New Corporate Governance Listing Standards

(1)

New Corporate Governance

Listing Standards

Audit Committee Handbook

(2)

This booklet contains general information only and does not constitute, and should not be regarded as, legal or similar professional advice or service. This booklet is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect you or your business. Any such decision or action should be taken only on the advice of a qualified professional advisor.

This booklet was prepared based on information available as of March 1, 2004 and is subject to change as interpretive guidance is issued by the Securities and Exchange Commission, the New York Stock Exchange, or NASDAQ. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future.

Neither Deloitte & Touche LLP, Deloitte Touche Tohmatsu, nor any of their affiliates or related entities shall have any liability or responsibility to any person or entity with respect to the use of or reliance on this booklet. All companies should consult with legal counsel regarding the adoption and applicability of the various requirements presented.

(3)

Introduction

During the past two years, U.S. corporations and the

invest-ing public have witnessed unprecedented developments in

corporate governance. The congressional proceedings that

gave rise to the Sarbanes-Oxley Act of 2002 and the ensuing

implementation of that legislation brought many reforms to

the financial reporting system.

Although these reforms were significant, they were

only one component of a broader effort to restore

public confidence in the capital markets.

In a February 2002 speech, Harvey Pitt, then

chair-man of the Securities and Exchange Commission

(SEC), called for national self-regulatory

organiza-tions (SROs), such as the New York Stock Exchange

(NYSE) and NASDAQ, to critically review their

list-ing standards and propose modifications to

enhance the corporate governance of listed

com-panies. In August 2002, the NYSE submitted its

“Corporate Governance Rule Proposals” to the SEC.

NASDAQ presented its “Corporate Governance

Proposals” for consideration by the SEC in a series

of submissions in the fall of 2002. After reviewing

public comments and various amendments

submit-ted by the SROs, the SEC approved the new

corpo-rate governance listing standards on November 4,

2003.

The new standards of the NYSE and NASDAQ

include a range of requirements affecting boards

of directors, certain board committees, and

man-agement. For instance, both sets of standards:

n

Require that a majority of the board be

com-posed of independent directors

n

Strengthen the criteria for an independent

direc-tor determination

●1

(4)

n

Place responsibility for director nominations and

executive compensation in the hands of the

inde-pendent directors

n

Require separate meetings for non-management

or independent board members

n

Require a code of business conduct/ethics for all

directors, officers, and employees.

Among other provisions, the new NYSE standards

require companies to establish and disclose

corpo-rate governance guidelines that address specified

criteria, and the new NASDAQ standards require

companies to make a public announcement if they

receive an audit opinion with a going-concern

emphasis.

In addition to the various general governance

prac-tices covered, the new listing standards modify a

number of audit committee requirements,

includ-ing composition criteria and responsibilities. This

handbook was developed by Deloitte & Touche LLP

(Deloitte & Touche) to assist audit committee

mem-bers in understanding the new requirements that

will affect them and their companies.

Because the new audit committee listing standards

were well publicized in their proposed form and

some time has passed since the SEC’s final

approval, most companies have already begun

implementation. This handbook outlines

imple-mentation steps for consideration based on

com-mon practices we have observed and contains

ref-erences to a variety of resources that may help

companies comply with the standards.

This handbook is provided for informational

pur-poses only. It does not constitute, and should not

be regarded as, legal advice. Companies should

consult with legal counsel regarding the

applicabil-ity and implementation of the new listing

stan-dards. The actions we have set forth for

considera-tion reflect what we believe are accepted practices

that will continue to evolve, and do not represent

conclusions on what steps should be taken by

com-panies, their boards, or others. References to other

resources should not be construed as endorsements

of those resources.

Unless otherwise noted, this handbook focuses on

the requirements of general SEC filers.

Requirements may differ for investment

compa-nies, voluntary filers, and foreign filers.

(5)

Structure of the Handbook

This handbook is formatted to provide easy access to

infor-mation on a particular audit committee requirement. Section

Three discusses deadlines for compliance.

