Audit Committees in Central Banks

This paper reviews the tasks and design of audit committees, increasingly recommended as a way to strengthen financial accountability and good central bank governance. It outlines the motivations for the establishment of audit committees in commercial corporations and public sector entities, and explains how audit committees interact with other governance bodies within a central bank. The paper focuses on the functions of an audit committee, since the terminology of the governance structure is often country-specific. It summarizes operational issues to consider in designing an effective audit committee and discusses the implications for central bank legislation.

Abstract

This paper reviews the tasks and design of audit committees, increasingly recommended as a way to strengthen financial accountability and good central bank governance. It outlines the motivations for the establishment of audit committees in commercial corporations and public sector entities, and explains how audit committees interact with other governance bodies within a central bank. The paper focuses on the functions of an audit committee, since the terminology of the governance structure is often country-specific. It summarizes operational issues to consider in designing an effective audit committee and discusses the implications for central bank legislation.

I. Introduction

The purpose of this paper is to review the tasks of audit committees within the overall governance structure of a central bank and discuss key features of their design. The paper also examines some evolving issues of special relevance to audit committees in central banks. The survey of central banks included in this paper illustrates that oversight bodies such as audit committees may take many forms.2 The paper maintains that the key to good governance is whether the core audit committee functions are performed effectively, rather than the specific configuration.

It is increasingly being considered best practice for central banks to establish an audit committee. In the absence of a similar oversight body, it is frequently recommended—for instance, in the International Monetary Fund’s (IMF) Safeguards Assessments—that central banks establish such a committee.3 The first step is a careful analysis of the overall governance arrangements: for central banks with a two-tier board structure, financial oversight functions may already be performed explicitly by a supervisory board or a special audit board, obviating the need for a separate audit committee. The existence of an audit committee is not a guarantee of effective oversight, as demonstrated by recent instances of corporate failure.4 Checks and balances and the quality of board oversight are central to the reputation and credibility of central banks, and closely linked to their policy effectiveness. Since central banks are held accountable for policy implementation and the stewardship of public resources,5 the quality of financial disclosure is a major concern.6 It is therefore useful to review how the audit committee functions, which are increasingly requiring special expertise, are put into practice in central banks, enabling them to provide the assurances of integrity required of any public institution.

The duties performed by an audit committee are at the heart of the governance framework of an organization. The narrowly defined function of an audit committee is to exercise oversight of an entity’s internal control, financial reporting and disclosure process. To do this, the committee needs a good understanding of the underlying accounting framework, the organizational relationships upholding governance and the process of its financial reporting. An audit committee is usually not involved in assessing the quality of the implementation of policies, compliance of non-financial matters, and risk-management, which typically is the responsibility of other bodies. However, the scope of audit committees, which is summarized in Box 1, varies.

This paper examines how the body performing the audit committee functions derives its authority and how it fits into the overall governance framework. While a variety of organizational structures exist to discharge these duties, the creation of a specialist audit committee is becoming a widespread configuration to strengthen the board’s oversight and its fiduciary responsibilities.7 It is important that the committee is integrated into the overall governance framework so to avoid overlaps and omissions and any dilution of the board’s ultimate responsibility.

This paper is organized as follows. Section II makes a case for audit committees in central banks, within a historical and cross-sectoral perspective. Section III explains how an audit committee can fit in the overall governance framework of a central bank, while avoiding duplication and dilution of responsibilities (as elaborated in Appendix I). Section IV reviews some operational issues in designing effective audit committees for a central bank (complemented by the survey of central banks in Appendix II). Section V discusses the pros and cons of entrenching an audit committee in central bank legislation. Section VI summarizes and concludes.

II. The Case for Audit Committees in Central Banks

Good governance principles are fairly well developed for commercial corporations,8 and public sector organizations,9 but less so for central banks. In contrast to commercial corporations—to which accounting frameworks are typically designed—the objective of a central bank is usually the effective and efficient policy implementation of its designated objective(s), functions, and tasks rather than maximization of shareholder wealth. The financial reporting framework for a central bank should thus, in principle, be more focused on stewardship of public funds, i.e., its efficient use of resources. However, applying internationally recognized accounting frameworks for central banks performing a broad range of commercial transactions, is very useful from a transparency perspective. This section thus starts by referring to corporate governance practices in the private sector before discussing efforts to enhance transparency and accountability in government organizations. Notwithstanding differences between jurisdictions,10 company law is increasingly converging on the recognition of good governance principles, generally interpreted as the organizational configuration and procedures that will most effectively and efficiently help achieve the objectives, tasks, and functions of an organization.11 Since this is still an evolving process and these principles are even less explicit for central banks,12 the focus is on the substantive functions of an audit committee, audit board, supervisory board, or similar body, rather than its form.

The Scope of an Audit Committee

Objective(s): Oversight, on behalf of the board of directors, and in accordance with the audit charter and any internal regulations approved by the board, of internal control and financial reporting. The board’s fiduciary duties delegated to the audit committee typically include ensuring the existence and operation of an effective system of internal controls; the quality and transparency of financial reporting and disclosures; the existence of a sound risk management framework, although risk management oversight responsibilities are not a universal feature of audit committees; fraud management; and legislative compliance.

Tasks and Responsibilities: Assist the board in overseeing internal and external auditors and the disclosure of quality financial statements:

  • Disclosure of financial statements: exercise oversight of an entity’s accounting framework, financial reporting, and disclosure process. For central banks, the distinction between realized and unrealized profits may be particularly important.

  • Interim financial statements: review the process and statements paying particular attention to complex or unusual transactions, and judgmental areas where underlying assumptions may have significant impact on equity capital.

  • Internal controls: assess the adequacy of internal controls and risk management systems based on the information provided by management, the internal and external audits, and follow-up on their recommendations.

  • Internal audit: review of adequacy of internal audit function, including qualification of staff, resources, and quality of reports. The audit committee may have a role in appointing the head of internal audit, evaluating his/her performance, reviewing the internal audit plan and assessing the adequacy of internal audit resources.

  • External audit: approve and understand the accounting framework, follow-up on recommendations from internal and external auditors, and review the financial statements prior to publication. Ensure rotation of external auditors, ascertain their quality and independence and, in some cases, delegated responsibility for their appointment. Monitor compensation of external auditors with a view to prevent conflicts of interest when external auditors are used as consultants.

  • Compliance with laws and regulations: process for compliance with relevant laws and regulations, including tax legislation. In central banks, the legal counselor or a compliance officer will often perform this function, which can be overseen by an audit committee.

  • Code of conduct: process for monitoring compliance. In some countries, the audit committees may also serve as a contact point for whistle blowers and liaise with the ethics officer. They may be required to assess the adequacy of disciplinary sanctions for breaching the code of conduct, and with the growing regulatory emphasis on prevention and detection of fraud, they may also be required to set up formal complaints procedures.

Sources: Apostolou and Jeffords (1990), PriceWaterhouseCoopers (1999, updated in 2003), Turner (2001), National Association of Corporate Directors (2004), Bromilow and Berlin (2006), and The Institute of Internal Auditors (2006).

A. A Corporate Perspective

An audit committee may be envisaged as a mechanism to address principal-agent challenges and fulfill fiduciary duties. The challenge is how owners (the principal) can monitor and ensure that the employee (the agent or management) pursue the owner’s objective.13 The audit committee may either perform its duties as principal, whereby the legislation would hold it directly accountable, or it may be acting as the agent of the board, which would retain ultimate responsibility. It is therefore essential that the committee fully understands the capacity under which it operates. Fiduciary duties discharged by audit committees and, in some countries, the emergence of legal liability14 also stem from the separation of management and owners. They entail that the highest standards of care be taken by truly independent members and imply that the focus on maximizing “shareholder wealth” be broadened to encompass “stakeholder wealth.” 15

Underlying the interest in oversight effectiveness is the recognition that businesses may lose as much value from weak internal control and financial reporting as from poor strategic decisions. The oversight function may be strengthened by either attributing specific functions (e.g., oversight and strategic decisions) to different boards, depending on the prevailing legal framework, or by adjusting an existing unitary board structure, altering its composition to increase its independence (e.g., the number of external members and their qualification requirements), or resorting to subcommittees. These subcommittees may either have explicit legal authority to perform certain functions, or act in a purely advisory capacity. If they have formal legal authority, their mandate must be clearly stipulated to guard against the dilution of their responsibilities from a subsequent addition of other subcommittees. Regardless of the structure of oversight, is important to state upfront that audit committees, like external auditors, are not a panacea to prevent instances of reporting malpractices or fraud.

The impetus for strengthening oversight through audit committees in the private sector is partly market driven, and partly a response to regulatory developments. Tighter statutory disclosure requirements from regulators have led to the development of the audit committee function, even if the frameworks are not prescriptive as to the form of such an oversight body. In the financial sector, the Basel Committee on Banking Supervision issued Core Principles for Effective Banking Supervision. They require the internal audit function to report to an audit committee, or an equivalent structure, and request the audit committee to include experienced non-executive directors in organizations with a unicameral Board structure.16 Capital markets and the emergence of private pension funds may have contributed to de-linking management and the ultimate shareholder, thereby increasing the importance of high quality reliable financial disclosure for honoring a company’s fiduciary responsibilities. Additional controls may also have stemmed from the complexity of financial reporting standards, key accounting issues (e.g., the treatment of pension obligations and stock options and the application of fair-value accounting17), and the increased use of earnings management, which require special financial expertise.

Notwithstanding diversity in corporate approaches across legal systems, the discharge of fiduciary duties by the body entrusted with audit committee functions is remarkably similar. By way of illustration, Box 2 summarizes the main features of audit committees in three legal traditions. Within the single board configuration of Anglo Saxon countries, the emphasis has varied from initially strengthening either the external representation on the board (U.K.) or to establish an audit committee, which seems to have began earlier in the U.S.18 The German corporate structure is an example of a two-tier board structure—a similar approach is used in several other European countries.19 Although the oversight role may, in principle, be more clearly delineated, audit committees seem to begin to play a more explicit role. Also note the “comply or explain” approach dominating in the European countries, including the U.K., and the more regulatory approach in U.S. with Sarbanes-Oxley.20 In the original Japanese corporate model, a statutory board of auditors is hierarchically equivalent to the board of directors, reporting directly to the shareholders, although it manages the external audit process and reviews audit findings in much the same way as in the two other models.21

A Cross-Country Perspective

The U.K. and the U.S.

In 1992, the Cadbury Committee issued the Code of Best Practice that recommended that boards of U.K. companies include at least three external directors and that the position as chief executive officer (CEO) and chairperson of the board be held by different individuals. The U.S. Securities and Exchange Commission (SEC) and the New York Stock Exchange (NYSE) have recommended the establishment of corporate audit committee with a view to reinforce oversight. During the last two decades, the requirements for audit committees have become more detailed.1/ In both countries oversight is expected to be strengthened by including more external directors, but analysts in the U.S. (where the CEO typically remains the chairman of the board) question the effectiveness of the latter if they are involved in too many boards. The Sarbanes-Oxley Act of 2002 contains mandatory measures for audit committees covering the following areas: (i) management notification of significant internal control deficiencies and any instance of fraud involving management; (ii) the receipt of reports from auditors on critical accounting policies and practices; (iii) direct responsibility for the appointment, compensation, and oversight of external auditors; (iv) the establishment of procedures for receiving and dealing with complaints regarding the company’s accounting and internal controls for auditing matters; (v) the setting up of procedures for handling employee concerns—whistle blowing—on accounting issues; and (vi) the inclusion of members that are financially literate.2/ Regarding the latter, the SEC requires that at least one member observe the financial expert definition, while both NYSE and NASDAQ require all members to be financially literate. In the U.K., the Smith group published “Audit Committees Combined Code” in January 2003, where listed companies not following these guidelines must explain why, while noting that (1.5): “All directors remain equally responsible for the company’s affairs as a matter of law.”

