Bank stocks rallied earlier this year but then faltered mid-year in the throng of worries about the European debt crisis.
“It’s really been a lost decade,’’ said Steve Hovde, the president and chief executive officer of The Hovde Group, an investment bank that focuses on the financial services sector. He was speaking at Bank Director’s Bank Audit Committee Conference this month in Chicago.
Looking at bank stocks going back to 2007, when valuations reached their peak, the U.S. SNL Bank and Thrift index was down about 60 percent through May.
The current global outlook has put a good deal of pressure on bank stocks lately, as well. Even banks that don’t have exposure to European debt are feeling the heat, as the crisis will put a drag on the U.S. economy, Hovde said. And a weak U.S. economy will do nothing for U.S. banks.
“Until we see a healthy economy, we’re not going to have a healthy banking sector,’’ he said. “Until we get employment back, the banking sector is going to have pressure.”
Housing still is a drag on the economy. Moody’s Analytics has predicted that home values, while improving in some markets, won’t return to pre-crisis levels until 2017. Home prices have lost about one-third of their value since hitting a peak in 2006, according to the Fiserv Case-Shiller composite index.
On the other hand, banks have been getting rid of bad loans and improving their balance sheets. On the credit side, net-charge offs of bad loans are declining, and tangible capital ratios are slowly being rebuilt, Hovde said.
Profitability has improved, as well, as banks reduced their loan loss provisions year-over-year in each of the past four quarters.
Return on average assets has risen to an average of 1 percent in the first quarter of 2012, up from .76 percent in the fourth quarter of last year, according to the Federal Deposit Insurance Corp.
A strengthening bank sector has led to slightly better deal pricing in mergers and acquisitions, but deal volume is still very low.
Uncertainty about commercial real estate and housing values still is hindering deals, as well as the fact that the stock of many buyers and sellers’ is trading below book value, Hovde said.
The glut of failed banks could also be putting a crimp on deals in some markets, and Hovde predicted that the Chicago area alone will probably have another 10 to 15 bank failures. Nationwide, there were 403 banks with a Texas ratio greater than 100 percent as of March 31, according to SNL Financial LC. A Texas ratio greater than 100 is an indicator of potential failure. There were 59 banks with a Texas ratio greater than 300 percent, and 36 of them are in the Southeast.
Still, the pace of bank failures has slowed and many buyers are beginning to turn their focus to non-FDIC assisted deals, he said.
“With M&A I think we’ve probably hit the bottom and will probably see it pick up absent another global financial crisis,’’ Hovde said.
For community banks, these are interesting times. The economic recovery hasn’t gained enough steam for institutions to be able to count on solid returns. Many banks also face a lingering credit crunch as access to capital remains restricted nearly four years after the Troubled Asset Relief Program. In fact, more than 350 institutions, many of them community banks, still have TARP and many of them are having trouble raising the capital needed to repay government funds. To top it all off, the coming implementation of the Dodd-Frank Act has created uncertainty—although community banks were exempted from some of the law’s more stringent requirements, there are still concerns that even smaller institutions will eventually be held to the same standard.
Against this backdrop, the work of audit committees has taken on added importance. With a slim margin of error and a shifting regulatory landscape, verifying that the proper internal controls and compliance measures are in place can be the difference between thriving, barely surviving, and falling behind the competition. Here are the top three issues that audit committees of community banks need to have on their radar for the coming year.
1. Don’t Neglect Audit Fundamentals
Audit committee members should approach their annual audit not as a routine exercise but as an opportunity to reassert their independence, neutrality and objectivity. Although audit committee members are well acquainted with their institution’s strengths and weaknesses, they should force themselves to adopt an impartial perspective when assessing external audit findings.
With this in mind, audit committee members should make sure the external auditor is asking the right questions and verify that the audit is being conducted with a healthy dose of skepticism. By dispensing with preconceptions about their institution, committee members can remain open to all answers, explore all possibilities—and more important—be prepared to take the actions necessary to address any issues the external audit uncovers. Furthermore, members can help promote a culture of strong internal controls by demonstrating their commitment to a thorough audit.
2. Try to Anticipate What Comes Next
As regulations and requirements continue to evolve, audit committees needn’t wait for the Federal Reserve or other agencies to release guidance to get a sense of the potential impact on their institution. Fortunately, seeing the future doesn’t have to involve a trip to a psychic for a tarot card reading. The following sources can provide important hints of what to expect.
The Center for Audit Quality, based in Washington, D.C., regularly publishes insight and the latest developments. Its board includes leaders from public auditing firms and it is affiliated with the American Institute of Certified Public Accountants.