Section Four provides an overview of the SROs’

audit committee composition criteria, and Section

Five focuses on the responsibilities assigned to the

audit committee by the new listing standards of

the SROs. Section Six includes other general

consid-erations.

Many of the resources and tools discussed

through-out the handbook are available on Audit

Committee Online, a Deloitte & Touche Web site

tailored to the needs of audit committee members.

If you are not a registered user of Audit Committee

Online and would like access to the site, go to

www.auditcommittee.com.

When prompted for your

user name, type your full e-mail address. Your

ini-tial password, which is case-sensitive, will be

“acon-line.” You will then be prompted to complete a

brief form and change your password. If you have

difficulty accessing the site, please contact your

Deloitte & Touche partner or send an e-mail to

corpgovernance@deloitte.com.

Footnotes showing the Web site menu path will

assist you in locating materials on Audit Committee

Online. The menu paths provided are as of March

1, 2004; if you have trouble locating an item,

please send an e-mail to

corpgovernance @deloitte.com

.

Two of Deloitte’s most frequently used audit

commit-tee tools are included as appendices. Appendix A is a

checklist highlighting the incremental audit

com-mittee requirements imposed by the new NYSE and

NASDAQ listing standards and by the

Sarbanes-Oxley Act. For information concerning ongoing

audit committee compliance requirements that

pre-date adoption of the new listing standards please

refer to Audit Committee Online. Appendix B is a

sample audit committee charter which incorporates

the new audit committee requirements of the

Sarbanes-Oxley Act and the new corporate

gover-nance listing standards. These resources can be

used to assist companies in determining remaining

actions that may be necessary or appropriate in

satisfying the new requirements.

●3

(6)

Timeframe and Applicability

of Compliance with New Audit

Committee Listing Standards

In general, listed companies must comply with the new

audit committee requirements and the other corporate

governance requirements by the first annual shareholders’

meeting occurring after January 15, 2004, but no later

than October 31, 2004.

Many of the new responsibilities assigned to the

audit committee under the new NYSE listing

stan-dards require that the audit committee charter be

modified to reflect the responsibilities by the date of

the 2004 annual shareholders’ meeting, but not later

than October 31, 2004, as opposed to requiring

exe-cution of the responsibilities by such date. The

NAS-DAQ standard requiring public announcement of a

“going concern” qualification became effective

November 4, 2003, and the NASDAQ rule requiring

audit committee review and approval of

related-party transactions became effective January 15, 2004.

Section Three

The new standards also provide transition periods

for companies listing in conjunction with an initial

public offering, companies in bankruptcy, and

com-panies listing upon transfer from another market.

(7)

New Audit Committee

Composition Listing Standards

Before the Sarbanes-Oxley Act was enacted, both SROs had

requirements for audit committee composition based on

rec-ommendations contained in the 1999 report of the Blue

Ribbon Committee on Improving the Effectiveness of

Corporate Audit Committees.

The NYSE’s pre-existing standards require audit

committees to be composed of at least three

mem-bers, all of whom are independent. Each member

must be “financially literate,” as interpreted by the

business judgment of the company’s board, or must

become financially literate within a reasonable

period after appointment to the committee. At

least one member must have “accounting or

relat-ed financial management expertise,” again as

interpreted by the board.

NASDAQ’s pre-existing standards also require audit

committees to be composed of at least three

mem-bers, all of whom are independent. Rather than

adopting the NYSE’s “financially literate” standard,

NASDAQ employed its own standard, which

requires that each member be able to read and

understand financial statements upon appointment

to the audit committee or within a reasonable

period after appointment. The pre-existing

stan-dards also require at least one member of each

NASDAQ audit committee to be “financially

sophis-ticated.” NASDAQ indicates that financial

sophisti-cation may be obtained through past employment

experience in finance or accounting, requisite

pro-fessional certification in accounting, or any other

comparable experience or background, including

current or past employment as a CEO, CFO, or

other senior officer with financial oversight

respon-sibility.

●5

(8)

The SROs are generally retaining their pre-existing

requirements in the new standards, with a number

of clarifications and modifications. Both SROs’ new

standards also incorporate the criteria for audit

committee member independence set forth in the

final rules to implement Section 301 of the

Sarbanes-Oxley Act, as embodied in Exchange Act

Rule 10A-3(b)(1).