Germany

The German corporate structure is an example of a two-tier board structure, which is used in several other European countries. A supervisory board (Aufsichtsrat) comprising mainly external members, and sometimes employees, has the highest authority and oversees the management board (Vorstand). The supervisory board is also involved in making strategic decisions, but the degree to which it should be involved in these decisions, as they become more tactical, is often debated. One of the challenges is the interaction between the two boards, since management (and the CEO) plays a role in nominating members of the supervisory board, there is a need to ensure that the supervisory board has full access to all relevant information from management. To address this, the German corporate governance code (the Cromme Code) prescribes that a supervisory board shall set up an audit committee (5.3.2), that the chairman of the supervisory board must not be the chairman of the audit committee (5.2), and that the latter must not be a former member of the management board (5.3.2).

Japan

In Japan, both types of corporate governance models (single and two-tier board structures) now exist for listed companies. Historically, Japanese corporate law has used a two-tier board structure, consisting of a board of directors and a board of corporate auditors (kansayaku). The distinguishing feature of the Japanese approach is that the two boards are of equal hierarchy vis-à-vis the shareholders, to whom they report directly, though in parallel. Although the statutory board of auditors comprises non-executive directors, in practice, the relationship between management and board members remained fairly close. Amendments to the Japanese company law were thus directed toward strengthening the definition of a non-executive director, effective 2005. Other reforms gave Japanese companies the option, as of 2003, to adopt a unitary board configuration, provided they establish committees for nomination, audit, and remuneration, each comprising three or more members, half of which must be outside directors. Japanese law is fairly prescriptive about the role of the board of auditors and the scope of their oversight. It stipulates their fiduciary duty to the shareholders is to audit the activities of the business through a business audit and a financial audit. The business audit is similar to a compliance audit and does not cover the integrity of decisions made by the board of directors, unless they believe that there has been a breach of their “duty of care” to the shareholders. The financial audit is an audit of the financial statements and is performed by a specialist company elected at the shareholders meeting.

1/ The recommendations of the Treadway Commission in 1987 were followed by those of the Blue Ribbon Committee in 1999 (most recently updated in 2004) and the Sarbanes-Oxley Act of 2002.2/ For an elaboration and interpretation, see, for instance, Emmerich, Racz, and Unger (2005) or Chapter 3 OECD (2004).

B. Good Governance in the Public Sector

With a widespread trend toward decentralization, outsourcing and private-public partnerships, governments are devoting greater attention to public sector accountability.22 Issues of corporate governance thus extend beyond commercial corporations. Since government entities are accountable to citizens for the proper management of their taxes, they may be expected to be governed by equivalent or even higher standards than their private counterparts. Recent public sector reforms in industrialized countries were directed toward the internal control function, holding decision-makers accountable on how public funds are managed and reflecting a shift from ex ante control of funds (i.e. before spending is authorized) to ex post assessments of the efficiency with which resources were allocated. In fact, performance indicators are increasingly adopted in budget and management systems in OECD member countries, some of which are also implementing risk management approaches in internal control.23

The greater desire for accountability toward stakeholders has led to the establishment of public sector oversight bodies in a number of countries. More than half the countries participating in the World Bank/OECD 2003 Survey on Budget Practices and Procedures stated that they established a centralized body for internal audit oversight, a third of which are located in an independent government organization.24 Underlying this governance structure is the desire to reinforce the impartiality of internal control, separate it from day-to-day management, and address duplication between internal and external control.

Some governments have developed specific guidelines for audit committees in ministries, agencies, or departments. The handbook developed by the U.K. Treasury, for instance, is designed to help the audit committee elaborate a strategy for briefing the accounting officer or the board prior to their reporting to the parliamentary Public Accounts Committee (PAC). Accounting officers and boards cannot be expected to know all the operational details of the organization but will still need to have the assurance that governance mechanisms are in place, since they will be held to public account. Responsible for the availability and accuracy of information, the audit committee is an integral part of the formal accountability procedure and provides the required assurance of efficient, effective, and economic control systems.25

The public audit committee’s lines of accountability and members’ personal incentives differentiate it from that of a commercial corporation. The difference in government departments is being held accountable by ministers, and/or parliament rather than an annual meeting of shareholders, and unlike boards in commercial corporations, policy responsibility is split between decisions taken at ministerial level and the provision of agency or departmental advice. Moreover, the non-executive members of the audit committee act as advisers or consultants and do not have the same incentives as their private sector counterparts. In representing the government rather than the shareholders they do not share the liability of a corporate board member and may be dismissed with a change in the administration at the end of an electoral cycle. To ensure that independent external membership does not unduly represent third party interests or expose privileged information, governments typically issue guidelines on public appointments to maximize the benefits of external expertise and independent judgment.

Public service objectives further distinguish the role of audit committees in government entities, placing a greater emphasis on members’ personal qualities. The Australian government guide offers a discussion of process issues in the establishment and operation of audit committees designed to help public entities apply principles of better practice.26 The guide states explicitly that audit committee members, over and above the functions specified in the charter, have a responsibility to exercise due diligence and act in good faith in the best interest of the entity. One of the recommended personal qualities is the ability to appreciate an entity’s culture and values in considering ethical issues that might arise. This usefully extends staff and officials’ responsibilities (normally established in internal codes of conduct or ethics) to the external members of the audit committee. The guide calls upon the committee members to adopt a culture of “continuous improvement” rather than a punitive approach, arguing that it is a more constructive way of interacting with management.

Reflecting developments in the corporate sector, the extent of legal liability is emerging as a source of concern, although this varies from one country to another. Although the Australian guide is pragmatic rather than prescriptive, it goes further than the U.K. Treasury handbook in recommending that audit committee members arrange for appropriate indemnity insurance. Their liability is limited in that it will not be greater than that of an executive of (or a service provider to) the entity.

C. Holding Autonomous Central Banks Accountable

Effective disclosure and assurances of integrity help central banks strike a balance between autonomy and accountability. The earlier central banks, established as commercial enterprises with special note issuance privileges, were fairly easy to monitor (often by private shareholders) since they were guided by a simple monetary rule. Widespread nationalization in the 1930s and 1940s increased the government’s involvement in central banks, and to the extent that private shareholders remained, their oversight role was limited. The advent of deregulation, and the reliance on discretion and indirect monetary instruments was accompanied by greater autonomy to alleviate the so-called time-inconsistency problem. Attention then shifted towards transparency, holding autonomous central banks accountable for achieving clearly defined and prioritized objectives. A particular focus on efficiency emerged, since lower yields on international reserves, revaluation losses, and sterilization costs have undermined the financial position of several central banks.

An effective system of central bank reporting, backed up by demonstrably good governance is instrumental in the proper functioning of an autonomous central bank. The challenge is how to hold central bankers accountable, since they are unelected public officials, managing public resources and implementing policies that affect society at large. The demonstration of appropriate oversight of internal control and financial reporting provides central banks with strong grounds to defend themselves against unwarranted external influence. Examples of waste, corruption, or extravagance may lead to a situation where statutory amendments, ostensibly designed to address operational deficiencies, could effectively curtail independence, recreating the so-called inflation bias to the detriment of sustainable economic growth.

The focus on governance and accountability provides strong incentives for a central bank to adopt an audit committee, drawing on the experience of other sectors. For a central bank entrusted with banking supervision, establishing an audit committee would apply a “practice what you preach” approach, since corporate governance principles are also developed for commercial banks.27 Essentially, as revealed in the survey of selected central banks (Appendix II), the core function of an audit committee in a central bank remains similar to that of other sectors highlighted in Box 1; i.e., to oversee the integrity of internal control and the transparency of financial reporting. Depending on the governance structure specified in the law, the audit committee functions may be discharged by a body acting as a sub-committee of the governing board or as the body with the direct responsibility for the discharge of the functions. The audit committee is not involved in management or operational duties; its focus remains on the board’s discharge of fiduciary obligations.

Several challenges arise in central banks’ application of accounting standards which could distinguish their audit committees from those in other sectors. The trend towards harmonization of central bank accounting under International Financial Reporting Standards (IFRS) facilitates comparability, transparency, and helps avoid that central banks “cherry-pick” their accounting treatment.28 It also increases the responsibilities of boards and audit committees in reviewing accounting policy and disclosures. Difficulties may arise from the central banks’ not-for-profit focus, the move to an expanded use of fair-value accounting, and the best practice of only including realized gains in central bank transfers of profits to governments. While striving towards compliance with prevailing accounting standards, a central bank must ensure that financial reporting neither conflicts with its objectives and law, nor exposes its capital base.29 Disclosure requirements, in the area of liquidity support for commercial banks or the composition of foreign reserves portfolios for instance, may conflict with the bank’s policy functions. IFRS requirements to report foreign currency revaluation gains and losses through the profit and loss account can generate significant volatility in the central bank’s profit due to the specific structure of its balance sheet. These issues require care when preparing financial statements to ensure that the statements reflect reality, do not generate perverse incentives and still comply with the IFRS requirements. This may necessitate some education of stakeholders.

D. Emerging Challenges for Central Banks

Supplementary disclosures beyond areas prescribed by the accounting framework may help boards better fulfill their fiduciary responsibilities. Both public- and private-sector entities have found that the growing complexity of financial statements makes it difficult for readers with limited financial literacy to understand them. Central banks may draw on the experience of codes in the U.S., Canada, and the U.K. for such supplemental disclosures elaborated. For central banks to maximize the benefits of communicating with financial markets, better, rather than more, transparency is required. In financial reporting this may entail providing further explanations to help interpret the central bank’s balance sheet, since the absence of a profit maximization objective makes it more difficult to assess a central bank’s performance. An independent audit committee may facilitate this process for central banks.

Supplementary disclosure affects the qualitative aspect of a communication strategy giving readers of financial statements a better ability to assess an entity’s financial position and performance. The expectation is that these disclosures will be written in plain language and provide a transparent assessment of the company’s financial position and prospects. Together with the financial statements, they form part of the annual report and provide the opportunity for a company to demonstrate to its stakeholders how well it is managing its resources, meeting stated strategic objectives, and planning to address future issues. Box 3 below summarizes the main features of the management discussion and analysis (MD&A) requirement established in the U.S. and Canada, similar to the recently introduced concept of operating and financial review (OFR) in the U.K. Although these disclosures are mandatory for listed companies and are written primarily for current and prospective investors, they are applicable to a wider range of users.

