Audit Committee Requirements: Ensuring Compliance for Listed Companies in Pakistan

Why Audit Committees Matter: A Foundation for Trust and Transparency

The integrity of financial reporting and internal controls is vital for investor confidence and market stability. An independent and robust Audit Committee plays a pivotal role in overseeing these functions, acting as a crucial link between the Board of Directors, management, internal auditors, and external auditors. In Pakistan, the Companies Act, 2017, and associated SROs lay down specific requirements for the composition and responsibilities of these committees, particularly for listed companies. Non-compliance can lead to significant penalties, reputational damage, and eroded investor trust. Understanding and implementing these requirements is therefore essential for every listed entity.

Regulatory Framework Governing Audit Committees in Pakistan

The primary regulatory framework for Audit Committees in Pakistan stems from:

• The Companies Act, 2017 (specifically Section 178)
• The S.R.O. 631(I)/2019: Securities and Exchange Commission (Code of Corporate Governance) Regulations, 2019
• Stock Exchange Listing Regulations

These regulations collectively define the mandate, composition, and duties of the Audit Committee, ensuring a standardized approach to corporate oversight.

Mandatory Requirements for Audit Committees (Listed Companies)

1. Composition of the Audit Committee

The Code of Corporate Governance Regulations, 2019, sets stringent requirements for the Audit Committee's composition:

• Minimum Number of Members: At least three members.
• Majority Independent Directors: At least two members must be non-executive directors who are independent.
• Financial Expertise: At least one member must possess the necessary financial acumen. This can be demonstrated through professional qualifications (e.g., Chartered Accountant, Cost and Management Accountant) or relevant experience in finance, accounting, or auditing.
• Chairperson: The Chairperson must be a non-executive director and an independent director.
• Ineligibility: A person who is a full-time employee of the company or its associated undertaking, or who has been such an employee within the last three years, cannot be a member of the Audit Committee.

Pro Tip: Appointing individuals with diverse yet relevant expertise ensures the committee can effectively scrutinize financial information and internal controls.

2. Terms of Reference (TORs)

While the regulations outline general responsibilities, companies must formally adopt specific Terms of Reference for their Audit Committee. These TORs should be comprehensive and cover at least the following areas:

• Financial Reporting: Overseeing the integrity of the company's financial statements and disclosures, including interim and annual reports, before submission to the board.
• Internal Controls: Reviewing the adequacy and effectiveness of the company's internal control system.
• Risk Management: Overseeing the company's risk management framework and processes.
• Internal Audit Function: Reviewing the scope and quality of the internal audit work, the appointment and removal of the Chief Internal Auditor, and ensuring the function is adequately resourced and independent.
• External Audit: Appointing, compensating, and overseeing the work of the external auditor. This includes reviewing the external auditor's audit plan, findings, and the independence of the auditor.
• Compliance: Ensuring the company complies with applicable laws, regulations, and the company's code of conduct.
• Whistle-Blowing Policy: Establishing and overseeing a mechanism for employees to report concerns regarding accounting, internal controls, or auditing matters.

The TORs must be approved by the Board of Directors and reviewed periodically.

3. Meetings and Quorum

The Audit Committee must hold at least one meeting per quarter, or more frequently as required. A quorum for meetings is typically two-thirds of the committee members, with at least one independent director present.

4. Reporting and Communication

The Audit Committee is required to report its findings and recommendations to the Board of Directors regularly. Minutes of all meetings must be maintained and circulated. The committee must also establish a direct line of communication with the external auditors and the Chief Internal Auditor.

5. Independence and Authority

The Audit Committee must have the authority to investigate any matter within its terms of reference and to seek external legal or other professional advice at the company's expense.

Key Responsibilities in Detail

a) Oversight of Financial Reporting

This is perhaps the most crucial function. The Audit Committee must:

• Review the annual audited financial statements and interim financial statements before their approval by the Board.
• Discuss significant accounting policies, judgments, and estimates with management and the external auditors.
• Review management's discussion and analysis (MD&A) and other financial disclosures.
• Ensure compliance with accounting standards applicable in Pakistan.

b) Internal Controls and Risk Management

The committee's role here is to ensure that robust systems are in place:

• Review the effectiveness of the company's internal control system, including IT controls.
• Assess the company's process for identifying and managing significant risks.
• Review reports from internal and external auditors on control weaknesses and management's plans to address them.

c) Internal Audit Function

The Audit Committee acts as the primary liaison with the internal audit department:

• Approve the internal audit plan.
• Review the adequacy of resources and qualifications of the internal audit team.
• Discuss significant findings and recommendations from internal audits.
• Ensure the internal audit function reports directly to the Audit Committee.

d) External Audit

The committee ensures the integrity and effectiveness of the external audit:

• Recommend the appointment, re-appointment, or removal of the external auditor to the Board and shareholders.
• Review the scope and approach of the external audit.
• Discuss the audit findings, significant accounting issues, and the auditor's independence with the external auditor.
• Approve the audit fee.