The business press, both in its coverage and the mix of stories, can be a barometer of where policymakers and enforcement agencies are directing their focus.
3. Be Forthright in Communicating About Negative Audits
Community banks, by the very nature of their close relationship with customers and local businesses, must take special care in explaining audit findings. In the event of a negative or potentially damaging audit, audit committees can play an instrumental role in developing a communications strategy, particularly since an audit can uncover complex or arcane issues that may be difficult for other bank executives or the public to understand.
Across all communications channels—from press releases and investor relations calls to Securities and Exchange Commission filings—committee members should work to be sure that the information is consistent. Moreover, an institution should strive to demonstrate that it embraces accountability and transparency. The tone and messaging can help send a powerful signal that the bank has nothing to hide and is taking the necessary steps to address issues. Information on performance that goes beyond the financial statements is important to maintaining confidence in your institution. For example, non-GAAP key performance indicators such as customer retention and assets under management can offer context and help allay any fears among the public.
By remaining objective, proactive and transparent, the audit committees of community banks can help their institutions stay nimble in the face of changing conditions while instilling confidence in local customers.
Now that the worst of the financial crisis is behind them, bank boards might think they can finally breathe a sigh of relief. Except that they can’t. More than 350 people attending the Bank Director Audit Committee Conference June 7-8 in Chicago learned about the new challenges facing audit committees this year—from new regulations regarding risk and compensation, to the struggle that many banks face trying to build capital and grow revenue and earnings in a difficult economic environment. Participants also received instruction on how to identify and root out large-scale internal fraud, one of the worst threats to the bank’s survival, as well as an update on trends in liability and insurance for bank directors.
“The conversation has shifted,” said Robert Fleetwood, a bank attorney with Barack Ferrazzano Kirschbaum & Nagelberg LLP in Chicago, who spoke at the conference. “Now, it’s more of a ‘thank God we survived.’ Once you can label yourself a survivor, you can think about the next three to five years.”
Several directors spoke at the conference about their challenges and solutions at a wide range of banks, from the Bank of Tennessee in Kingsport with just $650 million in assets to $20-billion asset SVB Financial Group in Santa Clara, California, which has offices in China, India and the United Kingdom.
Regulation and capital will be huge areas of concerns during the next few years, as most of the rules coming out of the Dodd-Frank Act haven’t been finalized yet. Plus, many banks still lack sufficient capital to acquire other institutions. Risk management will be an area of heightened focus for regulators and banks, the vast majority of which don’t have a separate risk committee. As part of that, even though stress testing is only required for banks above $10 billion in assets, the Federal Deposit Insurance Corp. this month published a guide to stress testing for community banks.
However, Pamela Martin, a senior supervisory financial analyst in the supervision division of the Federal Reserve, tried to calm worries at the conference about increased regulation and pressure to comply with rules designed only for the bigger banks.
“Dodd-Frank is really geared at the largest institutions and it’s not designed for community banks,’’ she said. “We have no intention of applying this to community banks, including stress tests.”
Speakers at the conference also talked about how to handle risk on the audit committee and ferret out fraud.
“If I served on a bank board, I would want to know someone served as [the chief risk officer],” said James Shreiner, a senior executive vice president at Fulton Financial Corp, a $16.5-billion bank holding company based in Lancaster, Pennsylvania. “They might have 10 other jobs that they do but [banks] need to have someone who is responsible for risk and not have that be someone responsible for the revenue side.”
Knowing what the bank’s risks are, including the potential for fraud inside and outside the bank, is a particular focus for audit committee members.
“People are more willing to take a risk. Profits are down. Loans are down,’’ said Wynne Baker, the head of the banking practice at KraftCPAs in Nashville. “You want to be in business five years from now and so you want to make sure you have the right tone at the top.”
After the passage of the Sarbanes-Oxley Act, audit committee members experienced an increase in the intensity of the spotlight the public and regulators placed on them—and the focus didn’t just affect public companies. The current financial crisis again has put a spotlight on the responsibilities that all boards and audit committee members face. Although audit committees are actively engaged with their management teams and internal and external auditors, it can be difficult to know what should be the focus of those ongoing discussions.
So what are the things that audit committees should be thinking about today? Highlighted here are three of the critical risk areas that audit committees should have on their minds.
1. Earnings and Growth Plans: Early Assessments of the Risks
The credit challenges and related complications of the financial crisis are improving for many banks. Management teams are focused on returning to sustainable profits. Lending groups are actively looking to build their portfolios, and management teams are considering new products and services and expanding existing programs.