Management Discussion and Analysis (MD&A) Requirements and Operating and Financial Reviews (OFR)

MD&A requirements in the U.S. and Canada generally cover five principal areas:

  • application of critical accounting policies;

  • results from operations;

  • liquidity;

  • capital reserves; and

  • off–balance sheet arrangements

OFR requirements in the U.K. generally include:

  • a statement of the business objectives and strategies;

  • a description of the resources available to the company;

  • a description of the principle risks and uncertainties facing the group;

  • a description of the capital structure, treasury policies, and objectives and liquidity of the group;

  • disclosures of the people with whom the group has relations which are essential to its business; and

  • receipts from, and returns to, members

The diversity of stakeholders with an interest in central bank disclosures underscores the need for central banks to carefully craft their communication strategy. Politicians, financial institutions, economists, and the public at large all form part of the central bank’s audience, with varying interests in operational details and levels of financial literacy. Yet, the technical nature of modern financial statements requires their readers to be financially literate. Central banks may therefore base their disclosures on a non-technical summary of the balance sheet and profit and loss statements, written in a form that all readers can understand. Part of the role of an audit committee, judging from the experience of the private sector,30 may be to assess the substantive transparency of these disclosures, and the extent to which they are accurate, complete and consistent with the financial statements. If these disclosures are mandatory and have to be audited by the external auditor, the audit committee would either oversee these additional disclosures as part of its oversight of the external audit function, or include the preparation of disclosures within its own responsibilities.

Applying the corporate sector’s experience with audit committees to central banks is a challenge, as institutional objective and governing incentives differ. Reliable and transparent financial statements are crucial for central bank credibility and effectiveness, but the overriding objectives—typically price stability and financial sector stability—differ from those of shareholder wealth maximization. A Governor’s incentives are also fundamentally different to those of a commercial corporation’s CEO and performance is measured against a range of indicators other than the “bottom line”.31 The focus of central bank financial disclosure and the functions of its audit committee will therefore tend to differ from that of a private sector entity. Consideration could thus be given to interpret the financial results with specific reference to central bank objectives and to determine a methodology to better assess the efficiency of the services provided.

III. How Does an Audit Committee Fit in a Central Bank?

Notwithstanding functional demarcations within a central bank, it is the complementarities between them that support the thrust toward good governance. The audit committee is a subset of the governance function, neither replacing internal or external audit functions, nor interfering in management’s operational responsibilities. Rather, its role is to ensure the existence of effective systems of internal controls, risk management, and financial reporting. To do so, it relies on the management, internal audit, accounting and risk management and external audit functions.

Only through a process of iterative interaction with key governance functions of the central bank will an audit committee be able to fulfill its duties. Cooperation and open lines of communication should be established across the organization for the audit committee to effectively discharge its functions. Since it is important to view the audit committee within the broader governance framework, Appendix I offers a description of the role and functions of the various central bank bodies for guidance.32 The main elements of the governance structure are summarized in Box 4 below.

The key to oversight effectiveness is a carefully designed organizational structure which removes the possibility for any gaps or overlaps in responsibilities. This entails a clear understanding of what each of the central bank’s functional areas is required to oversee, and the manner in which it should report back to the board and interact with its counterparts. Regardless of the way the central bank is configured, it is important that its audit committee function integrates seamlessly into the overall governance framework. There should not be any scope for duplication of efforts, or for any breach of coverage;33 otherwise the board’s execution of fiduciary duties would be severely jeopardized. A related issue is the potential for competing oversight frameworks to emerge if oversight responsibilities are not clearly allocated.

The form and extent of delegation should balance the advantages of supporting the board’s execution of fiduciary duties against the danger of diluting its responsibilities. The ultimate responsibility for financial integrity remains vested in the board of directors, even though the authority to discharge this responsibility may be delegated to the audit committee. The scope of this delegated authority depends to a large extent on the complexity of the central bank’s financial operations and its application of the accounting framework. The board is obligated to find the time and have the expertise to fully interpret and explain its financial statements, which can be facilitated by the audit committee. Yet, a potential for reputational risk may emerge if the public fails to understand the true financial condition of the central bank. This provides a key role for an audit committee (or a similar body) to carefully design and execute the central bank’s financial disclosure strategy.

IV. Designing Effective Audit Committees for Central Banks

Central banks may learn from the experience of the private and public sector when considering the establishment of an audit committee. Box 5 extracts key issues of process and structure from various handbooks and guidelines available to audit committees in other sectors. This section suggests that designing an effective oversight structure entails three main factors: its appropriateness in terms of country-specific factors; its independence as guaranteed by appointment, composition, and skills mix; and its interaction with the board from which it derives its authority.

Functions of Selected Central Bank Bodies

Board(s): distinction between different types of functions performed by one or more boards

Policy formulation

The policy board determines or prioritizes policy objectives from the broad responsibilities (monetary, exchange rate, financial stability) assigned to the central bank by the government, and sets targets to reach the objective(s) stipulated in the central bank law. Such boards will often be chaired by the governor. A policy board will usually include external members.

Policy implementation

The implementation board determines central bank operations to reach policy targets and objectives, for instance when to increase or decrease interest rates to achieve a specified target. These decisions may be taken by the policy board, a monetary policy committee, a management board, or be the sole responsibility of the governor, typically depending on the type of autonomy and monetary regime. If done by a board or committee, it is usually chaired by the governor and comprises heads of relevant operational departments, and even outside members with special technical expertise.

Oversight/supervision

A supervisory board oversees the central bank, both policies, including the process and outcome of decisions by the policy board, implementation board, and management for achievement of objectives, tasks and functions effectively and efficiently, as well as financial performance, including reporting, internal controls and efficient use of resources. Purely oversight boards would typically include a majority of non-executive members and should not be chaired by the governor, while an oversight board performing policy and particularly implementation decisions should be chaired by the governor unless the formal authority is delegated to a committee chaired by the governor.

Committees and advisory bodies

Special expertise and insights to ensure a balanced and informed view can be introduced via external board members (representing economic sectors or regions, for instance), an advisory board (or committee, depending on the degree of organizational formality and delegation) without formal decision-making authority, or delegating to a committee. Various central bank functions may be delegated by the board to specific committees, but it is important to distinguish between committees assisting the board in performing its tasks and assisting the management with, for instance, open market operations, international reserve management etc. assisting the management. An audit committee may assist the board or may even solely have some formal oversight responsibilities, particularly in case of the absence of a pure supervisory board.

Management

Responsible for implementing the decisions of the governing bodies in an effective and efficient way, i.e. responsible for the central bank’s day-to-day operations. A wide variety of management structures exist within central banks. Often the formal management authority rests with the governor, who oversees a structure of deputy governors, general manager, and/or management committee, or there may be a special board of governors. Management is responsible for designing appropriate internal controls, while the board must ensure that management is actually doing so.

Internal Auditor

Responsible for an ongoing review of the operation of internal controls, reporting to management and the board on the effectiveness and efficiency of the system, including financial reporting procedures.

Compliance officer

Charged with evaluating compliance with legal and regulatory requirements (in coordination with the legal department), including on code of conduct, ethical standards, and organizational objectives and procedures. Reports to management and the board (and perhaps the audit committee).

External Auditor

Responsible for examining financial statements and accounting system, issuing an independent opinion on the extent to which they are true and fair, in accordance with accounting standards and financial reporting framework. Increasingly asked to attest to the integrity of internal controls.

Issues to Consider when Designing an Audit Committee

article image
Sources:Apostolou and Jeffords (1990), PriceWaterhouseCoopers (1999, updated in 2003),Turner (2001), National Association of Corporate Directors (2004), Box 3.9 inOECD (2004), Bromilow and Berlin (2006), andThe Institute of Internal Auditors (2006). These sources also offer a list of questions that audit committees should try to address.

Although establishing an oversight body such as an audit committee is increasingly accepted as a means of strengthening governance, it is important to maintain realistic expectations. An audit committee adds value by contributing to enhanced objectivity of financial reporting and internal controls, thus providing further assurances of integrity in the conduct of business. The advantage of a set up based on delegated authority is that there is an independent check on internal audit, and through its role as focal point for the organization’s relations with external auditors, that it facilitates the external audit process. The strength of an audit committee is its ability to seek out information until completely satisfied with the explanation provided. However, the expectations of an audit committee’s impact must be realistic. It effectively operates on a part-time basis, although the precise number of meetings per year will vary, and, more importantly, it has to rely on reports compiled by management, internal audit or the external auditor.34 The board of directors should ensure that the members of its audit committee have sufficient time to devote to their allocated task, and are not overburdened by other responsibilities.35

The literature on audit committees in the private sector is increasingly considering the impact of incentives and organizational dynamics on effectiveness.36 In designing oversight mechanisms, central banks may wish to consider the dangers of overloading audit committee members with too many responsibilities and ignoring the “expectation gap” (Koh and Woo, 1998) that may emerge from placing undue emphasis on audit committees to uphold accountability and integrity. Another important factor to keep in mind is that the emphasis on audit committee expertise and authority may have an unintended consequence of creating confusion over liability, unless it is made very clear that the board of directors is ultimately responsible.37 Given the protection that many central bank laws afford to their staff in the conduct of their official duties, it may be helpful to delineate the extent to which non-executive members of their audit committees may be held liable for breach of duty or lack of due diligence.

A. Appropriateness

For an audit committee to be effective, its precise configuration within the governance structure of the central bank should be in line with the country’s legal tradition. As was discussed in Box 2, the audit committee as a non-executive subcommittee of a unitary governing board is a reflection of the Anglo Saxon model, while in the continental European dual board structure (distinguishing management from supervision), the supervisory board would usually be responsible for the functions of an audit committee. Audit committee members will need to have a good understanding of their position in the central bank’s governance structure and the broader legal framework within which the central bank operates. Regardless of the precise configuration, management structures always include a separate internal audit department, so it is important that the modalities for delegating oversight duties are unambiguous to avoid any duplication of efforts.

Since the scope of financial disclosure also depends on the complexity of financial operations, some central banks may opt for more limited audit committee functions. Indeed, it is simpler to draft a non-technical summary of the balance sheet and profit and loss statements if the central bank does not engage in complex financial transactions. In such cases, the oversight function may not require additional resources or special expertise, and may be effectively discharged through an advisory committee to the board, rather than a more formal supervisory body which is established separate to the latter. A pragmatic approach that balances the type of central bank activities with the preferred format for their oversight is therefore recommended.

Some organizations may be too small for the practicable establishment of a separate audit committee with non-executive members. This is acknowledged in the U.K. Treasury guidelines on audit committees, and may apply to some of the smaller central bank boards, or less developed countries where the pool of qualified and truly independent individuals is quite limited. In such cases, the suggestion is for the board—or a subgroup of the board comprising external members—to act as the audit committee, although this would be at a different sitting from its regular meetings.38 However, the guidelines are very emphatic in stating that “this [configuration] should not be the ‘default’ option for smaller organizations; before deciding to take this course of action careful consideration should be given to other options.” The board (in lieu of an audit committee) could develop a different mindset from that of its role is day-to-day operations but it would need to demonstrate that it safeguards objectivity by other means, such as chairmanship by a non-executive member.39 This is discussed in the Australian better practice guide; it offers a pragmatic approach to strengthening independence in the absence of a majority of non-executive members, suggesting that audit committees recognize potential conflicts of interest upfront. Their charter, for instance, could ensure that external members have as open an access to the organization as their executive counterparts and that their presence be explicitly required for a meeting to form a quorum.

