TURNING LIGHTS GREEN:

A BEST PRACTICE GUIDE

FOR AUDIT COMMITTEES
CONTENTS
PART 1
SETTING UP AN EFFECTIVE COMMITTEE 4

PART 2
REMAINING FIT FOR PURPOSE: 9
HOW TO ASSESS EFFECTIVENESS

PART 3
MAXIMISING VALUE: A CLEAR AGENDA 10

PART 4
ASSESSING EXTERNAL AND INTERNAL 12
AUDIT PERFORMANCE, INCLUDING AUDITOR
PERFORMANCE CHECKLIST

APPENDIX A
AN ILLUSTRATIVE COMMITTEE REPORT 16

APPENDIX B
COMMITTEE EFFECTIVENESS 17
ADDITIONAL QUESTIONS

APPENDIX C
KEY LINES OF ENQUIRY FOR AN 21
AUDIT COMMITTEE

2
INTRODUCTION
As pressures on charities continue to increase, the need for
good governance cannot be overemphasised. Amid economic
uncertainty and changing beneficiary needs, organisations must
ensure their internal controls help them to manage risks and use
funds efficiently and effectively.
Audit, finance and risk committees can help charities meet this challenge. As audit
chair at the Royal Institution, I have seen first-hand the difference our enhanced
scrutiny provides to effective risk management in trustee decisions. While at
Centrepoint, I saw the audit committee scrutinise budgets and help the board
understand the financial impact of decisions.

But committees must constantly look for good practice and tools to
enhance their effectiveness. Given the pressure of time, it is critical
they have frameworks that make the tasks of financial and risk scrutiny
systematic and effective.

RSM has compiled a handbook that aims to help charities set up effective audit
committees. This practical tool will serve as a helpful reference point, even for
charities that have good governance. I wholeheartedly endorse it.

Sarika Patel
Trustee and Audit Committee Chair at the Royal Institution

3
 PART 1
SETTING UP AN
EFFECTIVE COMMITTEE
Audit committees have a key role to play in
demonstrating charities are well-led, well-run and
use resources effectively. But they must be set up
in the right way if they are to deliver these benefits.
This handbook will help charities reach confident decisions
when establishing an audit committee. It aims to help
members fulfil their core responsibilities by setting out
practical tools to focus activity, forge strong internal and
external relationships, and assess performance.
While the following templates can also serve as a useful
starting point for finance or risk committees, they do not
cover their full responsibilities. Both will need to access further
guidance on their other responsibilities, including how to review
risk registers, budgets, statutory accounts, management
information and bank and investment manager relationships.
Similarly, the provision of templates will not ensure the
success of an audit committee. Members must also have a
wider awareness of the direction of travel of the charity.

4
THE BOARD MAKES SURE THAT ITS COMMITTEES HAVE SUITABLE TERMS
OF REFERENCE AND MEMBERSHIP, AND THAT THE TERMS OF REFERENCE
ARE REVIEWED REGULARLY.
Charity Governance Code

Terms of reference
Committees must operate within terms of reference that • overview of the charity compliance function;
have been approved by the board. The terms of reference
• authority to conduct special investigations;
should be a living document that reflects the needs of the
organisation. It must be reviewed each year and updated as • authority to engage with specialists and independent
external factors change. experts;
Terms of reference should set out the committee’s: • method of self-assessment; and
• overall purpose, responsibilities and authority, to give • approach to reporting to the board.
clarity on what it is advising the board;
The following template does not cover all aspects of the
• membership, including how it manages conflicts of
committee’s responsibilities and it cannot be applied to every
interest and terms of appointment;
situation, but it will help guide initial conversations. Before
• frequency of meetings; adopting terms of reference, committees should gather input and
advice from legal counsel as well as external and internal auditors.
• member compensation (where relevant), including
payment of disbursements; References to internal auditors may not always be applicable
as some charities do not have an internal audit function.
• relationship with the board;
Where this is the case, the audit committee should regularly
• relationship with external auditors and, if applicable, review this position and document its decision.
internal auditors;

5
OVERALL PURPOSE, RESPONSIBILITIES AND AUTHORITY

External relationships
• Oversee annual external and internal audit appointments and the scope
of work undertaken.
• Meet external auditors and internal auditors at least once a year, without
management present, and discuss their reports at committee meetings.
• Ensure management address issues highlighted by external and internal
auditors in their management letters.

