What Role Does the Audit Committee Play in the Organization’s Internal Control Environment?

Internal control over financial reporting is crucial to the governance of an organization. The audit committee’s primary responsibility with respect to internal control is the internal control over financial reporting.

In order to be knowledgeable about management’s evaluation and assessment of internal control, the audit committee needs a good understanding of the organization’s framework and related components of internal control. One framework used in practice includes the following key integrated components:

• Control environment – tone of the organization
• Risk assessment – identification and analysis of relevant risks
• Control activities – policies and procedures
• Information and communication – relevance and timeliness
• Monitoring – ongoing assessment of controls

Understanding of the organization’s control environment; how robust the risk assessment process employed by management is; what activities in the form of policies and procedures have been put in place by the organization to meet risk management objectives; whether information and communications are relevant and timely to ensure adequacy of the internal control system; and how well the organization is able to monitor existing controls to ensure they are operating effectively and efficiently is paramount for the audit committee to then be able to understand how and where things may go wrong.

In this regard, auditors are required to report all significant deficiencies and material weaknesses, in writing, to the audit committee. A significant deficiency (SD) is defined as a deficiency, or a combination of deficiencies, in internal control over financial reporting that is less severe than a material weakness, yet important enough to merit attention by those responsible for oversight of the organization’s financial reporting.

A material weakness (MW) is defined as a deficiency, or a combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of the organization’s financial statements will not be prevented or detected on a timely basis.¹

UP NEXT: What is the Audit Committee then expected to do with Such Information on Reported SDs and MWs?

GO BACK: Effective Audit Committee Guide

(1) Note: AICPA SAS 115, as it pertains to nonpublic organizations, aligns the definitions of significant deficiencies and material weaknesses with those included in PCAOB AS 5. SAS 115 also requires the auditors to communicate in writing to the audit committee or those charged with governance of nonpublic organizations SDs and MWs identified during the course of the audit. Refer to the earlier section on required communications for more information.