In addition, all listed companies are required to

affirm that each audit committee member is

inde-pendent under its SRO’s new, enhanced definition

applicable to all directors generally. In general, this

requires a finding that a director does not have

any direct or indirect material relationship with the

company or any relationship covered by any series

of “bright line” tests contained in the SRO’s

defini-tion of independence. The “bright line” tests bar a

finding of independence when a director or a

director’s family member has (or had, within a

“look-back” period) specified relationships with

the listed company. These include employment by

the company, certain relationships with its auditor,

receipt of non-director compensation in excess of

the stated threshold, and other specified business

dealings and relationships.

NYSE.

The new standards clarify that the NYSE does

not require the audit committee to include a

per-son who satisfies the definition of “audit

commit-tee financial expert” as defined by the SEC’s final

rules to implement Section 407 of the

Sarbanes-Oxley Act (Item 401(h) of Regulation S-K).

However, a person designated by the board to be

an audit committee financial expert is presumed to

possess the accounting or related financial

man-agement expertise required by the NYSE’s

pre-existing standards. Companies that do not have an

audit committee financial expert serving on their

audit committee must disclose why.

As provided for in Exchange Act Rule 10A-3(a)(3),

the NYSE permits listed companies time to cure a

deficiency in their audit committee composition. If

an audit committee member is no longer

inde-pendent for reasons outside the member’s

reason-able control, he or she may remain on the

commit-tee until the earlier of the next annual

sharehold-ers’ meeting or one year from the occurrence of

the event that caused the member to cease to be

independent. A company using this cure period is

required to notify the NYSE.

The new NYSE listing standards also indicate that if

an audit committee member simultaneously serves

on the audit committees of more than three public

companies and the listed company does not limit

the number of audit committees on which its

mem-bers serve, the board is required to determine

whether such simultaneous service impairs the

member’s ability to serve on its audit committee

effectively. This determination must be disclosed.

NASDAQ.

The new NASDAQ standards eliminate the

grace period under its pre-existing standards,

which allowed audit committee members to learn

to read and understand financial statements

“with-in a reasonable period of time” after appo“with-intment.

Under the new standards, audit committee

mem-bers must be able read and understand financial

statements at the time they are appointed.

(9)

Actions to Consider.

All direct and indirect

rela-tionships that a company may have with any audit

committee member, or with any member of the

committee member’s family, should be reviewed to

ensure that all committee members meet the

appropriate criteria for service, under both the

Sarbanes-Oxley Act independence requirements

and the applicable SRO’s director independence

standards. Accordingly, a number of companies

have circulated new questionnaires to all their

audit committee members to assess their

independ-ence under the new criteria. Because changes in

facts, circumstances, and business relationships may

alter the independent status of an audit committee

member, consideration should be given to

monitor-ing ongomonitor-ing independence.

Although the SROs have clarified that an audit

committee financial expert is not required by the

new listing standards, the vast majority of

compa-nies have at least one such member. A November

2003 survey of 90 of Deloitte & Touche’s largest

public audit clients indicated that, of the

compa-nies whose boards had completed the

determina-tion process, all had determined that at least one

member met the definition of an audit committee

financial expert. Emerging practice and

bench-marking information on this topic is available in

the

Audit Committee Financial Expert Designation

and Disclosure Practices Survey

, which is available

through your Deloitte & Touche partner or on

Audit Committee Online.

1

Unlike the NYSE, which requires all audit

commit-tee members to satisfy all applicable independence

standards, the new NASDAQ listing standards allow

one non-independent director to serve on the

audit committee, in “exceptional and limited”

cir-cumstances, provided that:

n

The director complies with the independence

requirements of Section 10A(m)(3) of the

Exchange Act

n

The director’s service in such capacity is deemed

necessary by the board to serve the best interests

of the company and its shareholders, and

n

The director is not a current officer or employee

of the company or a family member of any such

person.