B. Independence

Members’ independence is crucial for checks and balances of an audit committee to be really effective. If the country circumstances so permit, an audit committee should, be composed of and chaired by non-executive members, to enable it to exercise truly objective judgment and ask the awkward and critical questions.40 There are two main aspects of independence, both related to the appointment procedures. One is derived from the duration of membership of the audit committee, and the other is the respect of strict qualification criteria to ensure that members have the required skills and expertise to exercise good judgment. Underlying independence is also the application of the safeguards against conflicts of interest that are already contained in many central bank laws for appointments to key positions.41

The duration of members’ terms must strike a balance between building institutional knowledge and bringing in valuable external expertise. Rotation should not be too rapid since stability in audit committee membership supports consistency and the building of institutional knowledge. A minimum term of three years is usually considered appropriate. The duration of the terms of appointment should strike a balance between being long enough to allow members to become effective, making a useful contribution to the work of the committee, but short enough to ensure a representation of current best practice skills and knowledge and avoid a too cozy relationship with management. For a smooth transition, staggered terms may be considered, as well as a predetermined handover period during which both outgoing and incoming members attend the committee meetings.

Qualification requirements ensure that members are competent, though not necessarily experts, in the areas that fall within the committee’s responsibility. The basic procedure is for audit committee members to be nominated by the board, subject to specific criteria to reflect diversity in technical backgrounds. Audit committees are not necessarily composed of experts, although all members tend to be conversant in financial, accounting, or audit matters. The basic requirement for all members is to be sufficiently financially literate to be able to ask pertinent questions and form objective opinions on internal controls, financial reporting, and risk management. In general, the broader the scope of the audit committee, the wider the necessary skills mix. In this case, one member may act as the financial expert for the committee as a whole, drawing on his (or her) experience as a senior financial officer with oversight responsibilities.42

Access to resources will also be a determining factor for the effectiveness of the audit committee. The audit committee may require access to external expertise if the issues at hand are particularly complex. A training budget should also be envisaged, as external members drawn from the private sector would benefit from induction into central bank objectives and operations.

C. Interaction

The relationship between the audit committee and the board of directors is based on delegated authority. After all, one of the reasons for establishing the audit committee is to offset the practical difficulties that the board may have experienced in fulfilling this task due to alternative claims on its time and resources, especially if it does not operate on a full time basis. An ongoing dialogue between the board, management, and the audit committee, as well as more formal reporting at a pre-determined schedule is therefore an important element of effectiveness. Several audit committee guidelines recommend the creation of specific reporting protocols.

The chairperson of the audit committee plays a key role in maintaining an open dialogue with his (or her) counterparts in the central bank. He (or she) may or may not be a financial expert, but, as a focal point for communicating with the board and coordinating the internal and external audit, strong leadership qualities and the ability to establish good working relationships should also be considered among the qualification requirements.

The form of reporting depends on the relationship of the audit committee with other components in the central bank governance framework. The audit committee’s formal lines of reporting are such that all findings and recommendations are directed toward the board, since the latter can challenge the internal controls and reporting policies established by management. If it is established as an independent body, a statutory board of auditors for instance, the audit committee may release a full report to stakeholders summarizing its duties and findings. Several audit committees established as specialist sub-committees of the board are also issuing a separate summary report as part of the annual report disclosures.

Overlapping membership and the exchange of minutes between the board of directors and the audit committee strengthens the relationship between the two bodies. Common membership may be envisaged between the audit committee and the board if the latter includes non-executive directors. This may tighten the relationship between the audit committee and the board of directors, and would help the committee better understand the board’s priorities, thereby adding value to the governance system. The link between the two bodies may also be strengthened by virtue of the board secretary (rather than an internal audit official) acting as the secretary of the audit committee. Regardless of the composition of the two bodies, however, minutes of the audit committee meetings that include the rationale underlying any decisions taken should be readily available to all board members. A preannounced schedule of meetings providing the core program of seasonal work that the audit committee will be expected to carry out in the course of a financial year would also be helpful in terms of establishing a clear institutional allocation of responsibilities.43

V. Audit Committees in Central Bank Law

Audit committees have a formal authority that is either delegated by the board of directors, directly derived from the central bank statute, or reaffirmed in a charter. This section discusses the range of possibilities for formally establishing audit committees, whether explicitly in central bank legislation, if this is appropriate in the country-specific legal tradition, or implicitly, by giving the board of directors the authority to appoint specialized committees. Either way, a useful complement to formal and informal authority is a carefully drafted audit committee charter or mission statement. The survey included in Appendix II identifies 39 countries in which central banks have established an audit committee.44 At a minimum, the board should have the power to establish audit committees and, if appropriate, to delegate authority to them. It should be clear whether the audit committee is constituted in a purely advisory capacity, whether specific authority has been delegated to it and whether the board will still be ultimately responsible for oversight.45 Further operational and organizational details may be included in secondary legislation.

A more explicit reference to the audit committee, either in the central bank statute or in by-laws of the board, may be helpful where corporate governance principles are less developed. If a government or the central bank decides to formally establish an audit committee—in case these functions are perceived as not being adequately performed by an existing governing body—the first stage is to determine whether it is an implied responsibility of the board or whether there should be a specific legal provision referring to these functions. In the first case, it might not be necessary to amend the statute. In the second case, it may be necessary to create the legal basis for assigning explicit financial oversight responsibilities to the board. Whether this is done in the statute or the by-laws should be carefully considered; indeed, a more detailed statute might require more frequent amendments, potentially changing the balance between the central bank’s autonomy and accountability, to the detriment of its credibility.46

While including an explicit mandate within the central bank statute may contribute to its credibility, it could also undermine the operational flexibility of the audit committee. Resorting to by-laws may be preferable, since this leaves more flexibility to adjust the operations of the audit committee without having to amend the central bank statute. The audit committee would then be able to engage in regular self-assessments to evaluate whether its terms of reference are adequate for the pursuit of their duties. The by-laws would provide further details on the committee’s objectives, tasks, functions, and composition, as well as qualification and appointment criteria for its members.

Regardless of the extent of the reference to the audit committee in central bank legislation, a charter is instrumental in defining the scope of an audit committee. It serves to clearly establish features such as the objectives of the audit committee, the source of its authority and its relationship with other parts of the organization. A charter defines its operational procedures and provides a yardstick for self-evaluation. Various handbooks and guidelines on audit committee terms of reference have been issued, both in the private and public sector.47 A critical factor in drafting the charter is to strike a balance between being flexible enough not to restrict the scope of oversight, yet specific enough not to lead to unreasonable expectations. Indeed, an open-ended mandate might lead to unrealistic claims on the audit committee members, conflicts with other governance functions within the central bank or unwarranted involvement in operational or management decisions.

Compiling the survey demonstrates that the terminology varies widely, and is to a large extent misleading. In some countries, the body discharging the functions of an audit committee is referred to as an audit sub-committee, an audit unit, an audit council, an accounting commission, an audit board, or a board of auditors. However, the term ‘audit committee’ is the most widely used with some variation due to translation. The focus of the paper is on functions, rather than form: when organizational units are referred to as audit committees, but they effectively discharge the duties of an internal audit department, or when they are referred to as supervisory bodies and are also attributed policy responsibilities, the central banks were excluded from the survey.

When an audit committee exists, it is directly or indirectly referred to in central bank legislation. This is the case for the majority of countries, notwithstanding a bias towards statutory references due to the survey’s reliance on publicly available information. 18 out of the 39 central bank statutes include an explicit provision on their audit committee, and a further 2 establish the audit committee in by-laws of the board of directors. 8 of the remaining 19 statutes that do not refer to the audit committee directly still provide the board of directors with the authority to establish such a committee.

The audit committee’s core functions and operations are remarkably similar, in spite of differences in legal tradition and terminology. The audit committee’s interaction with the board of directors and/or the internal audit department is frequently discussed in the central bank publications, many (at least 7) of which also refer to the existence of a charter. In spite of the fact that the number of members and the frequency of meetings vary from country to country, the existence of cross-membership with the board of directors is widespread (14 cases), as most of the central bank boards include non-executive members.

Many audit committees are actively engaged in the central bank’s reporting strategy, upholding accountability. Nearly all the central banks discuss the role of their audit committee in a section of their annual report which describes the activities they carried out during the year. The external auditors frequently refer to the work of the audit committee within the notes to the financial statements. Three central banks issue corporate governance statements, giving special prominence to the discharge of their audit committee’s duties. Such disclosure is either based on the information compiled by the audit committee for the purpose of reporting to the board of directors throughout the financial year, or on the statement issued for discharging their own statutory obligations. Indeed, in three of the countries surveyed, the audit committee presents a separate report to stakeholders, reporting directly to the prime minister and/or the president, the minister of finance, or the general assembly of shareholders.

VI. Conclusion

This paper has discussed some of the key issues related to audit committees in central banks. Among the issues to consider, when designing an appropriate governance structure, are the prevailing legal tradition and the type and complexity of the central bank’s financial operations. The paper examined the implications of these issues on central bank legislation and recommended more explicit references to an audit committee (whether in statutes or in by-laws) for countries that lack strong corporate law traditions. It also suggested supplementary disclosures beyond the areas prescribed by the accounting framework, when central banks are active in complex financial operations, highlighting the key role for audit committees in this area.

An audit committee was considered as a means through which central banks may address principal-agent issues and effectively discharge their fiduciary duties, primarily regarding financial reporting. To avoid a configuration where management would be overseeing itself, and thereby limit conflicts of interest, several options were indicated, depending on the prevailing legal tradition: (i) ensuring a majority of external members without conflicts of interest in a one-tier board structure; (ii) stipulating that the non-executive directors have special oversight responsibilities for the financial condition without establishing a separate audit committee; (iii) setting up a special sub-committee of the board, which may or may not include additional members with special expertise; or (iv) the establishment of a separate supervisory board.

As a result of the growing complexity of central bank operations and their accounting frameworks, central bank boards may increasingly require specialized financial expertise. To address the need for special financial literacy, there are several options: (i) regulate the complexity of permitted operations, specifying the policy on derivative transactions for instance; (ii) require that a minimum of board members have special expertise in interpreting financial statements; or (iii) establish a special body performing the functions of an audit committee. The paper recommended pragmatism in balancing the type and complexity of central bank operations with the preferred format for their oversight.

The effectiveness of an audit committee’s oversight of internal controls and financial disclosure may provide a strong safeguard against the emergence of reputational risk. The potential for reputational risk partly stems from public uncertainty as to the true financial condition of the central bank and from the difficult interpretation of financial statements in light of differences between central bank objectives of monetary or financial stability and the standard commercial objective of maximizing shareholder wealth. An audit committee, or a similar body, could assist in designing and executing the central bank’s financial disclosure strategy. Increasingly complex central bank operations and adherence to international financial reporting standards raise the stakes for the scope and detail of central banks’ financial disclosure. In this context an audit committee can help provide further assurances of financial integrity and demonstrate high standards of good governance in central banks.

Appendix I.

Functions of Central Bank Governing Bodies

This appendix offers a description of the role and functions of the various central bank bodies to better illustrate how an audit committee may fit in. In our view, it is important to both avoid overlap and duplication as well as avoid dilution of responsibilities.