Audit committees need to be aware of the strategies their organizations are considering and of the associated risks. Internal audit should be auditing those risks. Whether a bank is considering resurrecting an old lending strategy or launching a new product or service, early action by the audit committee and internal audit will safeguard the organization. Audit committees and internal audit should work to understand their organization’s initiatives, limits and controls, and understand the risk monitoring that exists at their institutions.
2. Compliance: Effective, Efficient, and Critical for Survival
Compliance doesn’t always seem like the most strategic topic, but a lack of compliance can have consequences that quickly become strategic. Consumer regulations have changed significantly over the past few years, and more changes are on the horizon as the regulatory focus on consumer compliance has increased noticeably.
Audit committees should understand not just the details of compliance for individual regulations, but the compliance program itself. Having a robust system in place to identify changes, assess the enterprise-wide effects, and respond effectively is the only way that ongoing compliance can be achieved. Internal audit cannot just rely on management monitoring systems; it must perform independent testing of the compliance program and of compliance risks. Audit committees should understand the risk assessment process and internal audit’s coverage approach with respect to consumer compliance, and they should be comfortable that the compliance program will produce consistent and efficient results across all regulations and lines of business.
3. Enterprise Risk Management: Present, Comprehensive, and Insightful
Enterprise risk management (ERM) has been a topic of conversation for many years, but the level of discussion within banks and regulatory examinations is greater today in light of the financial crisis. Companies need an ERM process that is designed to address all risks across an organization and that provides meaningful information to executive management and the board. In addition, in response to the Dodd-Frank Wall Street Reform and Consumer Protection Act, which requires a board-level risk committee for firms with more than $10 billion in consolidated assets, examiners sometimes are asking much smaller organizations to put programs in place that include board-level oversight.
Audit committees should understand their bank’s ERM program, and internal audit should evaluate its effectiveness. Questions to consider include: Does a program already exist, and, if so, who owns the program? Are the right people involved? Do the results prompt the right discussions (are the company’s biggest risks part of the conversation)? Do the board and executive management support the process and the outcomes?
The goal of ERM is not to simply to comply with a regulatory mandate, but to establish a disciplined process whereby the most significant risks are summarized for insightful discussion and response. As it does with all critical areas of its bank, an audit committee must make sure that the ERM function exists and that it is operating as intended.
Having confidence in the quality and scope of the internal audit function should be a priority for any bank’s audit committee. Though the three critical areas discussed above are not exhaustive, they represent some of the larger issues facing banks today. Ongoing changes are inevitable. Adding specific consideration of changing risks—and potential changes to audit plans—could be a useful topic for audit committees to add to their agendas.
Robert Fleetwood is part of the financial institutions group and is the head of the group’s securities law practice area at law firm Barack Ferrazzano Kirschbaum & Nagelberg LLP in Chicago. Here, he talks about the increasing demands for capital and the trickle down impact of the Dodd-Frank Act, topics for the upcoming Bank Audit Committee Conference in June.
What are the kinds of questions you think audit committee members should be thinking about?
Many of our clients, particularly our private community banks, have recently been asking: “Where will we be in five years? What do we need to be thinking about?” With today’s regulatory environment, signs of recovery in the general economy and continued advances in technology, these are critical questions that all directors should be asking. I will be participating in a peer breakout focused on community banks at Bank Director’s upcoming Bank Audit Committee Conference to discuss some important issues for audit committee members. Capital is of particular importance for all banks and I will discuss potential future capital requirements and what institutions can be doing now. I will address the role of the audit committee in risk management and the emergence of full risk committees. I will also talk about the mergers and acquisitions process and what all organizations should consider, whether or not they may participate in an M&A transaction.
Two of my partners will also speak at the conference. Joseph Ceithaml will participate in a breakout session regarding best practices that audit committees should consider to improve performance and will touch on topics including committee responsibilities, charters, the agenda-setting process, communication between meetings and committee membership. Additionally, John Geiringer will speak on some important regulatory issues, including recent Federal Deposit Insurance Corp. lawsuits and what boards of banks can learn from them to improve their practices.
Will regulators require higher levels of capital in the future? How can community organizations access capital?
