Audit Committees Step Up Risk Oversight

When the audit committee of a
publicly traded company sits
down to meet, what’s on the
agenda? What issues are considered
most important?

Across many industry sectors, audit
committees are placing an increasingly
important priority on risk issues, with
regulation, merger and acquisitions (M&A)
and information technology leading the
list of top concerns. Those are the findings
of an in-depth survey of audit committee
chairs and members from 176 companies
across 11 industry sectors, conducted by
Ernst & Young. Among the participants
were 18 utilities and nine oil & gas firms.

The 2006 Audit Committee Survey
involved audit committee chairs, audit
committee members and board members,
gathering information and gleaning
emerging best practices regarding their
oversight role, activities and the composition
of their committees.

The overall results indicate that audit
committees are evolving with the changing
business landscape, such as by
developing an increased awareness and
understanding of the risks facing businesses
today. Yet the survey results also
reflect a growing concern over escalating
responsibilities, the increasing need for
continuing education, and the shrinking
pool of available and qualified members
to serve in these critical corporate governance

One of the most interesting results of
Ernst & Young’s 2006 Audit Committee
Survey is the growing importance boards
are placing on proactively identifying and
managing risks related to business strategies
and objectives. That is especially true
for companies in industries such as banking,
insurance and telecommunications.
This paper will provide an overview of the
study’s findings and their implications for
the oil & gas and utility industry.

Oil & Gas and Utilities Audit Committes: Making the Risk Transition

Audit committee members for oil & gas
and utilities companies describe their current
primary responsibilities as providing
oversight for financial reporting, internal
controls and emerging risks. The focus
on emerging risks is relatively new and is
forcing these audit committees to stretch
their understanding of the business
beyond the core competencies of accounting,
capital structure, tax and credit risks.

Much like other industries, oil & gas and
utilities reported a clear understanding of
their companies’ risk profile from a strategic,
operational, financial and compliance
perspective. They also reported having
comprehensive processes and structures
in place to manage risks, but they appear
to be moving more slowly than companies
in other industry sectors when it comes
to fully transitioning audit committee
responsibilities to include oversight of
emerging risks.

For example:

  • Only 31 percent of oil & gas and utilities
    companies spend 20 percent or more
    of their meeting agendas on risk, compared
    with 46 percent of those from
    other sectors;
  • Only 37 percent of oil & gas and utilities
    companies receive quarterly risk
    updates, compared with 55 percent of
    those from other sectors; and
  • Only 36 percent of oil & gas and utilities
    companies use outside risk advisors,
    compared with 51 percent of those from
    other sectors.

Among the best practices identified by
participants in other sectors were the
establishment of a separate risk committee;
periodic meetings with regulators
to understand the breadth of emerging
issues; and monthly or quarterly reports
on risk provided by management.

Oil & gas and utilities audit committees
are less likely than other industry
sectors to have a separate subcommittee
on risk, and fewer than 10 percent have a
formal crisis plan for dealing with financial
errors, irregularities or compliance
issues. Yet they do see a need for greater
involvement in helping their companies
manage the risk landscape.

Audit Committe Opportunities

Of the companies surveyed, more than
half of their audit committee members
were between the ages of 61 and 70. This
tells us that in coming years there will
probably be substantial turnover among
audit committee members across many
sectors, representing both a challenge
and an opportunity.

The challenge is for organizations to
find and attract talented, experienced and
diversified directors who fully understand
the complexity and rapid pace of change
that is common in business today.

The opportunity for audit committees is
to expand the knowledge and skill of their
boards with men and women who have
strong backgrounds in managing risk and
deep experience in finance, accounting,
legal and regulatory affairs, with a more
complete understanding of topics such as
information technology.

In fact, corporate boards across all
industry sectors may be well=served to
re-evaluate their recruiting practices
and seek out audit committee members
under the age of 50 who can bring a more
diverse range of thought and experience
to their roles. The growing awareness of
the need for more hands-on risk management
guidance also means that audit
committees must include members who
take a more holistic view of today’s business

Narrowing the Focus: The Utility Sector

When comparing responses from the utility
sector alone with the 10 other industry
groups in the survey, we found that utility
audit committees often have a more
narrowly defined scope for risk oversight
– with a primary focus on accounting
and capital structure risks – than do
other industry sectors, which also focus
on tax and regulatory risk. As a general
rule, most utilities also do not face the
risks associated with global expansion
that many other sectors face. This might
explain, in part, why utility audit committees
spend less time than other sectors on
risk issues.

However, despite the more narrow
focus on risk to date, survey results
indicate that this attitude is changing.
Respondents cited the utility sector’s top
risk concerns as:

  • Regulatory issues;
  • Major initiatives;
  • People/human resources;
  • M&A; and
  • Market dynamics.

