-form, narrative format that did not weigh the significance of the findings being discussed, making it difficult for Committee members to easily identify important information. Low-risk items were presented as though they carried the same weight as high-risk items. Today, these audit findings are presented using executive summaries that are shorter and concentrate on issues that factor in materiality.
Finally, the CIA and Chair added a sequence of new standing items to the agenda. The first items added related to Committee Development (i.e., annual orientation and ongoing education). The annual orientation agenda item occurs in the first meeting of the fiscal year, after updating board committee assignments. It includes an overview of the Committee Charter and history of the Committee as it relates to Enterprise Risk Management (ERM). The ongoing education agenda item is on the agenda year-round and offers an opportunity for Committee members to learn about audit, compliance, and risk management, as well as industry trends. This facilitates their understanding and consumption of the agenda items and the annual audit plan.
In addition to Committee Development, the CIA and Chair added a standing item for the Audit Department’s updates. These updates include topics such as progress against the annual audit plan and changes to the Department that may impact its ability to complete the audit plan or to stay on budget. The CIA also highlights cross-functional collaboration and professional development. So far, the CIA used this time to discuss the strategic direction of the Department in unique or emerging areas of risk, identifying how he will build capacity internally and externally. For example, the CIA advised the Committee about how the department created a resource to assist with an enterprise-wide information system installation, which required intensive focus during and immediately following its launch.
The Department and Committee needed a mechanism to make sure that changing risks remained on the radar.
The final standing item added to the agenda was an open platform for discussing emerging risks. A large component of ensuring the Department’s relevance is timeliness, and while a static annual audit plan may have the best of intentions, risks can and do change throughout the year. The Department and Committee needed a mechanism to make sure that changing risks remained on the radar. In addition to this platform for discussion by the Committee, the Department reserved a portion of the annual plan for special projects and requests so that when issues arise, the Department has the flexibility and agility to address the needs of the Committee in a timely manner. This standing item was also useful when the Audit Department updated its risk assessment process, as it allowed for Committee input when weighing newly identified risk factors.
While these standing items enhanced discussion of audit-related matters, the Committee also recognized a broader charge to provide centralized oversight of programs responsible for compliance with policies, procedures, and other requirements. This recognition led to the creation of a Compliance section in each agenda, allowing the newly created Compliance Department to provide updates and plans to the Committee. The Compliance Charter, separate from and parallel to the Audit Charter, allows the Committee to get updates on this important front with a familiar cadence.
The Committee, as well as the institution stakeholders, have a growing level of confidence in the audit and compliance functions.
All of these changes to the agenda resulted in more robust discussion at the Committee level. The Committee, as well as the institution stakeholders, have a growing level of confidence in the audit and compliance functions because they have seen their input, oversight, and direction yield better risk coverage. These changes provide the ability to relate the time spent in the Audit Committee meetings directly to ERM. The Audit Committee’s agendas used to be of interest solely to this committee of the Board; however, the increased relevance of reviews has garnered interest from other committees, the full Board, and the institution. Currently, the Audit Department is participating in this cross-functional support, achieving our goal of being relevant to the broader organization.
[1] A consent agenda is used to group routine, non-controversial items not typically requiring discussion or individual action by a governance committee into one agenda item.
About the Authors
Allison Stephens
Regent Allison Stephens, elected to the Board of Regents in 2012 (District 4, Clark County, NV), serves as chair of the Audit and Compliance Committee and Vice Chair of the Business, Finance and Facilities Committee. She is a member of the...
Read Full Author Bio
Allison Stephens
Regent Allison Stephens, elected to the Board of Regents in 2012 (District 4, Clark County, NV), serves as chair of the Audit and Compliance Committee and Vice Chair of the Business, Finance and Facilities Committee. She is a member of the Cultural Diversity and Title IX Compliance Committee and was appointed to the Subcommittee on Governance and Funding, part of the Nevada Legislature’s Interim Study Concerning the Governance Structure of and Funding Methods for Community Colleges, in July 2013. In 2016, Regent Stephens was appointed to the State Board of Education.
Articles
Driving Change through the Audit Committee Agenda
Joseph Sunbury
Joseph Sunbury is the Chief Internal Auditor for the Nevada System of Higher Education. He received his accounting degree from The Ohio State University and is a CPA in Ohio. He previously worked for a Big Four public accounting firm...
Read Full Author Bio
Joseph Sunbury
Joseph Sunbury is the Chief Internal Auditor for the Nevada System of Higher Education. He received his accounting degree from The Ohio State University and is a CPA in Ohio. He previously worked for a Big Four public accounting firm, publicly-traded companies in the gaming and steel industries, and most recently higher education. Joe believes strongly in the Internal Audit profession and enjoys collaboration with his colleagues, who help him learn something new every day.
Articles
Driving Change through the Audit Committee Agenda