There continues to be debate about whether capital is king to a financial institution’s health and well-being, or whether other factors, such as liquidity, are actually more important. Regardless of one’s viewpoint, it is clear that regulators and investors place a heavy emphasis on capital levels and that this will continue into the future. Basel III, Dodd-Frank and the unquantified “regulatory expectation” will shape what future capital requirements will be for all institutions, regardless of size. Not only are higher capital levels expected, but the components of capital will also change, with a clear bias toward more permanent common equity. A key question for community banks is whether they will need to raise additional capital to implement their strategic plans and, if so, how will they raise the necessary amount. Many community banks have relied on directors and existing shareholders for additional capital. Changes to the private placement rules included in the recently adopted Jumpstart Our Business Startups Act (the JOBS Act) may make it easier for banks to solicit others in their community for additional capital.
Will Dodd-Frank have a significant impact on community banks? What do audit committee members need to know?
The Dodd-Frank Act has certainly played a significant role in financial institutions’ strategic planning over the past two years. However, there is still uncertainty over Dodd-Frank, with many questioning how it will be completely implemented and affect community financial institutions. There is also the potential impact of the upcoming elections and events outside the U.S. financial services industry. Almost two years after the enactment of Dodd-Frank, about 75 percent of the required rulemaking has yet to be completed. Of the rules that have been completed, only about half have become effective. Over the last six months, regulatory agencies have begun to promulgate some of the major systemic risk rules that primarily affect the largest financial institutions. Many of the controversial proposals that attract most of the media attention are geared toward these larger institutions, including the Volcker Rule, capital stress testing and the preparation of the so-called institutional “living wills.”
Many of the rules that will ultimately be developed under the Act will likely have a trickle-down effect on smaller institutions, either through actual regulation or prudential supervisory guidance. Additionally, regulators are currently focused on consumer compliance issues, with the new Consumer Financial Protection Bureau leading the way, and many of those rules are becoming more subjective in nature, making monitoring and ensuring compliance more difficult. With all of this uncertainty, all directors, including audit committee members, will need to closely monitor regulatory developments and continue to plan for increased regulatory and compliance costs.
In preparation for the upcoming audit committee conference in Chicago in June, Bank Director asked bank attorneys and accounting experts speaking at the conference to name the top issue facing bank audit committees in 2012-2013. Most thought audit committees will have to wrestle with risk issues, whether it’s the risk created by certain types of compensation or the risk of running into problems complying with all the new rules resulting from the Dodd-Frank Act.
“If not number one, compensation risk will certainly be one of the top issues facing audit committees over the next 18 months. And a key question audit committees need to ask themselves is: Are our pay practices defensible? Whether the compensation review involves peer group composition, external benchmarking, internal equity and incentive plan risk assessments, or true pay-for-performance, investors and regulators alike will want evidence that all of the reward components are fair. Going forward, simple assurances won’t be enough to satisfy them.”
—Patrick J. Cole, human resources senior consultant, Crowe Horwath LLP
“The top issue facing audit committees this year is how to handle forward-looking risk management, including consumer compliance, regulator exam and balance sheet risk. “
—Ronald H. Janis, partner, Day Pitney LLP
“The accounting issues are complex, and the bank regulators are taking a very conservative approach to interpreting them, which may or may not be in accordance with past accounting practice (historical GAAP). Their conclusions on the time frame for the implementation of related adjustments can also be problematic.”
—Bill Knibloe, partner, Crowe Horwath LLP
“The top issue for bank audit committee members is how can the audit committee improve its risk management program and focus on key risks? Do management and the board have a clear, concise response program in case of a crisis?”
—Michael T. Rave, attorney, Day Pitney LLP
“Audit committee members should continue to increase their knowledge and education on banking because the banking model will demand more from directors.”
— Wynne E. Baker, member-in-charge, KraftCPAs PLLC
We asked audit committee chairmen (and women) what their committees are grappling with in the year ahead. With the passage of the Dodd-Frank Act in 2010, it’s obvious from their responses that compliance with government regulations has become a huge concern. But so is monitoring the organization’s risks, including IT risks, and figuring out how to make a profit in an environment of low interest rates.
What do you believe are the top issues facing audit committee members in 2012 and into 2013?
We need to focus on developing the appropriate stress tests for our institutions to determine, monitor and support our capital adequacy; focus on liquidity risk as macro-economic conditions improve and many of our institutions face a run-off of deposits to higher earning assets; and institutionalize the lessons learned during this credit cycle.
– Robert F. Coleman, audit committee chairman, PrivateBancorp, Inc., Chicago, IL
I think the top issues are sustaining a risk-based focus with executive leadership, adapting risk oversight at the board level to new Dodd-Frank and Fed requirements and figuring out how to make money in a flat interest rate environment for the next two years.