Service in this capacity is limited to two years, and

the member may not serve as audit committee

chair. If a company chooses to take advantage of

this accommodation, it must disclose the nature of

the relationship and the board’s reasons for its

determination.

NASDAQ recognizes two situations in which a

list-ed company has time to cure a deficiency in its

audit committee’s composition. First, if an audit

committee member is no longer independent due

to reasons outside his or her reasonable control,

the member can remain on the committee until

the earlier of the next annual shareholders’

meet-ing or one year from the occurrence of the event

that caused the member to cease to be

independ-ent. Second, if the company does not comply with

the requirements due to a vacancy on the

commit-tee and the first cure period is not being used, the

company has the same period in which to cure the

deficiency. A company opting for either of these

cure periods is required to contact NASDAQ

imme-diately after becoming aware of the event or

cir-cumstance giving rise to the compliance failure.

●7

1_{Audit Committee Online menu path: 1) select “Audit Committee Roles and Responsibilities” from the home page, 2) select “Financial Literacy,”}

(10)

New Audit Committee

Responsibility Listing Standards

This section summarizes the audit committee responsibilities

set forth in the new NYSE and NASDAQ corporate

governance listing standards.

The following tables for each responsibility

includ-ed in the new listing standards contain:

n

The requirement, outlined at the top of the table

n

Which SRO includes the requirement in its new

standards

n

A discussion of the requirement

n

Actions for consideration

n

Resources that can help companies address the

new requirement.

Section Five

(11)

NYSE and NASDAQ

●9

APPLICABLE SRO:

AUDIT COMMITTEE REQUIREMENT: RESOURCES AND TOOLS:

Execute the responsibilities assigned to the audit committee by the final rules to implement Section 301 of the Sarbanes-Oxley Act

DISCUSSION OF THE REQUIREMENT:

As directed by the SEC in its final rules to implement Section 301 of the Sarbanes-Oxley Act, the SROs incorporated both the audit committee member independence criteria discussed in Section Four and the responsibilities set forth in those rules. Exchange Act Rule 10A-3(b)(2), (3), (4), and (5) requires the audit committee to:

■_{Appoint, compensate, retain, and oversee the work of the independent auditor}

■_{Have authority to engage outside advisors}

■_{Have authority to compensate outside advisors and the independent auditor}

■_{Establish and maintain procedures for:}

• The receipt, retention, and treatment of complaints regarding accounting, internal accounting controls, or auditing matters

• The confidential, anonymous submission by company employees of concerns regarding questionable accounting or auditing matters.

ACTIONS TO CONSIDER:

Because the final rules to implement Section 301 of the Sarbanes-Oxley Act essentially mirror the act itself and it has been more than a year since the legislation became law, most companies are well down the path of implementing these requirements; however, steps for consideration in implementation can be found in Deloitte & Touche’s Audit Committee Resource Guide, which can be obtained through your Deloitte & Touche partner or on Audit Committee Online.2

2_{Audit Committee Online menu path: 1) select “Audit Committee Roles and Responsibilities” from the home page, 2) select “Audit Committee Processes and}

Procedures”

3_{Audit Committee Online menu path: 1) select “Risk and Controls” from the home page, 2) select “Risk Oversight,” 3) select “Deloitte Perspectives”}

The Audit Committee Resource Guide2

suggests several tools and resources to assist in implementing the Section 301 requirements. Other items to consider include:

■_{“Engaging Independent Counsel,”}

from theAICPA Audit Committee Toolkit, assists audit committees in understanding the process of engag-ing counsel and other advisors. This publication is available free of charge at http://www.aicpa.org/Audcommctr/ toolkits/homepage.htm.

