Ten rules for effective audit committees.

• Author: OLSON, JOHN F.

None of these practical 'rules of the road' focuses on committee member credentials, adds to the catalog of formal committee tasks, or requires the preparation of formal certifications or reports.

ON FEBRUARY 8, 1999, the Blue Ribbon Committee on Improving the Effectiveness of Corporate Audit Committees, chaired by Ira Millstein and John Whitehead, issued its report and recommendations. This effort is one of many chapters in a story that began more than 20 years ago with the enactment of the Foreign Corrupt Practices Act of 1977, which requires that accurate financial books and records be kept, and that internal controls be reasonably designed to prevent and detect fraud and assure preservation of assets and adherence to corporate policies. And the Millstein/Whitehead Report is not the last chapter. In October 1999, a comprehensive study of audit committees was released by a different Blue Ribbon Commission, this one a joint effort by the Center for Board Leadership and the National Association of Corporate Directors. Chaired by former SEC Commissioner A.A. Sommer Jr., this latest study provides further practical guidance for conscientious boards of directors. [Ed. Note: Also in October, the SEC propo sed its rule changes that would implement the Millstein/Whitehead Committee's recommendations.]

As counsel to a number of corporate audit committees, I have developed my own conclusions and recommendations for "best practices" that truly do make a difference in committee effectiveness. The following suggests 10 rules of the road for effective audit committee work. In contrast to criticisms leveled at the Millstein/Whitehead Report, note that none of these practical rules focuses on committee member credentials, adds to the catalog of formal committee tasks, or requires the preparation of formal certifications or reports.

1. Recognize practical ilmitations

   Directors are not and should not try to be full-time corporate managers. Except in times of crisis, they should provide oversight and counsel to the managers of the corporation, but they are not responsible for the day-to-day work of management or for setting the company s strategic course. Audit committee members, in ordinary times, meet three or four times a year for a few hours. Even if they meet more frequently, as a practical matter they can have only a general overview of financial statements and accounting issues. Effective audit committees recognize that they cannot micro-manage the enterprise, and focus on what they can do well as overseers of financial integrity and risk management.

2. Audit committees are not auditors or lawyers

   While it may well be desirable that at least some audit committee members have financial management or accounting backgrounds, not all boards have or can recruit outside directors with such qualifications. As a practical matter, while one can expect all audit committee members to have, or take the time to learn, a basic knowledge of the essential principles of financial reporting -- to be able to "read" financial statements, including the footnotes, with understanding -- the audit committee will have neither the time nor the technical expertise to second-guess book entry decisions and selection of applicable or "appropriate" accounting principles, or to determine the "quality" of financial reporting decisions.

   Effective audit committees understand that they are not and cannot be auditors. They focus on being comfortable with the integrity and skill of the auditors, internal and external, who report to them. While they should exercise constructive skepticism as they meet privately to question outside auditors about the quality of management's financial reporting and to question both external and internal auditors about the...