What is an audit committee report?

Audit committee reports provide a quarterly and annual snapshot of the financial reporting process, the audit process, information on the company’s internal controls system, and assurance that the company is in compliance with laws and regulations.

Audit committees need to be up-to-date on significant accounting and reporting issues and any professional or regulatory changes that might impact the company’s financial statements. Audit committees also must have an understanding of how management collects data so they can assess whether the reports are accurate and complete.

There are various ways of formatting and reporting data. Some of the information in an audit committee report varies by industry. For this reason, the board and management need to reach an agreement about what information should be included and how it should be presented, including which audit management software to use. The agreement should incorporate the requirements of the audit committee charter and the internal audit department charter.

Audit committees should be familiar with the board’s communication style and respond accordingly. It’s common for audit committees to meet with boards and/or management separately to better understand the reporting framework and their expectations from the start.

At the time of audit reporting, board directors will want to know about changes in committee members and their backgrounds. They may also want to review prior audit committee reports and minutes. Boards will also expect to have any documented arrangements about the expectations for the content in the report.

What Does an Audit Committee Report Do?

An audit committee report gives boards quarterly and/or annual insight into the organization’s financial reporting, specifically the audit process, internal controls and assurances. This not only keeps the board aware of potential risks but also equips them to make critical financial decisions.

Audit committees can report quarterly or annually, depending on the needs of the organization and the board. These reports should detail both the current state of financial reporting processes and the auditor’s recommendations for what actions the organization can take. Recommendations are a great way to support the board and show the audit team’s value, which can help prevent the obsolescence of internal audit.

Though reports may vary from organization to organization, there are four main types of reports. Audit committees should familiarize themselves with these reports to better interpret them for the board.

What Information Goes into an Audit Committee Report?

A lot of information can go into an audit report. Each organization will have varying amounts of data to include, from internal controls to compliance assurances. The following is the most common information that goes into an audit committee report:

• Audit Background: The report overview should explain the area being audited. This should establish a shared understanding for the rest of the report.
• Scope: This defines what exactly was being audited within the audit area. 
• Audit Period: This outlines what timeframe was included in the audit. 
• Findings: Audit teams should summarize findings. This should help boards understand the results without having to read the entire report. The findings summary is also a great place for audit teams to begin making recommendations. 
• Dashboard Reports: These should communicate current activities, annual plan changes, the status of the annual audit plan, and red-flag items or concerning trends.
• Internal Audit Requirements: The audit committee reports should convey the internal audit team’s staffing needs, the impact of limited resources and budget-cost comparison for the year.
• Special Investigations: This part of the report should detail the outcome of any special investigations and a scorecard for department performance. 
• Summaries: Audit teams should summarize the quarterly reports with the most findings and other aggregated reports.
• Monitoring and Follow-Up: This section should tell the board how the internal audit team will continue to monitor the audit area and any audit outcomes. 
• Financial Values: If the audit team uncovered any instances of fraud, they should detail in the report the financial risks and/or costs associated with each instance. 

How to Format Quarterly Audit Committee Reports

Audit committees should be able to access all reports; however, they may decide not to review all of them. Management’s goal is to summarize the most important information for the audit committee and the board. The board is interested in routine findings that are presented in a logical, consistent format.

Audit committees report separately on matters that could affect financial reporting fairness, ethics breaches, fraud reports and reports of incidents where management responded to or acted on findings or recommendations contained in the report.

Typical Audit Committee Agenda

A typical audit committee agenda is much like the agenda for any other committee. An audit committee starts with a call to order, which is followed by a review and approval of minutes from the previous meeting. 

The next item for discussion is the audit committee report by the internal auditors, which is followed by the audit committee report by the external auditors.

Other matters such as legal or compliance issues come next in the agenda and then the committee may decide to meet in executive session before the CEO and CFO give a formal presentation of quarterly or annual reports to the shareholders for formal approval.

Finally, the chair announces the date and time of the next meeting and the committee adjourns.

The Schedule of the Audit Calendar

The audit committee should complete audit planning, which includes a calendar to ensure that they’re performing all the necessary duties at various times of the year. A year in internal audit might look like the following:

• First Quarter: In the first quarter, the committee should do a review of the audit results and reports and review the internal and external quality assurance procedures.
• Second Quarter: The second quarter is the time to review the budget, staffing and resources and note any constraints on resources. During the second quarter, the audit committee should also review the audit results and reports and confirm the independence of the internal audit.
• Third Quarter: During the third quarter, the committee should tend to the scope, procedures and timing of the audits and, again, review the audit results and audit committee reports.
• Fourth Quarter: In the fourth quarter, committees should review the charter, mission and objectives and review the audit results and reports. As necessary, the committee should appoint the chief audit executive and decide on compensation for the role.

The Role of the Audit Committee

In addition to overseeing the audit committee report, the audit committees are responsible for reviewing the results of the audit with management and the external auditors. Committee members also review any matters that they’re required to share with management and external auditors as required by generally accepted auditing standards.

Audit committees are responsible for appointing external auditors, setting their compensation and overseeing their work. CPAs report to the audit committee rather than management. Committee members should set controls over financial reporting, have assurance of information technology security and be familiar with operational matters like audit software.

At audit time, audit committee members meet with the external auditors to discuss any private matters. Committees will review their approach to the audit and take steps to coordinate the audit with the internal audit staff. Internal audit committees review and approve the audit plan, review staffing and organization, and meet with internal auditors and management on a periodic basis to discuss pertinent issues.

Audit committees have the authority over their own budgets and manage the costs of external audits, and this process should lend assurance to investors that the financial reporting is accurate.

There are mission-critical risks outside of internal audit’s typical scope. You can’t fill your audit plan with these risks, but you have to incorporate them into your planning. — Fola Ojumu, Partner, Kearney & Company

Use Reports to Future-Proof Internal Audit

Audit committees should have at least one person on the committee — and ideally the board — who is considered a financial expert. But even having an internal audit champion on the board isn’t always enough to prove the relevance of internal audit. Effective reporting is.

We as auditors don’t make the company any money, unless we make a cost recovery, which is a one-time event. We need to keep giving strategic value to the organization so they keep funding our resources. — Tom Keaton, Director of Internal Audit, Crown Castle

Though technology can help promote the value of internal audit, it's most effective with a solid internal audit strategy. Teams need to find ways to proactively identify risks, which can be challenging in an ever-changing risk landscape. With so much information needed in an audit committee report and numerous opportunities, aggregating, storing and relaying the relevant data is difficult. New tools that leverage automation and machine learning can help.

Find out how merging a robust strategy with the right audit management software solution can drive the relevancy of internal audit well into the future. Download our eBook Future-Proofing Internal Audit now.