■Deloitte & Touche’s Questions that

Boards Should be Asking Regarding Ethics and Compliance Programsis available through your Deloitte & Touche partner or on Audit Committee Online.3

■The “Risks and Controls” and

(12)

APPLICABLE SRO: AUDIT COMMITTEE REQUIREMENT:

Maintain a formal written charter addressing prescribed items NYSE

Pre-existing NYSE standards, which arose in response to the report of the Blue Ribbon Committee, require audit committees to have a formal written charter that addresses certain items and is reviewed at least annually. The new NYSE standards require a number of new provisions to be included in the charter. Specifically, it must address the following:

■_{The committee’s purpose, which, at a minimum, must be to assist the board in its oversight of:}

• The integrity of the company’s financial statements

• The company’s compliance with legal and regulatory requirements

• The independent auditor’s qualifications and independence

• The performance of the company’s internal audit function and the independent auditor

■Its responsibility to prepare an audit committee report, as required by the SEC, for inclusion in the proxy statement

■_{An annual evaluation of the audit committee’s performance}

■The duties and responsibilities of the committee, which, at a minimum, include those established by the final rules to implement

Section 301 of the Sarbanes-Oxley Act, as well as the additional responsibilities discussed in the remainder of this section.

The charter must be posted to the company’s public Web site.

Many companies have been viewing their audit committee charters, modified for the requirements of the Sarbanes-Oxley Act, as working drafts pending SEC approval of the SRO corporate governance listing standards; these working drafts should now be finalized if companies have not already done so. The audit committee, legal counsel, and management should review the audit committee charter and make any necessary modifications by the date of the company’s 2004 annual shareholder’s meeting, but not later than October 31, 2004. Most companies will want to have the audit committee charter, revised to reflect the require-ments of the new listing standards, in place in time to describe it in the proxy statement.

The new standards do not specifically mandate the form or nature of the annual audit committee performance evaluation. Assessments could be structured in a number of ways, including an evaluation of the audit committee by the entire board, by a third party, and/or by the committee itself. In addition, some companies are conducting individual assessments of each audit com-mittee member. It is up to the audit comcom-mittee and the board, in consultation with legal counsel, to determine how the assess-ment should be structured, how formal and detailed it should be, and how it should be docuassess-mented.

■The AICPA Audit Committee Toolkit, which is available free of charge at

http://www.aicpa.org/Audcommctr/ toolkits/homepage.htm, includes a matrix to assist in preparing the audit committee charter. It also includes an audit committee self-evaluation tool.

■_{Deloitte & Touche created a sample}

charter (presented in Appendix B) which incorporates the requirements of the new corporate governance listing standards and the Sarbanes-Oxley Act.

■_{Various audit committee}

perform-ance assessment tools, including tools focused on financial literacy evaluation, are available on Audit Committee Online.4

4Audit Committee Online menu path: 1) select “Audit Committee Roles and Responsibilities” from the home page, 2) select “Financial Literacy,” 3) select “Deloitte Perspectives”

(13)

Maintain a formal written charter addressing prescribed items NASDAQ

Pre-existing NASDAQ standards, which arose in response to the report of the Blue Ribbon Committee, require audit committees to have a formal written charter that addresses certain items and is reviewed at least annually. The new NASDAQ standards require that a number of provisions be included in the audit committee charter. Specifically, the charter must address the following:

■_{The committee’s purpose of overseeing the accounting and financial reporting processes of the company and the audits of its}

financial statements

■_{The scope of the audit committee’s responsibilities and how it carries out those responsibilities, including structure, processes,}

and membership requirements

■_{The audit committee’s responsibility for:}

• Ensuring its receipt from the outside auditor of a formal written statement delineating all relationships between the auditor and the company, consistent with Independence Standards Board Standard No. 1

• Actively engaging in a dialogue with the auditor with respect to any disclosed relationships or services that may affect the objectivity and independence of the auditor

• Taking, or recommending that the full board take, appropriate action to oversee the independence of the outside auditor

■_{The responsibilities outlined by the final rules to implement Section 301 of the Sarbanes-Oxley Act, as discussed previously in this}

section.

Many companies have been viewing their audit committee charters, modified for the requirements of the Sarbanes-Oxley Act, as working drafts pending SEC approval of the SRO corporate governance listing standards; these working drafts should now be finalized if companies have not already done so. The audit committee, legal counsel, and management should review the audit committee charter and make any necessary modifications by the date of the company’s 2004 annual shareholder’s meeting, but not later than October 31, 2004. Most companies will want to have the audit committee charter, revised to reflect the require-ments of the new listing standards, in place in time to describe it in the proxy statement.