It is worth noting that utility company
respondents mentioned regulatory issues
as the top risk concern. This is likely
explained because the industry is facing
an expanding compliance and regulatory
risk universe as a result of Sarbanes-
Oxley 404, the FERC’s additional enforcement
powers under the Energy Policy
Act, and new Clean Air Act rules, which
are layered on top of ongoing requirements
related to rate making, reliability,
market practices and operational performance.

The utility sector’s focus on major
initiatives and people as the second and
third priority concerns is likely the result
of continued M&A and consolidation activity
on both the wholesale and retail sides
of the industry, as well as issues related to
an aging workforce and the challenge of
replacing retiring workers.

Shift in Risk Focus

Many utilities, their boards of directors
and their audit committees are only now
adjusting to the growing regulatory compliance
requirements – and recognizing
the time, resources and business implications
involved. Yet our survey shows
there are still others that have not yet
come to terms with the shifting tide of
risk oversight.

The companies that are behind the
curve are likely to be more vulnerable
to “risk surprises,” which are exactly
what good risk oversight practices are
intended to prevent. In all fairness, during
the past two years, utility respondents
indicated that they were not caught by
any unexpected risk developments, so the
processes in place to identify and manage
risk may be working well. Let’s hope so.
But with changes in the regulatory risk
landscape, it is not wise to rest on laurels.
All indications are that utility audit committees
will place more focus on regulatory
compliance risk in the years to come.

To support this expanded focus, utility
company audit committees will need to
request more information than they currently
get from management, and more
support from outside sources may be necessary
to identify potential shifts in state
and federal regulatory environments.

To their credit, more than 80 percent
of utility audit committees have a formal
orientation program and nearly half have
a formal continuing education program
that most respondents regard as effective.
They did acknowledge, however,
that greater education is needed for
audit committees in the areas of accounting
and financial reporting risk on one
hand and regulatory compliance risks
on the other. This interest in education
around regulatory risk is consistent
with the previously mentioned trends
emerging around the focus on regulatory

Industry Insights: The Oil & Gas Sector

Perhaps given the market fundamentals
facing oil & gas companies today – volatile
commodity prices, shifting geopolitical
environments, calls for new energy-related
mandates and a shrinking pool of qualified
employees – it is not surprising that oil &
gas audit committees identified people/
human resource issues and market dynamics
as two of the top five most important
risk factors their organizations face.

Top risk concerns among oil & gas
industry respondents were:

  • Legal issues;
  • Regulatory issues;
  • Hazards (environmental and safety);
  • Reputation; and
  • People/human resource issues.

The survey also found that, in general, oil
& gas company audit committees devote
more of their regular meeting agenda
to risk-related issues than utilities do.
To their credit, a majority of that time is
invested in actively discussing risk issues
and sharing viewpoints rather than listening
to presentations, which tend to dominate
many audit committee meetings in
other sectors.

Virtually all of the nine oil & gas participants
reported that they had a clear
understanding of their company’s risk
profile from a strategic, operational,
financial and compliance perspective.
And 75 percent indicated that they had
a comprehensive process and structure
in place to identify and manage risks
related to business goals and objectives.
Yet in contrast to the utility sector, 25
percent also acknowledged that their
audit committees had experienced significant
surprises in the past 24 months
with respect to new risk developments in
areas that were not addressed by existing

One area deserving attention for oil &
gas audit committees is that of continuing
education. While two-thirds have a formal
orientation program, only 11 percent have
a formal continuing education program.
Similar to utility respondents, oil & gas
audit committee members specifically
pointed to accounting and reporting financial
risk and regulatory compliance risk as
the top two areas where greater education
is needed.

Other Key Oil & Gas Findings

With regard to industry risk, most survey
respondents said they were planning for a
decrease in oil & gas prices within the next
12 months.

Nearly 60 percent said they had not
revised their company’s process for estimating
oil & gas reserves, and 71 percent
said there was no need to revise existing
SEC rules governing reserves. And while
the primary motivation cited for seeking
M&A partners was to add to their
reserve base, there was no similar focus
on building relationships with national oil
companies to improve access or develop

Future Challenges

New regulatory requirements and legislation,
particularly the highly demanding
Sarbanes-Oxley Act, and heightened
expectations among stockholders and
other investors are just some of the
myriad of issues weighing on the minds of
top-level management guiding today’s oil
& gas and utilities companies.

To meet these demands and stay competitive,
oil & gas and utilities companies
are working to bring more structure and
transparency to their operations and
to develop more effective methods for
identifying and controlling potential risks,
as well as preventing risk surprises. By
increasing time and activities focused on
risk, diversifying the talent on boards to
capture new areas of expertise and stepping
up continuing education, audit committees
will be better positioned to identify,
evaluate and manage risk exposure
for companies.