Board(s)

The traditional functions of central bank governing bodies are (i) policy formulation; (ii) policy implementation, i.e. decisions on how to implement the policies; and (iii) supervision or oversight of the central bank’s operational, policy, and financial performance.48 Regardless of the governance structure in place, the primary responsibility for ensuring the existence of a system of internal controls and the integrity of financial reporting is usually vested in the board of directors. The mandate may be explicit or implicit, but in either instance it rests on an assumption that a board carries the responsibility to ensure the efficient use of central bank resources (assessment of effectiveness is usually included as an implicit part of functional performance). The board should formulate the general framework for management to do so.

The structure in place depends to a large extent on legal tradition and corporate governance culture. Committees are established by the board of directors to take responsibility at a greater level of detail than it could do so by itself. In commercial banks, functions may be delegated to a: credit committee, moral and ethics committee, risk management committee, remuneration committee, asset-liability committee, as well as an audit committee. Indeed, delegation to an audit committee is more likely to be found in a single-tier board structure since it would otherwise duplicate the functions of a supervisory board or a statutory audit board.

Management

While the board of directors is responsible for discharging the governance responsibilities, management is entrusted with the task of implementing the practices required to meet the good governance objectives. This includes the establishment of a system of internal controls, the establishment of appropriate reporting structures and the establishment of a system of risk management.49 While the governor “assumes ownership of the system,”50 financial and accounting officers play a key role in the manner in which management implements financial control, with line managers responsible for controlling the activities, including the risks, of their respective units. Management supports the board by providing it, and its agents, with access to information and expertise on topical discussions.51

Internal Audit

The internal audit function of a central bank supports both the board and management in their responsibility for ensuring the existence and effective operation of an internal control system.52 Responsibility for establishing internal controls rests with management, but it is the board’s responsibility to ensure that management follows through. The internal audit reviews the effectiveness of these controls.53 The scope of an internal audit is summarized in the Box below.

Under best practice, internal audit has dual reporting lines, to management and the board or audit committee.54 Reporting to the management is on an operational level, developing the audit plan, forwarding individual audit reports, and following up on implementation of results of previous audit recommendations. The report to the board/audit committee is on a strategic and attestation level. The internal auditor usually submits the annual and medium term strategic plans to the committee to ensure that it addresses the appropriate governance issues. Also, the internal auditor will report, on a summary level, the results of the audit program with an overall attestation as to the effectiveness of the bank’s system of internal controls. This will include a commentary of management’s efficacy in observing the internal control environment.

Scope of Internal Audit in Central Banks

Internal control refers to the mechanisms in place on a permanent basis to control activities in an organization, both at a central and at a departmental/divisional level. A key component of effective internal control is the operation of a solid accounting and information system.

Internal audit is the process that “monitors the control systems” through regular review of the operation of controls and reporting to senior management on the effectiveness and efficiency of the internal control system.

The scope of an internal audit includes:

  1. examination and evaluation of the adequacy and effectiveness of the internal control systems;

  2. review of the application and effectiveness of risk management procedures and risk assessment methodologies;

  3. review of the management and financial information systems, including the electronic information system and electronic banking services;

  4. review of the accuracy and reliability of the accounting records and financial reports;

  5. review of the means of safeguarding assets;

  6. review of the bank’s system of assessing its capital in relation to its estimate of risk;

  7. appraisal of the economy and efficiency of the operations;

  8. testing of both transactions and the functioning of specific internal control procedures;

  9. review of the systems established to ensure compliance with legal and regulatory requirements;

  10. codes of conduct and the implementation of policies and procedures;

  11. testing of the reliability and timeliness of the regulatory reporting; and,

  12. carrying-out of special investigations.

In particular, the internal audit department should evaluate:

  1. the bank’s compliance with policies and risk controls (both quantifiable and non-quantifiable);

  2. the reliability (including integrity, accuracy and comprehensiveness) and timeliness of financial and management information;

  3. the continuity and reliability of the electronic information systems; and

  4. the functioning of the staff departments.

Source: Dalton and Hilbers (1999)

The relationship between the audit committee and internal audit plays an important role for the independence of the internal audit. According to the Institute of Internal Auditors (IIA Practice Advisory 1110-1 on Organizational Independence), regular communication with the audit committee helps assure independence and provides a means for the audit committee and the head of internal audit to keep each other informed on matters of mutual interest. Direct communication occurs when the head of internal audit attends and participates in audit committee meetings. The head of internal audit should meet privately with the audit committee at least annually. Furthermore, independence is enhanced when the board concurs in the appointment or removal of the head of internal audit. According to the Institute of Internal Auditors’ Standard 1000, the audit committee should also be in charge of approving the charter of the internal audit activity.

Compliance

Coordination between the internal audit and compliance functions is essential, since both may be called upon to report to management on related issues. On the basis of the reports it receives from the compliance function, management will communicate how compliance risk is being managed to the board of directors. The Basel Committee on Banking Supervision principles on the compliance function in banks clearly indicate that the two areas should be separate, with clear terms of reference within their joint responsibility to assist management.55 The Committee recommends an independent and effective compliance based on: (i) a formal status for the compliance function enshrined in a charter or protocol; (ii) operational safeguards against conflict of interest with other responsibilities assigned to the compliance officer and staff; and (iii) access to adequate resources. The compliance function also supports the operation of an audit committee since its sources extend beyond the legislative framework to codes of conduct, thus touching upon standards of ethics and integrity.

External Audit

External auditors play a key role in assessing financial reporting and the application of accounting standards. The external auditor, having had full access to all relevant information, is required to prepare an independent opinion on the extent to which financial statements present a true and fair view of the bank’s financial position and financial performance. To yield the expected benefits in terms of good governance and the provision of assurances of integrity in financial reporting, it is important for the external audit to be independent in both appearance and fact. The 2002 IOSCO principles relating to auditor independence56 include a summary of the Code of Ethics for Professional Accountants drawn up by the International Federation of Accountants. This provides a framework for identifying cases where external auditors may benefit from self-interest, self-review, advocacy and familiarity, or where intimidation may undermine their independence.

The relationship between internal and external audit is based on the exchange of relevant information through regular meetings and a common understanding of methodology and terminology. In view of the interface between the work of internal and external auditors, the BIS recommends efficient and effective cooperation between the two.57 The IOSCO principles governing auditor independence also reaffirm the consensus that the adequacy of audit firms’ internal systems should be evaluated by an external oversight body, such as an audit committee. As the external auditor is acting for the central bank’s owners, it is appropriate that they should either be appointed by the government as owner, or by the board as the representative of the government (the main shareholder of most central banks), or by the audit committee, as the agent of the board. This body would also be responsible for determining the audit fees. In some central banks, the external audit is performed by the public auditors and depending on local culture and traditions, they may also have an advisory role in addition to that of the ‘watchdog’ of taxpayers’ money.58

The results of an external audit review of the work of internal audit provide an important element for an audit committee’s assessment of the integrity of the internal control environment. The discussions between and audit committee and the external auditor should therefore include the efficiency of internal audit as well as the integrity of the financial statements. During the external audit process, the external auditor will usually liaise with the internal auditor on operational issues. The final output of the audit is an audit opinion that is attached to the financial statements and a management letter that is sent to the bank’s management and audit committee. The external auditor will also usually report their findings to the board or audit committee in a confidential meeting. The internal auditor usually co-ordinates the bank’s responses to the issues raised in the management letter that are cleared with management and sent to the auditor and the audit committee. Internal audit also oversees the implementation of the management letter recommendations and reports on progress to management and the audit committee.

Audit Committee

The objective of an audit committee is to oversee fiduciary duties, on behalf of the board, and in accordance with any internal regulations it will have approved. These duties are to ensure the existence and operation of an effective system of internal controls, risk management and transparent financial reporting process. The scope of the audit committee will vary from organization to organization, as indicated in Box 1 above.59 The charter of an audit committee is a useful vehicle against which the committee may be held accountable, and it provides its members with a clear understanding of their precise role within the committee’s overall objectives. The scope of the committee may depend on country-specific factors, such as the degree of central bank autonomy and the concomitant need for accountability. The extent of oversight could range from liaising with auditors to review financial statements prior to their publication to assessing the impact of policy decisions on financial statements.60

The audit committee maintains a close relationship with the external auditor, coordinating the central bank’s relationship with the latter. First, as the representative of the shareholder(s), the audit committee needs to ensure that the auditor meets the stakeholders’ needs and so is involved in the auditor selection and management process. Second, the audit committee relies heavily on the auditor’s work in performing its functions. It is actively involved throughout the audit process: at pre-engagement, it assists the board in securing an agreement on scope and independence; the planning stage is crucial for the non-technical members of the committee to gain an understanding of the approach to be followed. During the audit, for example at the half-year stage, the committee will need to be kept abreast of any matters of significant relevance, and upon completion, it will discuss the external auditors’ findings.

The audit committee will also require the support of the governor, without which it could not carry out its functions effectively since it will need cooperation from management and staff. While the audit committee is composed entirely of non executive members with specialist expertise, it will have both open and confidential meetings with some or all of the following parties, who may attend the meetings separately or jointly: the governor and deputy governor(s), other pertinent representatives of management, the internal auditor, the external auditor, the financial controller, the head of risk management, the compliance officer, and the head of strategic planning. Specific examples of topics for private discussions may include discussions with the internal auditor on the governor’s performance regarding the operation of internal controls, or the external auditor’s report on the effectiveness of the internal audit function.

Appendix II.

Survey of Bodies Performing Audit Committee Functions in Selected Central Banks61

article image
article image
article image
article image
article image
article image
article image
article image
article image
article image

References

  • Apostolou, Barbara, and Raymond Jeffords, 1990, Working with the Audit Committee, The Institute of Internal Auditors, Florida.

  • Basel Committee on Banking Supervision, 2006, Core Principles Methodology, (Basel: Bank for International Settlements), October.

  • Basel Committee on Banking Supervision, 2006, Enhancing Corporate Governance for Banking Organizations, (Basel: Bank for International Settlements), February.

    • Search Google Scholar
    • Export Citation
  • Basel Committee on Banking Supervision, 2005, Compliance and the Compliance Function in Banks, (Basel: Bank for International Settlements), April.

    • Search Google Scholar
    • Export Citation
  • Basel Committee on Banking Supervision, 2002, The Relationship between Banking Supervisors and Banks’ External Auditors, (Basel: Bank for International Settlements), January.

    • Search Google Scholar
    • Export Citation
  • Basel Committee on Banking Supervision, 2001, Internal Audit of Banks and the Supervisors’ Relationship with Auditors, (Basel: Bank for International Settlements), January.

    • Search Google Scholar
    • Export Citation
  • Black, Henry Campbell, 1990, Black’s Law Dictionary, sixth edition, West Publishing, St. Paul, Minn.

  • Branson, Douglas, 2001, “The Very Uncertain Prospect of ‘Global’ Convergence in Corporate Governance,” Cornell International Law Journal, Vol. 34, No, 2, pp. 32162.

    • Search Google Scholar
    • Export Citation
  • Bromilow, Catherine L., and Barbara L. Berlin, 2006, Audit Committee Effectiveness—What Works Best, prepared by PriceWaterhouseCoopers and sponsored by The Institute of Internal Auditors Research Foundation (Altamonte Springs, Florida).