●11

■TheAICPA Audit Committee Toolkit, which is available free of charge at

http://www.aicpa.org/Audcommctr/ toolkits/homepage.htm, includes a matrix to assist in preparing the audit committee charter.

■Deloitte & Touche created a sample

charter (presented in Appendix B) which incorporates the requirements of the new corporate governance listing standards and the Sarbanes-Oxley Act.

(14)

The audit committee charter must address the committee’s responsibility to obtain and review a report from the independent auditor describing certain items related to quality, quality control, and independence

NYSE

At least annually, the audit committee must obtain and review a report by the independent auditor describing:

■The firm’s internal quality-control procedures

■_{Any material issues raised by the most recent internal quality-control review, peer review, or any inquiry or investigation}

con-ducted by governmental or professional authorities during the preceding five years with respect to independent audits carried out by the firm, as well as steps taken to deal with any such issues

■All relationships between the independent auditor and the company

This report will help the audit committee evaluate the auditor’s qualifications, performance, and independence. The evaluation should consider the qualifications of the lead partner, as well as the opinions of management and the company’s internal auditor. The report should also be used in ensuring the regular rotation of the lead audit partner and in considering rotation of the audit firm itself. The committee should present its conclusions with regard to the independent auditor to the full board. The audit com-mittee charter must include a provision addressing these requirements.

In the current environment, audit committees are performing even more thorough reviews of the audit firm’s qualifications and performance. Due diligence conducted by audit committees typically includes both formal and informal inquiries, including consid-eration of any prior evaluations of the client service team’s performance. Of course, reviews will vary by company size, complexity of operations, degree of centralization, global reach, and the expectations of audit committee members.

■_The_{AICPA Audit Committee Toolkit}_, which is available free of charge at

http://www.aicpa.org/Audcommctr/ toolkits/homepage.htm,includes a series of questions to assist in evalu-ating the independent auditor.

■_{To provide audit committees with}

the type of information of greatest interest when they are considering the appointment of the independ-ent auditor, Deloitte & Touche pub-lished IQ: Sustaining Integrity & Quality. This booklet offers an overview of our practices in areas such as technical consultation, risk management, independence, and professional development. Your Deloitte & Touche partner can pro-vide a copy, or one can be obtained on Audit Committee Online.5

■_{Deloitte & Touche also maintains}

information on common practices employed in assessing the auditor’s performance. Please contact your Deloitte & Touche partner for more information.

RESOURCES AND TOOLS:

(15)

●13

6Audit Committee Online menu path: 1) select “Financial Reporting” from the home page, 2) select “Transparency in Financial Reporting,”3) select “Deloitte Perspectives”

7Audit Committee Online menu path: 1) select “Financial Reporting” from the home page, 2) select “Off-Balance-Sheet Derivatives and Related-Party Arrangements,” 3) select “Deloitte Perspectives”

The audit committee charter must address the committee’s responsibility to discuss annual audited financial statements and quarterly financial statements with management and the independent

auditor NYSE

The audit committee must discuss the company’s annual audited financial statements and quarterly financial statements with man-agement and the independent auditor. Such discussions must also address disclosures under “Manman-agement’s Discussion and Analysis of Financial Condition and Results of Operations.” The audit committee charter must include a provision addressing these requirements.

Most audit committees are probably meeting this requirement. To the extent necessary, the audit committee calendar should be reviewed to ensure that adequate time is allocated to this responsibility.

The audit committee will want to dis-cuss certain questions regarding key balances and trends with manage-ment and the independent auditor. These questions will vary based on the company’s industry and performance, as well as the composition of the financial statements. Questions for consideration can be found in:

■_{The appendix of Deloitte & Touche’s}

booklet entitled IQ: Quality of Earnings, which is available on Audit Committee Online6_{or through your}

Deloitte & Touche partner

■The appendix of Deloitte & Touche’s

booklet entitled IQ: Quality of Financial Position—The Balance Sheet and Beyond, which is available on Audit Committee Online7_or

through your Deloitte & Touche partner.