Internal reporting and decisions

• Meet with the chief financial officer/finance director at least once a year to
review the charity’s accounts.
• Make a recommendation to the board on whether the audited financial
statements should be approved and submitted, including adopted
accounting policies and trustees’ report content.
• Review and discuss financial information and press releases and advise the
board on the effectiveness of the internal control environment.

Compliance
• Carry out or authorise investigations into matters that fall within the
committee’s scope of responsibilities. This, for example, may include
dealing with regulatory and whistleblowing matters.
• Review and discuss with management the policies and guidance for risk
assessment and control.
• Carry out any action permitted by applicable laws, rules and regulations to
complete work authorised by this terms of reference.

Frequency of meetings
The committee should meet as often as circumstances dictate, but no less
than twice a year.
Meetings may be held in person or by video conference or telephone at the
discretion of the committee chairperson. Decisions may also be made by email;
this is often appropriate for time-critical matters.

6
 Membership and skills
The committee composition should reflect the needs and
WHERE THE CHARITY HAS AN concerns of the organisation. It must comprise at least three
AUDIT COMMITTEE, THE CHAIR members. A minimum of two members should also hold
board positions. However, the duties of committee members
IS SOMEONE WITH RECENT AND are separate to their responsibilities as board members. A
specified number of members will need to be present for the
RELEVANT FINANCIAL EXPERIENCE. meeting to be quorate.
Charity Governance Code The board will nominate a committee chair. They must not
also hold the chair position on the board as the committee
must have independent oversight. However, the committee
and board chairs should be in regular contact.
A vice chair may also be required to stand in when the chair
cannot attend meetings.
Members should have the right skills to fulfil their
responsibilities. They must be independent of management
and satisfy relevant membership and independence
requirements set by regulatory bodies.
The importance of financial management and financial reporting
means it is usual practice for at least one committee member to
have current and relevant financial and audit experience.
Members should understand the time commitment and
what is expected of them in their committee role. This clarity
can be used to periodically assess the effectiveness of each
member as part of an appraisal or review.
Members must not have an interest in the organisation or
engage in activities that would have a material adverse effect
on their independence or their ability to act in the best interest
of stakeholders. Members cannot vote on any matter that
they have a direct or indirect material interest in. Minutes
of meetings should note when a member abstains from a
decision to demonstrate that conflicts are being managed.
These processes should mirror those carried out by the board.
The board is responsible for making final determinations
on member independence. If concerns arise, the facts and
circumstances should be reported to the board. No action
should be taken until the board or the nominated governance
committee has determined the member’s independence.
The committee has the right to co-opt additional members for
set periods to provide specialist skills, knowledge and experience
as well as to procure specialist advice, where required. Audit
committee meetings will normally be attended by the chief
executive officer and finance director. Other organisation officials
may attend as needed to discuss particular matters.

7
Relationship with the board Financial statements
The chairperson must report regularly to the The committee must, in conjunction with the finance
board following meetings. This should cover committee or board, review the charity’s financial
matters related to the committee’s functions and statements before they are released or filed with the
responsibilities, including: regulator. It will review:

• decisions taken by the committee or • key accounting policies and disclosures

recommendations made to the board for as well as any key judgements made in
board approval; preparing the accounts;
• the quality of the organisation’s financial statements; • with the external auditor and management,
their processes for assessment of material
• compliance with legal or regulatory requirements;
misstatements, identification of the notable
• the external auditor’s performance and risk areas and their response to those risks;
independence; and
• the external auditor’s audit of and report on
• the performance of the internal audit function. the financial statements and compliance with
laws and regulations;
The committee can report regularly to the board • any additions or changes in auditing or
through meeting minutes, and an annual report. accounting principles suggested by the
An example report is included in Appendix A. external auditor, management or, where
applicable, the internal auditor;
• where applicable, with the internal
auditor, the reports on internal control and
compliance, the management letter and the
charity’s responses;
• the external auditor’s qualitative judgement
about the appropriateness, and not just the
acceptability, of accounting principles, use of
estimates, basis for determining the amounts of
estimates and financial disclosures;
Assistance from others
• any significant difficulties or disputes with
To aid discussions and decision making, the
management encountered during the course
committee may request reports from the chief
of the audit; and
executive officer, trustees or the finance director.
• any other matters related to the annual audit,
The committee may retain (and determine the
including those matters that are required to
funding for) experts to advise or assist it, including
be communicated to the audit committee
outside counsel, accountants, financial analysts
under applicable law and generally accepted
or others. This could include recruiting committee
accounting practice.
members as experts in a specific area for a fixed
period to support a particular project.
The charity must provide sufficient funding to cover
these costs. This can be accounted for in budgets.