    • Search Google Scholar
    • Export Citation
  • Caruana, Jaime; Andrew Crockett; Douglas Flint; Trevor Harris; and Tom Jones, 2002, Enron et al: Market Forces in Disarray, Occasional Paper 66, The Group of Thirty Consultative Group on International Economic and Monetary Affairs, Inc. (see: http://www.group30.org/home.php).

    • Search Google Scholar
    • Export Citation
  • Committee on Capital Markets Regulation, 2006, Interrim Report of the Committee on Capital Markets Regulation, November 30, 2006.

  • Dalton, John, and Claudia Dziobek, 2005, “Central Bank Losses and Experiences in Selected Countries,” IMF Working Paper WP/05/72 (Washington: International Monetary Fund), available on: www.imf.org/external/pubind.htm.

    • Search Google Scholar
    • Export Citation
  • Dalton, John, and Hilbers, Paul The Role of Internal Control and Audit Systems in Supporting Central Bank Governance and Transparency,” Monetary and Exchange Affairs Department Operational Paper No. 99/1 (Washington: International Monetary Fund).

    • Search Google Scholar
    • Export Citation
  • Dahya, Jay, John J. McConnell, and Nickolaos G. Travlos, 2002, “The Cadbury Committee, Corporate Performance, and Top Management Turnover,” The Journal of Finance, Vo. LVII, No. 1, February, pp. 461483.

    • Search Google Scholar
    • Export Citation
  • Davies, Paul, 2000, “Board structure in the UK and Germany: Convergence and Continuing Divergence,” International and Comparative Law Journal.

    • Search Google Scholar
    • Export Citation
  • Deloitte, 2005, International Financial Reporting Standards: Presentation and Disclosure Checklist 2005, available on: http://www.iasplus.com/fs/2005checklist.pdf

    • Search Google Scholar
    • Export Citation
  • DeZoort, F. Todd, 2002, “Audit Committee Effectiveness: A Synthesis of The Empirical Audit Committee Literature,” Journal of Accounting Literature.

    • Search Google Scholar
    • Export Citation
  • Emmerich, Adam O; Gregory N. Racz; and Jeffrey Unger, 2005, “Composition of the Audit Committee: Ensuring Members Meet The New Independence and Financial Literacy Rules,” International Journal of Disclosure and Governance, February.

    • Search Google Scholar
    • Export Citation
  • European Union, 2006, Directive 2006/43/EC of the European Parliament and the Council of 17 May 2006 on statutory audits of annual accounts and consolidated accounts, amending Council Directives 78/660/EEC and 83/349/EEC and repealing Council Directive 84/253/EEC, Official Journal of the European Union, L 157/87-1007, 9.6.2006.

    • Search Google Scholar
    • Export Citation
  • Fich, Eliezer M., and Anil Shivdasani, 2006, “Are Busy Boards Effective Monitors?The Journal of Finance, Vol. LXI, No. 2, April, pp. 689723.

    • Search Google Scholar
    • Export Citation
  • Foster, Jeremy, 2006, “Central Banks Should Close the Governance Gap,” Central Banking, Central Banking Publications, Vol. XVI, No.4, May, pp. 2730.

    • Search Google Scholar
    • Export Citation
  • Frisell, Lars; Kasper Roszback, and Giancarlo Spagnolo, forthcoming, “Governing the Governors: A Clinical Study of Central Banks,” working paper presented at conferences at Bocconi University May 2006 and at Sveriges Riksbank September 2006.

    • Search Google Scholar
    • Export Citation
  • Hermalin, Benjamin E., and Michael S. Weisbach, 2001, “Boards of Directors as an Endogenously Determined Institution: A survey of the Economic Literature,” NBER Working Paper Series No. 8161 (Cambridge: National Bureau of Economic Research).

    • Search Google Scholar
    • Export Citation
  • Hopt, Klaus J., and others, eds., 1998, Comparative Corporate Governance—The State of the Art and Emerging Research, (Oxford: Clarendon Press).

    • Search Google Scholar
    • Export Citation
  • Institute of Internal Auditors, 2006, The Role of Auditing in Public Sector Governance, available on: www.theiia.org.

  • Klein, April, 2002, “Audit Committee, Board of Director Characteristics, and Earnings Management,” Journal of Accounting and Economics, Vol. 33, pp. 375400.

    • Search Google Scholar
    • Export Citation
  • IOSCO, 2002, Principles for Auditor Oversight, A Statement of the Technical Committee of the International Organization of Securities Commissions, October. Available on: http://www.iosco.org/.

    • Search Google Scholar
    • Export Citation
  • IOSCO, 2002, Principles if Auditor Independence and the Role of Corporate Governance in Monitoring and Auditor’s Independence, A Statement of the Technical Committee of the International Organization of Securities Commissions, October. Available on: http://www.iosco.org/.

    • Search Google Scholar
    • Export Citation
  • Koh, H. and Woo, E. (1998) “The expectation gap in auditing,” Managerial Auditing Journal 13/3, pp. 147154.

  • KPMG, 2004, Disclosure Checklist: International Financial Reporting Standards, available on: http://ias.kpmg.com.

  • Lybek, Tonny and JoAnne Morris, 2004, “Central Bank Governance: A Survey of Boards and Management,” IMF Working Paper WP/04/226 (Washington: International Monetary Fund). Available on: www.imf.org/external/pubind.htm

    • Search Google Scholar
    • Export Citation
  • Lybek, Tonny, 1998, “Elements of Central Bank: Autonomy and Accountability,” Monetary and Exchange Affairs Department Operational Paper No. 98/1 (Washington: International Monetary Fund).

    • Search Google Scholar
    • Export Citation
  • Mooij, Joke, 2004, “Corporate Culture in Central Banks,” DNB Working Paper No. 6/July 2004 (Amsterdam: De Nederlandsche Bank).

  • National Association of Corporate Directors, 2004, Audit Committees: A Practical Guide, Report of the National Association of Corporate Directors and the Center for Board Leadership. http://www.nacdonline.org/publications/pubDetails.asp?user=16C01F2D6CD543638267485A657C8BBE&pubID=228

    • Search Google Scholar
    • Export Citation
  • OECD, 2005, OECD Guidelines on Corporate Governance of State-owned Enterprises, OECD Paris. Available on: http://www.oecd.org/document/33/0,2340,en_2649_37439_34046561_1_1_1_37439,00.html

    • Search Google Scholar
    • Export Citation
  • OECD, 2005Public Sector Modernisation: Modernising Accountability and ControlOECD Observer April 2005 http://www.oecd.org/dataoecd/56/42/34904246.pdf

    • Search Google Scholar
    • Export Citation
  • OECD, 2004, Corporate Governance: A Survey of OECD Countries, (Paris). Available on: http://www.oecdbookshop.org/oecd/display.asp?tag=XMZ0R8XX4X2X99186KRGAZ&sf1=identifiers&st1=262004011P1

    • Search Google Scholar
    • Export Citation
  • OECD, 1999, OECD Principles of Corporate Governance (Paris).

  • OECD, 1998, Management Control in Modern Government Administration: Some Comparative Practices (Paris).

  • Olsen, John F., 1999, “How to Really Make Audit Committees More Effective,” The Business Lawyer, Vol. 54, May.

  • Petra, Steven T., 2005, “Do Outside Independent Directors Strengthen Corporate Boards?,” Corporate Finance, Vol. 5, No. 1, pp. 5564.

    • Search Google Scholar
    • Export Citation
  • PriceWaterHouseCoopers, forthcoming, Accounting Framework for Central Banks, issued by the Central Bank Financial Reporting Study Group.

    • Search Google Scholar
    • Export Citation
  • PriceWaterHouseCoopers, 1999 updated in 2003, Audit Committees: Good Practice for Meeting Market Expectations, available at: www.pwcglopbal.com.

    • Search Google Scholar
    • Export Citation
  • Proctor, Charles, 2002, “Regulatory Immunity and Legal Risk,” The Financial Regulator, Central Banking Publications Ltd. Vol.7, No. 3, London, December.

    • Search Google Scholar
    • Export Citation
  • Rowland, Gregory S., 2002, “Earnings Management, The SEC and Corporate Governance: Director Liability from The Audit Committee Report,” The Columbia Law Review, 102 Colum. L. R. 168, January.

    • Search Google Scholar
    • Export Citation
  • Sarbanes-Oxley Act of 2002, Public Law 107–204 of July 30, 2002, available on http://www.sec.gov/about/laws/soa2002.pdf

  • Schiffman, Henry, 2004, “Good Governance for Central Banks,” Central Banking (London: Central Banking Publications Ltd.) (August), pp. 426.

    • Search Google Scholar
    • Export Citation
  • Smallman, Clive, 2004, “Exploring Theoretical Paradigms in Corporate Governance,” International Journal of Business Governance and Ethics, Vol. 1, No. 1.

    • Search Google Scholar
    • Export Citation
  • Song, Jihe, and Brian Windram, 2004, “Benchmarking Audit Committee Effectiveness in Financial Reporting,” International journal of Auditing, pp. 195205.

    • Search Google Scholar
    • Export Citation
  • Sullivan, Kenneth Roy, 2003, “Profits, Dividends and Capital—Considerations for Central Banks,” in Accounting Standards for Central Banks, ed. by Neil Courtis and Benedict Mander (London: Central Banking Publications, Ltd.).

    • Search Google Scholar
    • Export Citation
  • Sullivan, Kenneth Roy, 2003, “Transparency in Central Bank Financial Statement Disclosures,” IMF Working Paper 03/76 (Washington: International Monetary Fund).

    • Search Google Scholar
    • Export Citation
  • Sullivan, Kenneth Roy, 2005Enhancing transparency in central bank reportingin Central Bank Modernization, edited by Neil Courtis and Peter Nichol (London: Central Banking Publications, Ltd.).

    • Search Google Scholar
    • Export Citation
  • Sullivan, Kenneth Roy, Tonny Lybek, and Marie-Thérèse Camilleri, forthcoming, “Implications of International Financial Reporting Standards on Central Bank LegislationIMF Working Paper _ (Washington: International Monetary Fund).

    • Search Google Scholar
    • Export Citation
  • Sulkowicz, Kerry, 2003, “New organizational and psychological challenges of the audit committeeKPMG Audit Committee Quarterly, Fall 2003

    • Search Google Scholar
    • Export Citation
  • Turner, Lynn E., 2001, “Audit Committees: A Call to Action,” speech in Atlanta Georgia by the Chief Accountant of the U.S. Securities and Exchange Commission, February 21.

    • Search Google Scholar
    • Export Citation
  • Ugeux, Georges, 2004, “Toward Global Convergence in Corporate Governance: An Assessment of The Current Situation,” International Journal of Disclosure and Governance, Vol. 1, No.4, pp. 339354.