(16)

The audit committee charter must address the committee’s responsibility to discuss the company’s earnings press releases, as well as financial information and guidance provided to analysts and rat-ings agencies

NYSE

The audit committee must discuss earnings press releases, as well as financial information and earnings guidance provided to analysts and ratings agencies. These discussions may be in general terms, and the audit committee need not discuss each earnings report or piece of earnings guidance in advance of its release. Rather, the audit committee may discuss the types of information to be disclosed and the types of presentations to be made. In its review, the audit committee should pay particular attention to the use of any “pro forma” or adjusted non-GAAP information. The audit committee charter must include a provision addressing these requirements.

The audit committee should consider what protocols it will employ in fulfilling its oversight obligations regarding earnings press releas-es, as well as financial information and earnings guidance provided to analysts and ratings agencies. For example, a number of compa-nies now make it a practice to have audit committee members review earnings press releases before they are issued. In its discussion of press releases and earnings guidance, the audit committee will want to seek confirmation that an appropriate legal review has been completed covering the accuracy and completeness of the disclosure, including any obligation to report on trends, as well as compli-ance with the company’s policies concerning the issucompli-ance of forward-looking statements and the completeness of any related dis-claimers included in the disclosure. In addition, the committee will want to be mindful of the SEC’s rules under Section 401 of the Sarbanes-Oxley Act regarding the use of non-GAAP financial measures. In this regard, the audit committee might also consider asking certain questions of management regarding the use of non-GAAP and pro forma financial measures in earnings press releases, filings with the SEC, and other public releases of information. These could include:

■_{Does management have an established policy for the determination of non-GAAP/pro forma financial measures?}

■What non-GAAP/pro forma financial measures are used?

■_{Is the non-GAAP/pro forma financial measure permitted under the applicable rules for SEC filings?}

■What is the underlying rationale and usefulness of the non-GAAP/pro forma financial measures used? Are the non-GAAP/pro forma

measures consistent with those used by peers and competitors in the industry?

■Are all non-GAAP financial measures reconciled to appropriate GAAP measures?

■_{What is the difference in earnings per share under the GAAP and non-GAAP financial measures?}

■Did the company meet analyst expectations for earnings per share using non-GAAP/pro forma financial measures, but not using

GAAP financial measures?

■Is the company in a net loss position when GAAP financial measures are used, but in a net income position when non-GAAP/pro

forma financial measures are used?

■When reconciling from non-GAAP to GAAP financial measures, are there only subtractive adjustments? Stated differently, has

man-agement only included non-GAAP adjustments that increase income? If so, are there non-GAAP adjustments that would decrease income that should have been highlighted to ensure the financial information is not misleading?

■_{Is management comfortable that no material facts have been omitted or misrepresented?}

■Are changes made to the GAAP/pro forma financial measures used from period to period? If so, do these changes enhance

non-GAAP/pro forma adjusted earnings for the current period?

With respect to earnings guidance provided to analysts and ratings agencies, some companies—including Gillette, Coca-Cola,

McDonald’s, and AT&T—have announced that they are no longer providing quarterly or annual earnings estimates. This decision must be weighed heavily and considered by management with the assistance of appropriate legal counsel. The audit committee can partici-pate in this process by conducting an independent evaluation.

■For a discussion of the SEC’s final

rules to implement the Section 401 non-GAAP financial measures provi-sions of the Sarbanes-Oxley Act, audit committees can refer to our brochure entitled Non-GAAP Financial Measures. This publication is available through your Deloitte & Touche partner or on Audit Committee Online.8

■Meeting the Street: A Discussion of

Earnings and Other Guidance Provided to Investors, a white paper published by Financial Executives International and Deloitte & Touche, provides more information on cur-rent and emerging trends in this area, the types of forward-looking information typically provided, exist-ing guidance, and insight into com-panies that no longer provide earn-ings estimates. This publication is available through your Deloitte & Touche partner or on Audit Committee Online.9

■_{The National Investor Relations}

Institute has various publications on company policies and practices con-cerning the public disclosure of finan-cial information. The materials are available at http://www.niri.org/publi-cations/bookstore/bookstore_ main.cfm.