8
PART 2
REMAINING FIT FOR PURPOSE:
HOW TO ASSESS EFFECTIVENESS
To remain fit for purpose, the committee must evaluate its
performance. As a starting point, members should think about the
following throughout the year.
• Have trustees received or been offered adequate training during the year so
they can fulfil their audit committee roles? Could they be offered development
opportunities in other areas?
• Do trustees have a constructive yet challenging relationship with management?
• How could meetings be improved?

However, the committee must also carry out an in-depth review of effectiveness
each year. This must look at all areas of the committee’s responsibilities. Example
questions are included below. A more extensive list is included in Appendix B.

QUESTION

Has the committee operated within the approved terms of reference? Yes No

Is the committee the right size and does it have the right mix of skills to fulfil its responsibilities? Yes No

Have conflicts of interest been appropriately declared and managed? Yes No

Has the committee held a meeting with the external and internal auditors (where applicable) without Yes No
management present?

Has the committee received reports from external and internal auditors, where applicable? Yes No

Were the papers a manageable length? Yes No

Were management responses clear and sufficient? Yes No

Were members encouraged to openly express their views? Yes No

Was sufficient meeting time available for debate on key items and issues? Yes No

Were members satisfied that decisions were sound? Yes No

Has the committee reported its decisions in full to the board as part of its annual report? Yes No

Have members received appropriate training/explanations for all committee activity? Yes No

All committee members, regardless of their experience, will have training and
development needs, from induction through to ongoing training and updates.
This self-assessment can help drive and focus this training.

9
PART 3
MAXIMISING VALUE:
A CLEAR AGENDA
An agenda and other relevant papers should be shared with
members in good time before each meeting. The chairperson should
be involved in setting the agenda and commissioning papers. This
helps focus discussions, supports decisions, maximises meeting time
and ensures the committee meets its responsibilities.
While some agenda items will be dictated by individual circumstances and recent
events, there are some core elements that should be considered each quarter or
each year. The order of the agenda should give prominence to significant matters. It
should allow sufficient time to discuss each item.

The following provide an indication of appropriate timescales for key discussions.

QUARTERLY
1.1 Discuss with management and the board any changes to applicable
laws and regulations or any issues that arise, such as correspondence
or publications from the Charity Commission, OSCR, ICO, Ofsted or the
Fundraising Regulator.

2. Discuss with senior management any significant changes to the budget

2
or actual performance on the budget.

3. Discuss with management any changes to the charity’s: internal controls;

3
systems, including IT; accounting principles; major programmes; or
business activities.

4
4. Consider updates from management on the implementation of external
and internal audit recommendations.

5
5. Discuss and follow up on actions arising from previous meetings.

6. Report significant findings to the board.

6

10
ANNUALLY EXTERNAL AUDIT
Internal audit (where applicable) 11. Review, revise and approve the external auditor's
1.
1 Review, revise and approve the internal auditor's terms of reference, including signing a letter of
terms of reference, including signing a letter of engagement, if necessary.
engagement, if necessary.
22. Review and approve the scope of the external audit
22. Review and approve the scope of internal audit coverage and staffing, timing of audit work and
coverage and staffing, timing of audit work and reporting to the committee.
reporting to the committee.
33. Discuss involvement in documenting, evaluating
3. Discuss compliance with laws and regulations.
3 and testing internal controls.