    • Search Google Scholar
    • Export Citation
  • Weil, Gotshal and Manges LLP, 2002, “Comparative Study of Corporate Governance Codes relevant to the European Union and its Member Stateson behalf of the European Commission, Internal Market Directorate General, available at http://ec.europa.eu/internal_market/company/otherdocs/index_en.htm

    • Search Google Scholar
    • Export Citation
1

Marie-Thérèse Camilleri is an Economist, Tonny Lybek is a Senior Economist, and Kenneth Roy Sullivan is a Senior Financial Expert in the Monetary and Capital Markets Department (MCM) of the International Monetary Fund (IMF). The authors would like to thank Isabella Arndorfer, Martin Čihák, Didier Debals, Katie Farrant, Ian Philip Goodwin, Chris Hemus, Fabien Laclavere, Marc Mattens, Clara Mira, Michael North, Arne B. Petersen, Andrea Schaechter, Harry Trines, and seminar participants at the Swedish Central Bank for comments on previous drafts. However, any mistakes and omissions remain the sole responsibility of the authors.

2

The survey is based on selected central bank laws, annual reports, financial statements, or other publicly available information, typically up to 2004, from various web-sites.

3

The IMF Safeguards Policy, adopted in 2000, was primarily designed to address misreporting and potential misuse of IMF resources. A Safeguards Assessment reviews the so-called ELRIC areas covering: External audit mechanism; Legal structure and independence of the central bank; financial Reporting; Internal audit mechanism; and system of internal Controls. These assessments stress the importance of a sound governance framework, including the board’s role in overseeing the transparency and reporting of the central bank, occasionally by recommending the establishment of an audit committee. For details, see: http://www.imf.org/external/np/exr/facts/safe.htm.

4

For examples of large corporate collapses and their impact on regulation, see Box 1.1 in OECD (2004).

5

For good practices for central bank autonomy and accountability, see, for instance, Lybek (1998).

6

See, for instance, Sullivan (2005, 2003A, and 2003B).

7

The term fiduciary is derived from Roman law, according to Black’s Law Dictionary (1990), and designates a person holding the character analogous to a trustee. A fiduciary duty entails that the highest standard of care is imposed at either equity or law, which suggests that there cannot be a conflict of interest. Fiduciary responsibilities of a board and an audit committee typically imply responsibilities to all stakeholders in addition to the immediate shareholders/owners, but the extent to which they are explicitly mentioned in corporate law varies across countries.

8

In 1999 and revised in 2004, the Organisation for Economic Co-operation and Development (OECD) issued the OECD’s Principles of Corporate Governance for commercial corporations. The Principles cover five main areas: protection of the rights of shareholders, equitable treatment of the latter, the role of stakeholders, transparency and timely disclosure, the accountability of the board toward the company, its shareholders and its stakeholders. They are available on: http://www.oecd.org/dataoecd/32/18/31557724.pdf. In addition, a number of countries have issued national codes or principles for listed corporations. See, for instance OECD (2004, Table 2.2) for an overview of national codes in OECD countries. For a broader list of countries, see the European Corporate Governance Institute’s website: http://www.ecgi.org/codes/all_codes.php. The recommendations included in these codes may not always be mandatory, but they tend to be implemented as a result of the requirement to either comply or explain. Complementing its Principles, the OECD has also issued in 2004 the OECD Guidelines on Corporate Governance of State-owned Enterprises, which recommend inter alia a strict separation between the state’s role as owner and regulator.

9

The OECD, for instance, has for instance also developed a special website with guidance for Public Governance and Management: http://www.oecd.org/topic/0,2686,en_2649_37405_1_1_1_1_37405,00.html.

10

For a comparative corporate law review, see e.g., Ugeux (2004), Branson (2001), and Hopt et al. (1998). For an overview of the heterogeneous corporate governance landscape within the OECD countries, see Box 1.4 in OECD (2004).

11

Weil, Gotshal and Manges (2002) survey how the term “corporate governance” is defined in national corporate governance codes across EU member states, illustrating differences in the details and breadth of the definition and distinctions in the emphasis on control and supervision. For the purposes of this paper, the definition used by the OECD is retained (OECD, 2004, page 11): “Corporate governance involves a set of relationships between a company’s management, its board, its shareholders and other stakeholders. Corporate governance also provides the structure through which the objectives of the company are set, and the means of attaining those objectives and monitoring performance are determined.” The OECD adds that “good corporate governance should provide proper incentives for the board and management to pursue objectives that are in the interests of the company and its shareholders and should facilitate effective monitoring. The presence of an effective corporate governance system, within an individual company and across an economy as a whole, helps provide a degree of confidence that is necessary for the proper functioning of a market economy. As a result, the cost of capital is lower and firms are encouraged to use resources more efficiently, thereby underpinning growth.”

12

Only recently have studies been focusing more explicitly on the governance of central banks, among others, Frisell, Roszback and Spagnolo (forthcoming), Foster (2006), Lybek and Morris (2004), Schiffman (2004) and Mooij (2004).

13

The principal-agent theory and its implicit assumptions—that maximization of simple material returns is pursued by rational individuals—have dominated the discussion on how to improve governance. The real-world complexity has often forced company legislators to instead consider “maximizing stakeholder wealth” by elaborating the fiduciary responsibilities of the various governing bodies and management. Smallman (2004) examines three theoretical paradigms in corporate governance: shareholder theory, stakeholder theory, and stewardship theory. He argues that stewardship provides the future direction for corporate governance practice “if organisations are to deliver benefits to both their owners and other beneficiaries whilst not significantly harming the interests of other groups.”

14

One of the issues which has emerged in the U.S. is the extent to which potential liabilities of audit committee members undermine the availability of suitably qualified members. See Rowland (2002) for a review of the liabilities of members of audit committees in the U.S.

15

Whether this is explicit in corporate law varies between countries and over time and leads to different practices in employee representation and disclosure of environmental policies, for instance.

16

Core Principles Methodology, Basel Committee on Banking Supervision, October 2006, BIS Paper, http ://www.bis.org/publ/bcbs130.pdf.

17

For a discussion of these accounting issues, see OECD (2004) Box 3.2. Caruana et al. (2002), using Enron as a focal point to explore the challenges posed by failures of financial reporting also address some fundamental concerns about future accounting. Although fair-value accounting is a sound principle in a market economy, it may be manipulated, particularly in the way future envisaged revenues are discounted. Accordingly, the stakeholders must hold boards responsible for developing better processes to ensure the existence and operation of appropriate control and reporting frameworks.

18

For guidance on strengthening audit committees without undermining the unitary board structure in the U.K. see the Smith Report, available on http://www.frc.org.uk. On July 2003, “The Combined Code on Corporate Governance” in the U.K. (www.fsa.gov.uk/pubs/ukla/lr_comcode2003.pdf) superseded the recommendations on corporate governance from June 1998 by the Hampel Committee. The Combined Code covers both the recommendations of the Higgs group’s review of the role and effectiveness of non-executive directors and the Smith group’s review of audit committees. For a review of the literature on audit committees in the U.S. see, for instance, DeZoort (2002).

19

According to Ugeux (2004, page 345 and footnote 22), French law, for example, does not allow the board to delegate decision-making authority to a committee. A structure similar to that of the German corporate sector is adopted by some companies in France, which choose to establish a Directoire as the management board and a Conseil de Surveillance as the supervisory board. It is important to bear in mind that company laws in the European Union still differ significantly (See Weil, Gotshal and Manges, 2002 and, for a comparison of the UK and Germany, Davies, 2000). Companies registering under the new European company law (Societas Europaea) may elect a one- or a two-tier board system. See Title III Article 38 of the European Council Regulation (EC) No.2157/2001 available at http://eurlex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32001R2157:EN:HTML.

20

For views on the impact of Sarbanes-Oxley, see, among others, Section V in the Interim Report of the Committee on Capital Markets Regulation, 2006.

21

Japanese law is more prescriptive, and requires the board of auditors to attach their audit opinion to the financial statements. Accordingly, the Financial Service Agency of Japan persuaded the U.S. SEC to exempt Japanese issuers listed in the U.S. from the Sarbanes-Oxley Act.

22

By public sector accountability, the OECD means “the obligation of those entrusted with particular responsibilities to present an account of, and answer for, their execution” while control is defined as “a process designed to provide reasonable assurance regarding the effectiveness and efficiency of operations, reliability of reporting and compliance with applicable laws and regulations.” OECD (2005)

23

This approach, pioneered by Australia and the U.K., also stimulated interest in Ireland and Japan. For more details, see OECD (2005). Enterprise risk management is defined by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) as “a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.” (See p.2 of the COSO integrated framework on risk management, available on http://www.coso.org/Publications/ERM/COSO_ERM_ExecutiveSummary.pdf.

24

The results of this survey are available on http://ocde.dyndns.org/.

25

The good practice guidelines clearly state that the PAC will not accept any lack of knowledge of internal control vulnerabilities as a justification for poorly managed or realized risk. See: http://www.hm-treasury.gov.uk/media/5B7/CC/GIAS_good_practice_guide.pdf and http://www.hm-treasury.gov.uk/media/8D2/62/audit_committee_handbook2003.pdf.

26

The Better Practice Guide Public Sector Audit Committees also includes alternative audit committee charters which may be tailored an entity’s particular circumstances. Available at http://www.anao.gov.au/. Australian public sector entities are statutorily required to establish an audit committee, and the guide applies to all entities governed by the Financial Management and Accountability Act 1997 and the Commonwealth Authorities and Companies Act 1997.

27

In 2006, the Basel Committee on Banking Supervision, with a view to complementing the OECD Principles, issued its own corporate governance principles for banks, where it is stated (page 8) that “The Committee believes that it is appropriate and beneficial for large, internationally active banks to have an audit committee or equivalent structure responsible for similar functions.” The paper stresses the importance of an audit committee for banks with single-tier structures, i.e. with a single board combining oversight and management function. The audit committee advises the board to improve transparency and accountability.

28

The European System of Central Banks have developed a set of accounting guidelines for the European Central Bank and national central banks that provides them with consistent framework, which differs in some aspects from full IFRS adoption.

29

Sullivan, Lybek, and Camilleri (forthcoming) will review the implications of International Financial Reporting Standards on central bank legislation.

30

Exhibit 1.5 in Bromilow and Berlin (2006) includes, in its list of transparency and disclosure considerations, the recommendation that audit committees assess whether the disclosures are clear, candid and understandable, that they ensure prominence is given to the most important information and that they do not simply repeat the information contained in the financial statements.

31

Some executives may, for various reasons, assign higher utility to achieving the interests of the collective organization for which they work than serve their narrow personal material interests—the stewardship paradigm referred to earlier, as discussed by Smallman (2004). Their objective function is broader than salaries and pensions, as it also includes such incentives as reputation and stature and may explain why well qualified individuals opt for public sector or central bank employment in spite of lower pay.

32

For instance, with the financial controller, the committee will be called upon to discuss accounting principles, required disclosures and significant operational or reporting issues affecting the financial statements. With the compliance unit (or the legal department), the committee should help assess the entity’s compliance with its external regulatory requirements and internal regulations, especially those of particular sensitivity to financial reporting. With the internal audit, it will review the work program, the results of the audits, and resolution and follow-up of findings and recommendations.

33

In the interest of ensuring that nothing “falls through the cracks” it is probably better to err on the side of duplicating efforts rather than avoiding overlaps in oversight. See Bromilow and Berlin (2006 p.19) for a discussion of the way in which three of the surveyed companies tried to address the potential overlap between the risk management and audit committees. In one of these, the chairperson of the risk management committee acts as the deputy chairperson of the audit committee and vice versa.