Example: A listed manufacturing company might discover during its audit that its inventory valuation methods are not fully compliant with IFRS. The Audit Committee would be responsible for discussing this with management and the auditors, ensuring a clear plan for correction, and reporting to the board. Failure to do so could result in misstated financial statements.

Common Pitfalls and How to Avoid Them

• Lack of Independence: Appointing directors with significant business dealings with the company, or who are former employees, can compromise independence. Solution: Strict adherence to the definition of independent director as per SECP regulations.
• Insufficient Financial Acumen: A committee member lacking financial literacy can hinder effective oversight. Solution: Ensure at least one member has demonstrable financial expertise as defined by regulations.
• Passive Oversight: Simply approving reports without critical questioning. Solution: Encourage active engagement, ask probing questions, and review supporting documentation.
• Poorly Defined TORs: Vague or incomplete Terms of Reference can lead to confusion about the committee's scope. Solution: Develop comprehensive TORs, get board approval, and review them annually.
• Inadequate Communication: Lack of regular and open communication between the Audit Committee, management, and auditors. Solution: Schedule regular meetings and establish clear communication channels.

Implications of Non-Compliance

Failure to comply with Audit Committee requirements can have severe consequences for listed companies in Pakistan:

• Penalties: The SECP can impose fines on the company and its directors. Under Section 262 of the Companies Act, 2017, contravention can lead to penalties which may be substantial.
• Reputational Damage: Non-compliance signals weak governance, deterring investors and stakeholders.
• Legal Challenges: Increased risk of shareholder lawsuits and regulatory investigations.
• Stock Exchange Actions: Potential for delisting or other sanctions by the Pakistan Stock Exchange (PSX).

Before: A company with an Audit Committee lacking an independent chairperson and a financially qualified member might approve flawed financial statements due to inadequate scrutiny.

After Compliance: With an independent chairperson and a financially savvy member, the Audit Committee can effectively challenge management assumptions, ensuring financial statements are robust and reliable, thereby enhancing investor confidence.

Getting Started or Reviewing Your Current Setup

For companies needing to establish or enhance their Audit Committee framework:

1. Review Current Board Composition: Identify potential candidates for the Audit Committee based on the regulatory criteria (independence, financial expertise).
2. Draft/Update Terms of Reference: Develop a comprehensive document aligning with SECP regulations and the company's specific needs.
3. Board Approval: Present the proposed committee composition and TORs to the Board for approval.
4. Regular Meetings: Schedule and conduct meetings diligently, ensuring proper documentation.
5. Continuous Training: Provide ongoing training to committee members to keep them abreast of regulatory changes and best practices.

Navigating these requirements can be complex. We offer comprehensive corporate governance and compliance services to assist your business. Connect with us for expert guidance.

Key Takeaways

• Audit Committees are mandatory for listed companies in Pakistan, comprising at least three members, with a majority of independent directors and at least one financially qualified member.
• The Chairperson must be an independent, non-executive director.
• Key responsibilities include overseeing financial reporting, internal controls, risk management, internal audit, and external audit.
• Strict adherence to SECP regulations (S.R.O. 631(I)/2019) is crucial to avoid penalties and maintain corporate integrity.

Frequently Asked Questions (FAQs)

Q1: Can a CEO or CFO be a member of the Audit Committee?

No, neither the CEO nor the CFO can be members of the Audit Committee, as they are considered executive management. The committee requires independent oversight.

Q2: What constitutes 'financial acumen' for an Audit Committee member?

'Financial acumen' typically means having professional qualifications in accounting or finance (e.g., CA, ACCA, CMA) or significant experience in financial management, auditing, or financial analysis at a senior level. The board makes the determination based on the individual's background.

Q3: How often should the Audit Committee meet?

The Audit Committee must meet at least once every quarter. However, they should convene more frequently if the scope of their work or specific issues necessitate it.