External audit is an instrument of the audit committee, as mandated under the Companies Act 2013, meant for assessing and reporting the true and fair view of financial health of the company. It thus becomes important for the committee to ensure that the audit and auditor remain independent.
The committee comprising two-third of members as independent directors including the chairperson, makes recommendations to the board of directors on the appointment, removal and remuneration of auditors. It is also required to review and monitor the effectiveness of the audit. The procedure followed by audit committee of many companies is however ad hoc and its role is confined to selecting an audit firm based on evaluation undertaken by CFO and CEO or of a particular firm as suggested by them, for recommendation to the board. The involvement of the committee and its members is thus more in form of compliance requirements rather than in substance.
Some audit committees do carry out a detailed exercise for identifying an audit firm commensurate to the nature, size and complexity of the business. They also assess the technical and support infrastructure within the firm, and the team’s competence. However, the policy and procedure is not well laid out. In the case of banks and NBFCs, though RBI in April 2021 issued broad framework of procedure to be followed, the audit committees have not outlined the procedure to be followed in initiation, evaluation and shortlisting of a panel of audit firms, and in determining their independence and ability to perform audit within the contours of the framework.
SEBI, RBI norms
The Companies Act, 2013, LODR of SEBI, and guidelines issued by RBI taken together have positioned the audit committee as pivotal to transparency in governance and financial reporting. For proper discharge of responsibilities, the committee should define qualitative parameters like professional and ethical culture within the firm. These may include capability and competence level of audit partner and staff, quality control and data security mechanisms, technology usage, among other parameters. For the company’s annual report, the committee should indicate the criteria set for appointment of the auditor, and measures for ensuring his independence or avoiding potential conflict of interest.
The Audit Committee should also create an eco-system within the organisation that accepts audit as a value addition exercise, necessary for bringing integrity in internal processes and financial reporting. It should hold regular interactions with the auditor, and the management on audit plan, progress made, critical issues raised by the auditors and follow up action by the management.
The writer is former Secretary, ICAI