– Ingrid S. Stafford, audit committee chairman, Wintrust Financial Corporation, Lake Forest, IL
IT & Security Risks
I agree that compliance, particularly trying to understand what is coming with Dodd-Frank, is growing in importance. IT risk is also taking a bigger share of our time. Everything from privacy and security (including cyber-security), to emerging technologies like the cloud, social and mobile are going to be a focus for us.
– David L. Copeland, audit committee chairman, First Financial Bankshares, Abilene, TX
Compliance continues to be one of the top issues. More and more internal resources are being directed to the ever growing compliance requirements. Disclosure is another struggle. I suspect that eventually, the 10-Qs and 10-Ks will become so lengthy that no one will read them with footnotes that now span multiple pages and are seemingly redundant to matters covered in other sections of the submissions. Risk is a concern. Each of us hopes that we do not overlook the obvious.
– Gordon Budke, audit committee chairman, Banner Corporation, Walla Walla, WA
The exponential acceleration of regulations will become an increasing challenge for audit committees of all banks, regardless of size. The compliance area alone, where banks are being required to implement government policy initiatives, is a prime example of this challenge. In addition, regulators are requiring extensive documentation of all actions taken and not taken in a culture where risk is to be reduced to zero. Therefore, the audit committee’s role is changing rapidly and must constantly be reassessed with these increasing responsibilities.
– John E. Seward, Jr., audit committee chairman, Bank of Tennessee, Kingsport, TN and Carter County Bank, Elizabethton, TN
I believe the top issues confronting audit committees this year and next are developing, implementing and monitoring audit plans, including internal audit. These plans are focused on the identification and weighting of risk elements arising out of the transition of the banking industry from the defensive/capital conservation strategies of the past three years to the growth/capital deployment strategies to be implemented over the next several years. The economy and the need for bank financing will expand together with the regulatory risks presented by the Dodd-Frank legislation.
– Timothy B. Matz, audit committee chairman, PacWest Bancorp, San Diego, CA
Recent federal guidance on bank incentive compensation practices, combined with the landmark Dodd-Frank Act, is requiring bank compensation committees and their audit or risk committee counterparts to take a collaborative approach to determining whether their plans pose a material financial risk to the institution. This and other topics were covered at a roundtable discussion on compensation risk that brought together directors and human resources professionals at large, publicly traded banks, representatives of the McLagan consulting firm and the law firm Kilpatrick, Townsend & Stockton. The half-day event was held in late September at the University Club in Washington, DC.
Released in June 2010, the new rules mandate that banks must review all of their incentive compensation programs annually to make sure they have an appropriate balance of risk and reward, and that the board of directors is providing an adequate level of governance oversight.
Al Moschner, who is chairman of the compensation committee at $13.9 billion-asset Wintrust Financial Corp. in Lake Forest, Illinois, said the compensation committee sponsored a meeting with the chairmen of the other board committees, the chief executive officer, the chief financial officer and the chief risk officer to review the risk profile of the bank in the current environment. A head of the bank’s human resources department also described the various levels of compensation that are being contemplated for the coming year. “And then there was a robust discussion about whether that makes sense from a risk perspective,” Moschner says.
Wintrust also emphasizes an integrative approach to managing compensation risk by having some directors serve on both its compensation and audit committees. “We try to make sure we have some cross-pollination between the two committees,” Moschner explains.
“The compensation committee needs to work collaboratively with the bank’s risk committee,” says Todd Leone, a principal at McLagan. “The risk committee needs to review the goals that drive the bank’s incentive plans. They have to ensure what is being motivated doesn’t have unintended consequences. The compensation committee drives plan design; the audit/risk committee ensures it is within the bank’s overall risk tolerance.”
Compensation committees today also face the challenge of developing an appropriate set of performance metrics for long-term incentive plans. Part of the problem is that federal regulators are now focusing greater attention on compensation risk generally, but fundamental changes that have affected the entire industry add to the challenge. “How banks make money now is now very different and that makes it harder to develop incentive compensation plans,” says Clifford J. Isroff, the lead independent director at $14 billion-asset FirstMerit Corp. in Akron, Ohio, and a member of both the compensation and risk committees.
Wintrust’s long-term incentive plan used to be based on a single metric—annual earnings growth?but the current operating environment has led the bank to build multiple performance metrics into its plan, including return on assets and growth in tangible net assets.
Another controversial issue that compensation committees are being forced to deal with is the clawback provision in the Dodd-Frank Act. The act requires the Securities and Exchange Commission to direct the national securities exchanges like NYSE Euronext and NASDAQ OMX to prohibit companies from listing their stocks if they have not adopted clawback policies that would allow them to recover incentive compensation that has already been paid to former or current executives if it was based on incorrect data.