4. Discuss involvement in documenting, evaluating

4 44. Discuss the annual audit plan, covering:
and testing internal controls.
•• the agreed timetable and plan through to approval
5
5. Discuss findings from the completed internal audit work of the audit report;
with management and the internal audit lead, including the •• the process to ensure the independence of
recommendations arising that are high or medium risk. all client service team members, including
considering any non-audit work; and
6
6. Consider the performance of the internal auditors
against the agreed performance indicators. •• the key risks identified for the audit work.

55. Discuss the results of the annual audit, including

any departures from the audit plan and why these
occurred, and the contents of the management
MANAGEMENT letter, covering:

1 Discuss with senior management the •• critical accounting policies and estimates;
1.
organisation’s risk profile, risk management and •• corrected and uncorrected misstatements;
how threats including fraud are managed.
•• responses to the key risks identified at planning;
2
2. Discuss with senior management the monitoring •• any other audit, accounting or internal control
system in place to ensure all risks are identified and findings identified throughout the audit; and
controls implemented to mitigate their impact and
•• adherence to the overall timetable and team input.
likelihood. This will likely include oversight of the risk
register, either in whole or parts.

3
3. Discuss significant accounting estimates, unusual
major accounting transactions, related-party
transactions and off-balance-sheet activities,
including any changes. COMMITTEE
4 11. Consider the committee’s own effectiveness in its work.
4. Discuss critical accounting estimates and
accounting policies with management before the
22. Review the committee’s terms of reference.
annual report is released.
33. Produce an annual report of committee business.
5
5. Discuss management’s response to internal audit
report recommendations and the management
44. Ensure standard items, such as declarations of interest,
letter from the external auditor, including any
are considered and documented at each meeting.
barriers to implementation.

11
PART 4
ASSESSING EXTERNAL AND INTERNAL
AUDIT PERFORMANCE
The audit committee must forge strong connections with external and internal auditors if it is to
effectively carry out its responsibilities. As part of this, committees must set KPIs to assess the quality
of auditor relationships.
The following provide an indication of some relevant KPIs that • the approach to tracking and reporting on the
might be set around auditor relationships. implementation of recommendations from previous audits;
• the key areas that are of importance to the audit committee; and
Independence and objectivity
Did the audit team provide information about its policies and • significant changes in financial reporting requirements.
processes for maintaining independence?
The audit approach
Audit strategy Was the audit work carried out to the agreed strategy and dates?
Was the audit work planned with management in a timely
and appropriate way? Did the audit team include staff of sufficient seniority,
experience and expertise? Was there appropriate continuity
Did the audit team communicate the following to the audit from previous visits?
committee and management before work began:
• the audit strategy; Did the audit team appear knowledgeable about Charity
Commission and OSCR requirements, the Charities SORP and
• the terms of reference; any other laws, regulations and standards?
• the audit approach;
Did the audit team demonstrate appropriate understanding
• audit materiality adopted for the audit; of the charity and sector?
• the timetable for the audit and for oral and written
reports to be shared with the audit committee; Was the charity informed of any material events during the
course of the audit?
• the extent of any reliance to be placed by external
auditors on the work of internal audit (if applicable); Did the charity feel it received appropriate input from each
member of the audit team?

12
Conclusion and reporting of the audit Added value
Were written reports clear, concise and delivered on time? Has the audit team been sufficiently thorough and robust
when dealing with management and staff?
Were the recommendations considered constructive in
improving the charity’s control environment? Were they also Have staff provided positive feedback on the quality of the
considered practical and effective? audit work? Were ad hoc queries adequately dealt with?

Did the audit team attend audit committee meetings and Does the audit committee feel it received added value as part
adequately deal with queries? of the audit service provided?

If an audit report led to a qualified opinion or a significant Has the audit provided comfort to the audit committee that
deficiency in controls tested, were the issues of concern and the finance team and the charity’s internal controls are
the impact on the report discussed with management and sufficiently strong?
the audit committee at a sufficiently early stage?
Is it recommended that the incumbent audit provider be
Has there been a good working relationship between the re-appointed in the year ahead?
audit team, management and the audit committee?

13
Relationships with the auditors are key to the audit committee. As discussed
in earlier sections, the auditors, both external and internal, should be engaged
with the audit committee members. Below states what relevant auditing
standards say about this engagement.

