RISK WATCH EDITED BY JAMES ROTH AND DONALD ESPERSEN
MTaking New Connections
HE U.S. SARBANES-OXLEY ACT
of 2002 is filled with onerous
requirements, emerging interpretations, and perilous risks.
The new regulations are forcing organizations to take a closer look at
board and audit committee governance
roles and responsibilities. As part of that
scrutiny, compensation committees are
undergoing change, as they play a vital
role and have daunting responsibilities in
the governance process.
Until now, many internal audit groups
have lacked a good reason to connect with
their compensation committees. Sarbanes-Oxley requirements and increasing governance risks have created an opportunity
for internal auditors to offer their services
to these groups.
a unique set of risks
for internal auditors
ROLES AND RESPONSIBILITIES
Most publicly traded companies have a
compensation committee, and the board
of directors often delegates many of its
human resources responsibilities to this
group. Common activities of the compensation committee include developing and communicating the organization’s
compensation philosophy, approving
compensation plans, reviewing the objectives and evaluating the performance of
the chief executive officer, reviewing and
approving incentive compensation actions,
and preparing reports in proxy statements.
Like all board members, these directors
have a fiduciary responsibility to the company’s shareholders.
Similar to the audit committee’s reliance
on internal auditing, the compensation
committee relies heavily on the human
resources function to assist them in carrying out their key governance responsibilities. Compensation and audit committees
also share many of the same soft controls,
including active members, member exper-
tise and ongoing education, annual agendas and calendars, open discussions, and
the quality of the internal liaison.
By asking compensation committee
members the following questions, internal
auditors can gauge their personal understanding of committee activities as well
as the organization’s level of “control risk.”
How aware are committee members of their
fiduciary responsibilities, and can they
demonstrate that they are “walking the
talk?” Although the answer to the first
part of the question is probably “acutely
aware,” committee members may not be
able to produce the evidence needed to
demonstrate that they are carrying out
How well are the compensation and audit
committees coordinating activities? These
activities may include compensation
philosophy, financial reporting risks,
and employee opinion survey results
regarding integrity and ethics.
How comfortable is the overall committee with its ability to effectively carry out
the responsibilities in its charter? The
charter covers many complex activities, and the committee may need
additional expertise or resources to
carry out its role.
How effective are the compensation committee’s soft controls, such as open discussions, good questions, and productive
These questions deal with several sensitive areas and issues. When connecting
with this — and any — client the discussions should be tactful and constructive.
RISKS FACING THE COMMITTEE
Compensation committees may be navigating through the “perfect storm.” They
play a very visible role in Sarbanes-Oxley,
and many organizations are cutting back
on pension/benefits programs. Thus,
INTERNAL AUDITOR FEBRUARY 2004