RISK IN SESSION: CAEs and audit committees can use executive sessions to enhance the organization's risk culture.

AuthorDuckwitz, Sarah
PositionRisk Watch

Executive sessions should be on the agenda of every audit committee meeting. This means that all members of management leave the room, and the chief audit executive (CAE) has time alone with audit committee members. Executive sessions enable the committee to share risk concerns candidly. Scheduling an executive session at every meeting makes it less unusual when the CAE needs to ask for a session to discuss a specific concern.

While audit committee agendas can be routine and well-defined, executive session agendas normally are less clear. Although the CAE may have a few prepared remarks, theses sessions typically revolve around one question asked by the audit committee: "Is there anything we need to talk about this time?" Yet, CAEs can make these executive sessions more valuable by engaging committee members in a dialogue about the organizations risk culture.

Set the Agenda

As with the full audit committee meeting, having an agenda for the executive session is helpful. This should be a casual agenda that is not distributed; instead, the CAE should use it to ensure the session covers all topics of interest. The executive session agenda can include standard updates and risk topics specific to committee member concerns.

Because committee members may not know what to ask CAEs during executive sessions, CAEs can engage the audit committee in a variety of topics, including risk culture--how the business understands and manages risk.

In preparing for executive sessions, CAEs can create a list of ongoing and meeting-specific topics that address risk culture. Examples include tone at the top, corporate culture, governance, or overall risk monitoring. CAEs can provide insight into these areas without the committee having to ask for it, while hearing committee members' perspectives.

Share Risk Perspectives

Communication in executive sessions is a two-way street. The committee can provide valuable information to the CAE, while the CAE can share risk information and preferred action steps. During the session, the CAE can ask:

* What decisions is the board contemplating that may represent a strategy change?

* What concerns do audit committee members have about specific strategies or risks?

* What risks should internal audit prioritize?

Additionally, listening to committee member concerns is valuable for understanding what they view as important.

For CAEs, targeted questions can yield details that may lead them to update the audit plan or add a project to...

To continue reading

Request your trial