Extract from International Auditing Standards

regarding the external auditor’s role for
communication with the trustees
The auditor's responsibilities the entity's accounting practices,
in relation to the Financial including accounting policies,
Statement Audit accounting estimates and financial
14. The auditor shall communicate statement disclosures. When
with those charged with applicable, the auditor shall explain
governance the responsibilities of to those charged with governance
the auditor in relation to the financial why the auditor considers a
statement audit, including that: significant accounting practice, that
is acceptable under the applicable
(a) the auditor is responsible for
financial reporting framework, not to
forming and expressing an opinion on
be most appropriate to the particular
the financial statements that have
circumstances of the entity;
been prepared by management[1b]
with the oversight of those charged (b) significant difficulties, if any,
with governance; and encountered during the audit;
(b) the audit of the financial (c) unless all of those charged
statements does not relieve with governance are involved in
management or those charged with managing the entity:
governance of their responsibilities.
(i) significant matters, if any,
arising from the audit that
Planned scope and timing of the audit
were discussed, or subject
15. The auditor shall communicate
to correspondence with
with those charged with governance
management; and
an overview of the planned scope
and timing of the audit. (ii) written representations the
auditor is requesting; and
Significant findings from the audit
(d) other matters, if any, arising
16. The auditor shall communicate
from the audit that, in the auditor's
with those charged with governance:
professional judgment, are
(a) the auditor's views about significant to the oversight of the
significant qualitative aspects of financial reporting process.

14
Extract from Performance Standards regarding the internal
auditor’s role for communication with the trustees:
The chief audit executive must report periodically to senior management and
the board on the internal audit activity's purpose, authority, responsibility and
performance relative to its plan and on its conformance with the Code of Ethics
and the Standards.
Reporting must also include significant risk and control issues, including fraud risks, governance
issues and other matters that require the attention of senior management and/or the board.

The frequency and content of reporting are determined collaboratively by the chief audit
executive, senior management, and the board. The frequency and content of reporting depends
on the importance of the information to be communicated and the urgency of the related actions
to be taken by senior management and/or the board.

The chief audit executive’s reporting and communication to senior management and the board
must include information about:

•• the audit charter;

•• independence of the internal audit activity;

•• the audit plan and progress against the plan;

•• resource requirements;

•• results of audit activities;

•• conformance with the Code of Ethics and the Standards, and action plans to address any
significant conformance issues; and

•• management’s response to risk that, in the chief audit executive’s judgment, may be
unacceptable to the organisation.

15
APPENDIX A
An illustrative committee report The audit committee discussed with the organisation’s internal
Audit committees may choose to report to the board by and external auditors the overall scope and plans for their
presenting meeting minutes or through a summary report respective audits. The committee meets with the internal and
of committee activity. Some will opt to do both. An example external auditors with and without management present, to
report is included below. discuss: the results of their examinations; their evaluations
of the organisation’s internal control, compliance with laws
Report from the audit committee and regulations; and the overall quality of the organisation’s
The audit committee provides oversight of the organisation’s financial reporting. The internal auditor has provided the board
financial reporting process on behalf of the board of trustees. with an opinion on the adequacy and effectiveness of the
Management is responsible for the financial statements and charity’s control processes. Recommendations arising from
the financial reporting process, including the system of internal this work have been discussed.
control. In fulfilling its oversight responsibilities, the committee
discussed the financial statements in the annual report with Based on the above discussions, the audit committee has
management. This included discussion about: the quality, recommended to the board of trustees (and the board has
not just the acceptability, of the accounting principles; the approved) the audited financial statements as of and for
reasonableness of significant judgements; and the clarity of the year ended [insert date] The committee and the board
disclosures in the financial statements. have also recommended, subject to stakeholder approval,
the retention of [insert name] as the organisation’s external
The external auditors are responsible for expressing an auditors and [insert name] as the internal auditors.
opinion on the financial statements. The committee met with
the external auditors to discuss: their judgement as to the [insert date]
quality, not just the acceptability, of the charity’s accounting
principles; the auditor’s independence; the compatibility of This report should be approved by audit committee members.
non-audit services; and other matters outlined for discussion The decision should be recorded in meeting minutes.
in International Standards on Auditing.