Gayle Applebaum, a principal director at McLagan, said many of her bank clients are finding some resistance from their senior managers to the very notion of clawbacks, as well as deferrals that are now being built into many incentive plans. “Oftentimes managers don’t want these things for their people,” Applebaum says. “They are worried about their ability to retain talent.”
One point that most of the participants agreed on was the importance of having a strong risk culture throughout the organization. Although it will still be necessary to vet the bank’s incentive compensation plans annually to satisfy the new federal requirements, a strong risk culture is every bank’s first line of defense.
“If you manage the risk, I’m not worried about the compensation plan,” said Frank Farnesi, who is chairman of the compensation committee at Beneficial Mutual Bancorp Inc., a $4.7 billion-asset mutual holding company in Philadelphia.
Managing internal audit is one of the most critical functions of the audit committee. The audit committee not only oversees the internal audit function of an organization, but often recruits and hires the director of internal audit, who reports directly to the audit committee. The committee must take care to ensure the audit function’s independence from management and make decisions about how to handle whistleblower complaints and internal investigations. A best practice is to have an executive session during every audit committee meeting to allow the director of internal audit to discuss issues privately with the committee. The audit committee chairman also should have a trusting relationship with the director of internal audit that is based on open communication.
The Importance of Independence from Management
The director of internal audit must have free and open access to the board-level audit committee in order to ensure that he/she has total independence and the freedom to take whatever steps are deemed appropriate to investigate audit matters.Accordingly, the director of internal audit (DIA) reports directly to the audit committee, which is generally represented by the chairman. In fact, it works best when the audit committee assumes responsibility for recruiting and hiring the DIA.While bank management (via its human resources department) might assist in such matters, it is the audit committee that oversees the process and makes the hiring decision.
Because the audit committee chairman is not on-site on a regular basis, the DIA often reports administratively (represented by a dotted line on the organizational chart) to an executive level bank manager.This might be the chief risk officer, the chief financial officer, the president, or the chief executive officer.The level at which the DIA reports administratively can be reflective of the organization’s tone regarding the importance of the internal audit function and of protecting its independence.It is often therefore recommended that the DIA report administratively to the CEO unless there is strong justification for doing otherwise. This administrative oversight might include matters such as approving vacation absences and coordination of other, internal management functions.This management-led administrative oversight does not, however, extend to the performance of internal audit duties.
In the event bank management has an issue with or concern about the performance of the DIA, management should communicate such issues and concerns directly to the audit committee chairman.For example, if management observes that the DIA is not effectively managing his or her staff or that the manner in which audits are being conducted is overly confrontational and/or ineffective, management would discuss such matters with the audit committee chairman (and not with the DIA directly).The audit committee then has direct responsibility for investigating and discussing such matters with the DIA.
Management must take care to respect the DIA’s independence and not take any actions that might impair the DIA’s independent judgment.It is the audit committee’s duty to ensure this.
The DIA and the audit department staff work very closely with the audit committee, often functioning as the committee’s staff.It should be noted that this role is unchanged when some or all of the internal audit functions are out-sourced to private vendors.In such event, the DIA still reports to the audit committee and he/she supervises the vendors.The audit committee is responsible for reviewing and approving all outsourced audit vendor engagements.
Now let’s talk about how this works in real life.
How to Handle Audit Meetings
Who is generally invited/present at audit committee meetings?And how might the presence of senior level bank management impact the DIA’s independence or opportunity to speak freely to members of the audit committee?How should the audit committee handle concerns raised by the DIA or by bank management?
Different boards function differently.There is no carved in granite rule about who should be invited to attend audit committee meetings.Often the CFO, the CEO, the chief risk officer, the chief credit officer, and/or representatives from the external audit firm are in attendance at audit committee meetings.Some banks invite management representatives from the areas that have been audited to attend the meeting when that audit is being reviewed.Who attends is not important?but it’s important to make sure that whoever is in attendance does not interfere with the DIA’s independence.To ensure that the DIA has free and open communication with the committee, the audit committee chairman should schedule an executive session at the end of each audit committee meeting.Do not wait until the end of the meeting to ask if there is anything that the DIA would like to discuss in executive session.Instead, schedule an executive session as part of the agenda for every single meeting.If there is nothing to discuss, the executive session will simply adjourn.An executive session can take place in multiple parts.First, all bank management is excused and the DIA is invited to stay with the committee.Once everyone but the DIA has been excused, the committee chairman should ask the DIA to discuss any concerns he or she has.The audit committee chairman might ask the DIA to confirm that staffing is adequate (to ensure that budgetary limitations are not resulting in inadequate staffing); or whether bank management is appropriately responding to and following-up on all audit matters.