34

The results of the latest survey of audit committee chairs in Bromilow and Berlin (2006) denote (on page 89) an increase in the frequency of meetings since the previous survey, from an average of 3.3 times a year in 1999 to at least 4 times a year in person (for 92 percent of the respondents) and 4 or more additional meetings via telephone or videoconferencing (for 76 percent of respondents).

35

See, for example, Petra (2005) or Hermalin and Weisbach (2001) for a review of the literature on independent directors in U.S. corporate boards. While serving on several boards may provide valuable experience and reputational benefits, external directors may also have other obligations that impede their effective oversight. Hence, the empirical evidence is mixed. Fich and Shivdasani (2006), however, find that using number of directorships as an indicator for a busy director in companies listed in 1992 in Forbes 500 during the period 1989–95, is significantly associated with weaker corporate governance, using market-to-book ratio as a measure of corporate performance.

36

See Olsen (1999) p. 1102 for instance. The ten rules for committee effectiveness are also taken up in KPMG (2004) p.2. Dahya, McConnel and Travlos (2002) found—based on a randomly selection of 650 out of 1828 industrial firms on the Official List of the London Stock Exchange during the period December 1988 to December 1996—that the turnover of CEOs increased and that the negative relationship between CEO turnover and performance became stronger after the issuance of the Code. Song and Windram (2004) compared companies (identified by the U.K. Financial Reporting Review Panel) that published defective financial statements during 1991–2000 with their peers and found that: (i) strong representation of independent outside directors positively correlated more effective financial reporting (fewer defective financial statements); (ii) a more active audit committee (more frequent meetings) was positively correlated—although not statistically significant—with fewer defective financial statements; and (iii) there was weak support that lack of financial literacy may undermine the effectiveness of an audit committee. Klein (2002), using a sample of 692 publicly traded firms listed on the S&P 500 as of March 31 1992 and 1993, found that abnormal accruals, used as a proxy for earnings management, was more pronounced for firms with less independent boards and audit committees.

37

See, for instance Sulkowicz (2003) and the SEC Commissioner’s fears on Sarbanes-Oxley dissuades qualified and competent individuals from participating in boards (www.sec.gov/news/speech/spch053003psa.htm). Three quarters of audit committee chairs surveyed in the preparation of the IIA booklet on audit committee effectiveness (Bromilow and Berlin (2006) p.22) are reported to have expressed concern that their responsibilities had increased beyond what could be considered reasonable.

38

In one central bank, as a temporary measure, the full governing board reportedly constituted itself as an audit committee, but appointed a non-executive director as chairman instead of the governor and convened separate meetings with their specific agenda.

40

Bromilow and Berlin (2006) report (in p.77) that as of 2004, the average size of an S&P 500 audit committee was 4.17 members. At a minimum, three members should be considered.

41

This is also the case in the private sector. In U.S. legislation for instance, the same independence requirements are applied to audit committee membership and board membership. See Sarbanes-Oxley Rule 10A-3(b)(1). An independent member is generally defined as being neither an employee, nor related to a current or former executive employee, nor a partner or executive with a business relationship with the organization, including the external auditor, nor a previous manager, nor directly (or indirectly) accepting any consulting, advisory or other compensatory fees, nor a beneficiary of any share option or performance related pay scheme, nor obtaining any financial assistance in the form of loans or advances. Several stock exchanges have tightened their definition of directors’ independence. The approach followed by the NYSE is explained in http://www.nyse.com/pdfs/finalcorpgovrules.pdf.

42

It is noteworthy that the Sarbanes-Oxley Act now requires at least one member of the audìt committee to be designated as a “financial expert.” According to the regulations issued by the SEC in response to Section 407 of the Sarbanes-Oxley Act, an audit financial expert is a person who has all the following attributes: (i) an understanding of Generally Accepted Accounting Principles (GAAP) and financial statements; (ii) the ability to assess the general application of GAAP in connection with accounting estimates, accruals and reserves; (iii) experience preparing, auditing, analyzing or evaluating financial statements that present breadth and level of complexity of accounting issues that can reasonably be expected to be raised by the company’s financial statements, or experience actively supervising person engaged in such activities; (iv) an understanding of internal controls and procedures for financial reporting; and, (v) an understanding of audit committee functions. For the full text of the regulation, see http://www.sec.gov/rules/final/33-8177.htm.

43

The U.K. Treasury handbook (available on http://www.hm-treasury.gov.uk/media/8D2/62/audit_committee_handbook2003.pdf) sets out key assignments for an audit committee with reference to a quarterly meeting schedule.

44

The survey covers Angola, Australia, Bosnia and Herzegovina, Botswana, Cambodia, Canada, Cape Verde, Eastern Caribbean Central Bank, El Salvador, France, Ghana, Hong Kong SAR, Ireland, Japan, Latvia, Lesotho, Madagascar, Malta, Mongolia, Nepal, Netherlands, New Zealand, Portugal, Romania, São Tomé and Príncipe, Sierra Leone, South Africa, Spain, Sri Lanka, Swaziland, Sweden, Switzerland, Thailand, Trinidad and Tobago, Turkey, Uruguay, Uganda, the United Kingdom and the United States. Although a number of additional central banks have established audit committees or similar oversight bodies, these countries could not be included in the survey due to a lack of publicly available information.

45

The central bank (or its board of directors) is ultimately responsible to the general public, but in practice it is held accountable by the electorate’s representatives. In a survey of more than 100 central bank laws, it was found that at end-2003 the central bank was accountable for monetary policy in 35 percent of the cases to the legislature, in 33 percent of the cases to the minister of finance, in 10 percent of the cases to the head of state, and in the rest of the cases to other bodies (Table 3 in Lybek and Morris, 2004).

46

In some countries, the central bank law is amended several times each year, perhaps by decree. The Kazakhstani Central Bank Law of March 30, 1995 had, until end-2003, been amended 16 times. In other countries, the central bank law is rarely amended. The Danish Central Bank Act dates back to 1936 and has only been amended four times (1938, 1939, 1967, and 1969—only minor amendments).

47

An example may be drawn from the BIS’s own audit committee adopted in July 2004 replacing the audit committee’s terms of reference established in 1999. Its charter is available at http://www.bis.org/about/auditcommitteecharter.pdf. Several audit firms have also published references for their clients wishing to establish audit committees. See, for instance, the PriceWaterhouseCoopers handbook: http://www.pwcglobal.com/extweb/pwcpublications.nsf/4bd5f76b48e282738525662b00739e22/253e1c17db806b13802569a10036c92d/$FILE/Audit_Committees_2nd_Ed.pdf).

48

In a board of a commercial corporation, the primary objective is implicit, and a distinction is often made between taking strategic decisions and overseeing management. The board in a central bank may sometimes also need to take a decision on what currently should be the primary objective. See Lybek and Morris (2004) for an overview of the board structure of more than 100 central banks.

51

In the light of recent instances of corporate fraud involving members of management and the board, the regulation of management’s role in the corporate governance framework is becoming increasingly prescriptive. For example, in the U.S. the Sarbanes-Oxley Act of 2002 imposes specific responsibilities on certain officers for functions such as financial reports, the conduct of audits, internal controls, conflict of interest, a code of ethics, and disclosure with enhanced penalties for related crimes. The OECD principles mention key executives in the context of compensation in Principles I.C (3), IV.A (4) and V.D (3) and (4), disclosure in IV.A (4), conflicts of interest in II.C and V.D (6), selecting, monitoring, and replacing key executives in V.D (3), independence of the board from management in V.E and the general monitoring of corporate governance in IV.A (8) and V.D (2).

52

The Institute of Internal Auditors issued a position paper on organizational governance in July 2006, which provides resources and guidance for internal auditors. It is available at http://www.theiiaa.org and raises the possibility for internal audit in more “mature” governance frameworks to provide the board of directors with advice on the implementation of strategy, rather than assessing the appropriateness of internal systems of control.

53

It is often discussed if the internal audit should advise on appropriate internal control structures due to the potential for conflict of interest, but in reality, many central banks’ internal auditors are the best qualified to advise on appropriate control frameworks (BIS, 2001). The Institute of Internal Auditors (IIA) promotes consulting activities of internal audit in their Practice Advisory 1000.C1-1: Principles Guiding the Performance of Consulting Activities of Internal Auditors, while the IIA also states that internal auditors should not assume operating responsibilities in Practice Advisory 1130.A1-1: Assessing Operations for Which Internal Auditors Were Previously Responsible.

54

The dual reporting lines for internal audit raise interesting issues about the right to appoint the head of the function. A range of practices exist that include appointment by senior management, by the board, on recommendations of the audit committee, and by the supreme government auditor (independently of any governance or management function). A common configuration is for senior management to appoint the auditor after (formal or informal) consultation with the head of the audit committee.

56

Available on: http://www.iosco.org/library/pubdocs/pdf/IOSCOPD133.pdf and summarized in Box 3.3 and 3.9 in OECD (2004). The U.S. SEC rules on auditor independence adopted further to the enactment of Sarbanes-Oxley are also available at http://www.sec.gov/rules/final/33-7919.htm Furthermore, note the recent EU Directive 2006/43/EC on statutory audits of annual accounts and consolidated accounts addressing some of the same concerns as Sarbanes-Oxley.

57

BIS Principle 16 states that “supervisory authorities should encourage consultation between internal and external auditors in order to make their cooperation as efficient and effective as possible.” The interaction between the internal and external audit is further discussed in BIS (2002) available at http://www.bis.org/publ/bcbs87.htm. It is also noted that “A detailed audit of all transactions of a bank would be not only time-consuming and expensive but also impracticable. The external auditor therefore bases the audit on the assessment of the inherent risk of material misstatement, the assessment of control risk and testing of the internal controls designed to prevent or detect and correct material misstatements, and on substantive procedures performed on a test basis. Such procedures comprise one or more of the following: inspection, observation, inquiry and confirmation, computation and analytical procedures.”

58

See for instance http://www.hm-treasury.gov.uk/media/AF8/90/CM5456_Sharmans1.pdf which suggests that to make the most of external audit, the ‘watchdog’ role should be combined with that of an adviser, provided it does not undermine independence.

59

SEC rules that came into effect in April 25, 2003 state under Section 3(a)(58) of the Exchange Act 15 U.S.C. 78c(a)(58) as added by Section 205 of the Sarbanes-Oxley Act, that an issuer either may have a separately designated audit committee composed of members of its board or, if it chooses to do so or if it fails to form a separate committee, the entire board of directors will constitute the audit committee. See Sarbanes-Oxley Act 2002 and subsequent SEC Rule 301 “Standards Relating to Listed Company Audit Committees” available at http://www.sec.gov/rules/final/3 3-8220.htm#scope

60

As part of the review of transparency in reporting, audit committees may question the appropriateness of the accounting policies adopted, relative to prevailing accounting standards, and how this is reflected in the financial statements. While an audit committee cannot depart from specific accounting standards and still expect an unqualified audit, it may be able to challenge the manner in which standards are applied and disclosures produced.

61

Drawn from a survey of the central bank’s laws, annual reports, financial statements, or other publicly available information, typically up to 2004, available on various web-sites. Since this is an evolving area, the survey may not be fully up to date.