16
APPENDIX B
Assessing committee effectiveness checklist

UNDERSTANDING THE STRUCTURE, ROLES AND RESPONSIBILITIES OF THE COMMITTEE EFFECTIVE SUGGESTIONS FOR
IMPROVEMENT

The committee operates within set terms of reference, which have been approved by the board.

The committee reviews the terms of reference each year and suggests changes to the board.

Members have the right experience and qualifications to fulfil their duties.

The committee is the right size to meet the needs of the organisation.

Members are independent of management.

The committee evaluates its performance and recommends changes to the board.

Meeting agendas are prepared and shared in advance.

Meeting minutes are taken and shared with members.

Members receive training on accounting, auditing and financial reporting developments, and business
and industry issues.

Members ask tough questions, listen to answers and challenge responses.

The committee encourages a tone at the top that embeds ethical integrity, robust legal compliance
and strong financial reporting and internal control.

The committee is aware of leading governance practices and considers ways to improve.

17
UNDERSTANDING BUSINESS OPERATIONS EFFECTIVE SUGGESTIONS FOR
IMPROVEMENT

The committee understands the charity’s structure, programmes and revenue drivers.

The committee discusses its evaluation of financial reporting controls and disclosure processes with
management and internal and external auditors.

The committee evaluates whether management embeds the proper tone at the top and promotes
high-quality financial reporting, attention to internal control issues, and legal and regulatory compliance.

The committee reviews management’s procedures for monitoring compliance with the
organisation’s code of ethics.

The committee discusses with internal auditors their judgement on the adequacy of the charity’s
regulatory compliance programmes.

The committee receives the internal and external auditors’ assessments of fraud threats. It
understands the risks that lead to fraudulent financial reporting.

The committee is aware of regulator updates that may have a material impact on financial
statements, compliance policies or profitability.

UNDERSTANDING RISK MANAGEMENT EFFECTIVE SUGGESTIONS FOR

IMPROVEMENT

The committee receives regular updates from management on operating risks. It advocates effective
processes to identify and control threats.

The committee has discussions to understand the organisation’s technology strategy, information
systems and measures to protect IT resources.

The committee has discussions with senior management to understand emerging business risks.

18
UNDERSTANDING FINANCIAL REPORTING EFFECTIVE SUGGESTIONS FOR
IMPROVEMENT

The committee reviews financial statements with senior management.

The committee discusses the transparency and clarity of the financial reporting and disclosures with
the charity’s internal and external auditors.

The committee understands the business’ purpose and reasons for major or unusual transactions.

The committee evaluates the financial reporting and considers red flags that may indicate net
asset mismanagement.

Before the annual report is published, the committee discusses the selection, application
and disclosure of the charity’s critical accounting policies with management and internal and
external auditors.

The committee reviews the financial statement to ensure it demonstrates how risks are managed.

The committee discusses uncorrected misstatements with management and auditors to determine
why they were not updated. It evaluates the impact on the financial statements and stakeholders if
misstatements were corrected.

UNDERSTANDING INTERIM FINANCIAL REPORTING EFFECTIVE SUGGESTIONS FOR

IMPROVEMENT

The committee receives material to review before interim reporting packages are released.

The committee (or committee chairperson) discusses and reviews interim financial statements
with management.

Management briefs the committee on how it develops and summarises interim financial information,
and how the interim financial close process differs from the annual financial close process.

The committee reviews with management any significant year-end issues that may impact the
financial integrity of interim accounting and reporting practices.

19
UNDERSTANDING THE AUDIT PROCESS EFFECTIVE SUGGESTIONS FOR
IMPROVEMENT

The committee understands internal and external audit processes.

The committee reviews significant control deficiencies identified by internal or external auditors, and
management’s plan and timetable to address them.

The committee reviews the internal audit terms of reference each year to ensure it is fit for purpose.

The internal audit function reports to the committee.

The committee reviews the quality, experience and objectivity of the internal auditors.

The committee determines whether audit coverage is appropriate by discussing the scope of internal
and external auditors, their results, any changes to their approach, the extent of control testing and
the coordination of their activities.