In the event that the DIA comes forward with a concern of such nature, the audit committee is then responsible for addressing those concerns and for giving direction to management.The audit committee must do so in a constructive manner, so that it does not reflect negatively on the DIA.
For example, let’s say that the DIA does not feel that he or she has adequate staff.The committee’s minutes might reflect that a discussion took place about the number of audit hours that are required to adequately address the bank’s internal audit schedule, and the committee concluded that the current staffing level is not adequate.The committee, therefore, recommends either the addition of another member to the internal audit team, or that the DIA engage an external vendor to perform portions of the internal audit work.Addressing it in that manner makes it the committee’s recommendation.
Similarly, if there are a number of open audit findings – matters that have been open for some time – and the DIA does not feel that management is taking appropriate steps to resolve them; the DIA might bring that to the committee.The committee’s minutes could reflect that a discussion took place about the large number of open audit matters that appear to have been open for too long a period of time and the committee will discuss such concerns with the president or CEO to ensure that they are being given appropriate attention by the responsible manager.Again, addressing it in that manner makes it the committee’s recommendation.
Whistleblower issues are generally directed to the audit committee chairman and/or to the director of internal audit.When the audit committee chairman receives notice of a perceived whistleblower issue, the audit committee chairman should immediately contact the director of internal audit so that the two of them can discuss and determine how best to investigate the matter.Whistleblower matters require confidentiality and trust.When requested, care must be taken to protect and ensure the anonymity of the reporting party.When deemed appropriate, the DIA and audit committee chairman may engage external, third-party professionals to help investigate whistleblower matters.
Performance Problems – Performance Evaluation
The audit committee, generally via its chairman, completes the formal performance evaluation of the director of internal audit.The audit committee chairman may solicit input from other bank management and from other committee members, as appropriate.While the bank executive manager who supervises the DIA for administrative purposes participates in this process, it is the audit committee chairman who takes the lead.This confirms that the DIA reports directly to the audit committee.
The relationship between the director of internal audit and the chairman of the audit committee should be one of openness and trust.These two individuals both tasked with the independent oversight of internal audit matters must be free to communicate with one another and they must trust one another to protect the confidentiality of such communications at all times.
The principals in our firm have completed over five hundred board projects, in our experience the answer to who should sit on your board is, in every case… it depends. Every search is unique.
Who Should Be On Your Board – Determine Your Needs
There are a myriad of factors that determine who should serve on your board. The composition and culture of your current board are important factors. Similarly, the nature of your company is a variable in determining who should serve on your board:
Your current board of directors, in some of its composition, is reflective of what the company was, or aspired to be, in years past. Your company’s profile is just a snapshot of what the company is today. Therefore, importantly, where is the company headed? What are the most important objectives to be achieved? In other words, what is your corporate strategy? The answers to these questions need to be understood in determining who will be the most valuable director(s) for your board. The person or people who should serve on your board are born from your strategy.
When you overlay your corporate strategy with an assessment of the toolkits of each director on your board and consider your company’s profile, you can create a matrix. The matrix illustrates the competencies you need to acquire to enable your board to guide your company toward its strategic goals. Add to this sensitivity to the board’s culture and you will see who should be on your board.
Who Should Be On Your Board – Universal Elements
Every company’s board competency matrix will be different, but there are a few common components that are found on most well-built boards:
Diversity: This is stating the obvious, but a variety of perspectives is an important component for all boards.
Operators: Among the members of every board should be one or two current CEOs or COOs, who will provide the board with an operator’s perspective and often act as a sounding board to the company’s CEO.
Financial Acumen: This is a broad skill set, ranging from accounting and audit skills to treasury, financing, and M&A experience. We have not worked with a client yet who has said, “We have too many board members with financial savvy.”
Industry Knowledge: An independent director with deep experience in the company’s industry will augment management’s expertise, can serve to educate other directors on the industry, and can provide an informed board level evaluation of industry specific items.
Customer Knowledge: Board members with significant knowledge of major customer categories provide valuable insight in board discussions.
Regulatory / Compliance: Knowledge of regulatory issues facing a company may be critical. The same holds true for risk.
Technology: Every business relies on technology. Having a director who can evaluate the impact of technology on the company, make strategic recommendations and communicate effectively with other members is always valuable.
International: This may not apply to all companies, but to those it does, it is a major concern. Boards are clamoring for directors who not only have a global perspective, but boots-on-the-ground international experience running a business, particularly in the BRIC countries.
Committee Composition: Members should have relevant domain knowledge. (e.g. People on the compensation or audit committee have to understand the material).
Who Should Be On Your Board – Personality Traits of Great Directors
The depth of experience, level of success, and amount of talent a director has is irrelevant if it cannot be effectively utilized. Individuals should be intellectually and emotionally strong enough to actively participate and offer positive critical review, yet modest and mature enough to recognize their appropriate role as a board member and the need for partnership with their fellow board members and company management. They should be analytical and able to constructively evaluate a strategy, acquisition, and business plan. The candidate should be forward thinking and strategic, yet pragmatic and operationally savvy, with a passion for building true shareholder value. The personality/chemistry must be a fit. Honesty, openness, and high ethical standards are mandatory. It is important that a potential board member be prepared to be an active and engaged director, and willing to make a long-term commitment to the company.
Who Should Be On Your Board – Get The Leadership Right
Roles on the board are not created equal. There are four leadership roles that every board must have: non-executive chair / lead director, audit committee chair, compensation committee chair, and nominating & governance committee chair. Get these roles right and it will translate directly into shareholder value.
1) Non-Executive Chairman / Lead Director
Shareholders have always entrusted the board to carry out its fiduciary responsibilities, but in our contemporary business environment, regardless of the title given to the role (non-executive chair, lead director, presiding director…), it is essential for effective corporate governance that the board of directors have a non-management director as the recognized leader of the board, not the CEO. Dividing the duties of the leader of the company (the CEO) and the leader of the board acknowledges the new and increased responsibilities of both positions. It also creates checks and balances between management and the board, and is meant to be a deliberate expression of independence to shareholders and the market.
The clearest distinction between the two roles is, simply, the non-executive chairman / lead director runs the board, not the company (that is the domain of the CEO). In running the board, the non-executive chairman / lead director has a wide range of responsibilities, which can vary from company to company, but in almost all cases he/she:
presides at all meetings of the board and the shareholders, ensuring that all issues on the agenda are efficiently attended to and that each director contributes to their full potential.
establishes, in consultation with the CEO, an agenda for each meeting of the board.
leads a critical evaluation of the board as well as of management, its practices and its adherence to the board-approved strategic plan and its objectives.
facilitates an open flow of information between management and the Board.
The non-executive chairman / lead director role is a delicate role requiring a respected executive with broad business acumen, who is a strong communicator with evident interpersonal skills, and someone who has refined leadership ability (capable of focusing the board and building consensus). This role is not for someone who has an ambition to run the company. Non-executive chairman / lead directors should be complementary and compatible with the CEO (not seen as a rival); if their chemistry is poor, the function of the board suffers and ultimately, so does the company. Optimal candidates are capable of facilitating positive dialog on diverse subjects, and act as a buffer on behalf of the CEO and senior management, so that the board is not intrusive. The non-executive chairman / lead directors must have ethical standards beyond reproach, a passion for the role, and must take personal pride in the level of quality in the boardroom.
2) Audit Committee Chairman
Given the heavy responsibility and continued intense spotlight on the audit committee, this is a key role to fill for the success of the board and the company. An outstanding audit committee chair instills a greater sense of confidence in the company at the board, management, and investor levels, and likely individually impacts shareholder value. This role requires an extremely well qualified financial expert, preferably with independent director experience and the time to commit to this role. Optimal candidates would typically be retired executives who have been CEOs (with strong financial skills), public company CFOs, or broadly experienced audit partners.
3) Compensation Committee Chairman
The intense examination of executive compensation has also thrust compensation committees into the spotlight and has made its chairmanship a very important responsibility. This role requires a background with executive compensation matters and current knowledge of compensation issues and trends. Preferably, this person would also have prior public company board experience. Optimal candidates for this role would typically be a long-tenured CEO, an experienced compensation committee member, or another executive with significant executive compensation experience (e.g.: chief human resources officer).
4) Nominating / Governance Committee Chairman
Charged with leading the committee responsible for shaping the company’s corporate governance, evaluating the performance of the board and its directors, and recommending new directors for the board, the nominating/governance committee chairman is a critical role in today’s climate. Directors in this role need to have a deep knowledge of corporate governance and be committed to keeping up with its trends and best practices.
Who Should Be On Your Board
There are common components of all well-built boards, beginning with getting the leadership roles filled correctly. But who should be on your board is truly unique to each company. Through an assessment of the competencies on your current board, along with your company’s profile, viewed in comparison to the vision of your company going forward, and an appreciation of your board’s culture, a clear picture should emerge.