The committee reviews the external auditor's independence.

The committee approves and signs the annual audit engagement letter, and approves the audit fee.

The committee has a process to identify and approve non-audit services delivered by the external
audit firm.

DEVELOPMENT OF A COMMUNICATION PROCESS EFFECTIVE SUGGESTIONS FOR

IMPROVEMENT

The committee reports to the board after each meeting.

The committee meets with senior management, as circumstances dictate.

Management provides the committee with a written report on the effectiveness of internal financial
reporting controls.

The committee meets with internal and external auditors, as circumstances dictate.

The committee reviews management’s response to audit recommendations and whether corrective
action is timely and effective.

The external auditor provides the committee with its assessment of the financial reporting
personnel in the organisation, including the size of the team and their experience and capabilities.

20
APPENDIX C
KEY LINES OF ENQUIRY FOR AN AUDIT COMMITTEE
This list of questions is not intended to be exhaustive or restrictive nor should it be
treated as a tick list that substitutes detailed consideration of the issues it raises.
Rather it is intended to act as a prompt to help an audit committee ensure that its
work is comprehensive.
On the strategic processes for risk, control and On risk management processes, how do we know:
governance, how do we know:
•• how senior management support and
•• that the risk management culture is appropriate? promote risk management?
•• that there is a comprehensive process •• how well people are equipped and
for identifying and evaluating risk, and for supported to manage risk?
deciding what levels of risk are tolerable?
•• that there is a clear risk strategy and policies?
•• that the risk register is an appropriate
•• that there are effective arrangements for
reflection of the risks facing the organisation?
managing risks with partners?
•• that appropriate ownership of risk is in place?
•• that the organisation’s processes incorporate
•• that management has an appropriate view of effective risk management?
how effective internal control is?
•• if risks are handled well?
•• that risk management is carried out in a way that
•• if risk management contributes to
benefits the organisation or whether it is treated
achieving outcomes?
as a box ticking exercise?
•• that the organisation as a whole is aware of
the importance of risk management and of
the organisation’s risk priorities?
•• that the system of internal controls will
provide indicators if things are going wrong?
•• that the annual review of internal control is
meaningful, and what evidence underpins it?
•• that the review of internal controls
appropriately discloses action to deal with
material problems?
•• that the organisation is appropriately considering
the results of the effectiveness review
underpinning the internal controls assessment?

21
On the planned activity and results of both internal and •• that suitable processes are in place to ensure accurate
external audit, how do we know: financial records are kept?
•• that suitable processes are in place to ensure fraud is guarded
•• that the internal audit strategy is appropriate for the
against and the appropriate use of funds is achieved?
delivery of a positive, reasonable assurance on the whole of
risk, control and governance? •• that financial control, including the structure of
delegations, enables the organisation to achieve its
•• that the periodic audit plan will achieve the objectives of
objectives with good value for money?
the internal audit strategy and, in particular, whether it is
adequate to facilitate a positive, reasonable assurance? •• if there are any issues that are likely to lead to
qualification of the accounts?
•• that internal audit has appropriate resources, including
skills, to deliver its objectives? •• if the accounts have been qualified, that appropriate
action is being taken to deal with the reason for
•• that internal audit recommendations that have been
qualification?
agreed by management are actually implemented?
•• that issues raised by the external auditors are given
•• that any issues arising from line management not
appropriate attention?
accepting internal audit recommendations are
appropriately escalated for consideration?
On the adequacy of management response to issues
•• that the quality of internal audit work is adequate? identified by audit activity, how do we know:
•• that there is appropriate co-operation between the
internal and external auditors? •• that the implementation of recommendations is
monitored and followed up?
On the accounting policies, the accounts, and the annual •• that there are suitable resolution procedures in place for
report of the organisation, how do we know: cases when management reject audit recommendations
that the auditors stand by as being important?
•• that the accounting policies in place comply with
relevant requirements? On assurances relating to the corporate governance
•• there has been due process in preparing the accounts requirements for the organisation, how do we know:
and annual report and whether that process is robust?
•• that the range of assurances available is sufficient to facilitate
•• that the accounts and annual report have been subjected to the drafting of a meaningful assessment of internal control?
sufficient review by management and by the board and CEO?
•• that those producing assurances understand fully the
•• that when new or novel accounting issues arise, scope of the assurance they are being asked to provide,
appropriate advice on accounting treatment is gained? and the purpose to which it will be put?
•• that there is an appropriate anti-fraud policy in place and •• what mechanisms are in place to ensure that
losses are suitably recorded? assurances are reliable?

22
 •• that assurances are ‘positively’ stated
(ie premised on sufficient relevant
evidence to support them)?
•• that the assurances draw appropriate
attention to material weaknesses or
losses that should be addressed?
•• that the assessment of internal
control realistically reflects the
assurances on which it is premised?

On the work of the audit committee itself,

how do we know:

•• that we are being effective in

achieving our terms of reference
and adding value to the corporate
governance and control systems of
the organisation?
•• that we have the appropriate skills mix?
•• that we have an appropriate level of
understanding of the purpose and
work of the organisation?
•• that we have sufficient time to give
proper consideration to our business?
•• that our individual members are
avoiding any conflict of interest?
•• what impact we are having on
the organisation?

23
CONTRIBUTORS
Nick Sladden
Nick is head of charities at RSM and is responsible for a
portfolio of sector clients, including a number of top 250
charities. He gained the ICAEW Diploma in Charity Accounting
in 2008 and completed the Governing for Nonprofit Excellence
Program at Harvard Business School in 2014. He is a trustee
and volunteer for two national charities.

Hannah Catchpool
Hannah is head of charities for London and the East of
England at RSM. She is responsible for a portfolio of sector
clients, including a number of top 250 charities as well as
educational institutions. She holds the ICAEW Diploma in
Charity Accounting and is currently completing an MSc in
Voluntary Sector Management at Cass Business School. She
is a trustee for a leading children and young people charity in
the East of England.

EXISTING RESOURCES AND GUIDANCE

References throughout this document to the ‘Charity
governance code’ quote the most recent available version at
the time of publication of Good Governance: A code for the
Voluntary and Community Sector. A copy of that publication
is available from www.governancecode.org

rsmuk.com

The UK group of companies and LLPs trading as RSM is a member of the RSM network. RSM is the trading name used by the members of the RSM network. Each
member of the RSM network is an independent accounting and consulting firm each of which practises in its own right. The RSM network is not itself a separate legal
entity of any description in any jurisdiction. The RSM network is administered by RSM International Limited, a company registered in England and Wales (company
number 4040598) whose registered office is at 50 Cannon Street, London EC4N 6JJ. The brand and trademark RSM and other intellectual property rights used by
members of the network are owned by RSM International Association, an association governed by article 60 et seq of the Civil Code of Switzerland whose seat is in Zug.

RSM Corporate Finance LLP, RSM Restructuring Advisory LLP, RSM Risk Assurance Services LLP, RSM Tax and Advisory Services LLP, RSM UK Audit LLP, RSM UK
Consulting LLP, RSM Employer Services Limited, RSM Northern Ireland (UK) Limited and RSM UK Tax and Accounting Limited are not authorised under the Financial
Services and Markets Act 2000 but we are able in certain circumstances to offer a limited range of investment services because we are members of the Institute of
Chartered Accountants in England and Wales. We can provide these investment services if they are an incidental part of the professional services we have been engaged
to provide. RSM Legal LLP is authorised and regulated by the Solicitors Regulation Authority, reference number 626317, to undertake reserved and non-reserved legal
activities. It is not authorised under the Financial Services and Markets Act 2000 but is able in certain circumstances to offer a limited range of investment services
because it is authorised and regulated by the Solicitors Regulation Authority and may provide investment services if they are an incidental part of the professional
services that it has been engaged to provide. Baker Tilly Creditor Services LLP is authorised and regulated by the Financial Conduct Authority for credit-related regulated
activities. RSM & Co (UK) Limited is authorised and regulated by the Financial Conduct Authority to conduct a range of investment business activities. Whilst every
effort has been made to ensure accuracy, information contained in this communication may not be comprehensive and recipients should not act upon it without seeking
professional advice.

© 2017 RSM UK Group LLP, all rights reserved. 3022 part2. Expires 1217