8 Audit Committee Online menu path: 1) select “Financial Reporting” from the home page, 2) select “Transparency in Financial Reporting,” 3) select “Deloitte Perspectives”

(17)

●15

The audit committee charter must address the committee’s responsibility to discuss policies with

respect to risk assessment and risk management NYSE

■The Report of the NACD Blue

Ribbon Commission on Risk Oversight: Board Lessons for Turbulent Timesexamines how to identify material risks, how specific committees can play a role in risk oversight, and how and when to engage outside advisors. The report is available at www.nacdonline.org.

■_{Risk Infrastructure}_{, which is} avail-able on Audit Committee Online, summarizes the eight elements of risk infrastructure as outlined in the COSO framework.10

■Extended Enterprise and Risk

Management, a 2002 supplement to

Corporate Board Member magazine, features comments from corporate executives and accounting profes-sionals on the changing face of risk management. It explores the board’s role in monitoring risk and suggests best practices as companies strive to enhance their risk intelligence. The supplement is available through your Deloitte & Touche partner or on Audit Committee Online.11

The audit committee must discuss policies with respect to risk assessment and risk management. The NYSE states that it is the job of the CEO and senior management to assess and manage the company’s risk exposures; however, given the audit committee’s role in overseeing the financial reporting process, the NYSE standards require the audit committee to discuss the guidelines and policies that govern risk assessment and risk management. Accordingly, the audit committee should discuss the company’s major financial risk exposures and the steps management has taken to monitor and control such exposures. Although the NYSE notes that the audit committee is not required to be the sole body responsible for risk assessment and management, the audit commit-tee charter must include a provision addressing these requirements.

Audit committees should become familiar with major financial risk exposures, as well as the processes through which the company manages and addresses such risks, through discussions with management and others responsible for risk management. Audit com-mittee members’ knowledge of the company, the industry, the economy, and the general business environment should help in identifying potential risk areas.

The following questions may help audit committee members gain a better understanding of the risk management infrastructure:

■_{How does the company determine the extent and type of acceptable risks?}

■_{How does the company monitor management processes and systems for various types of business risk?}

■_{Does the company have early-warning indicators to identify risks?}

■_{How does management keep current with the changing strategic environment and what key business risks are appearing?}

■_{How does management ensure that key risks are mitigated properly?}

10 Audit Committee Online menu path: 1) select “Risk and Controls” from the home page, 2) select “Risk Oversight,” 3) select “Background & Current Developments”

(18)

The audit committee charter must address the committee’s responsibility to meet separately,

periodi-cally, with management, with the internal auditor, and with the independent auditor NYSE

Periodically, the audit committee must meet separately with management, the internal auditor, and the independent auditor. The audit committee charter must include a provision addressing this requirement.

Most audit committees already hold private sessions with these parties each quarter. Audit committees that have not adopted this policy may want to consider making it an objective, because quarterly private sessions can facilitate timely discussion and more timely resolution of sensitive and/or material issues that can have an adverse impact on the company. To the extent necessary, the audit committee calendar should be reviewed to ensure that adequate time is allocated to this responsibility.

■Suggested questions for

manage-ment and the internal auditor can be found in the Report of the NACD Blue Ribbon Commission on Audit Committees: A Practical Guide, which is available at www.nacdon-line.org.

■_{A document entitled “The Audit}

Committe Meeting with External Auditors,”which discusses considera-tions for private sessions with the independent auditor, is available on Audit Committee Online.12

12 Audit Committee Online menu path: 1) select “External Audit” from the home page, 2) select “The Audit Committee/Auditor Relationship,” 3) select “Resources & Best Practices”

13 Audit Committee Online menu path: 1) select “External Audit” from the home page, 2) select “The Audit Committee/Auditor Relationship,” 3) select “Deloitte Perspectives”

The audit committee charter must address the committee’s responsibility to review with the

independent auditor any audit problems or difficulties and management’s response NYSE

The audit committee must review with the independent auditor any audit problems or difficulties and management’s response. The audit committee charter must include a provision addressing these requirements. In addition to addressing significant disagreements with management and difficulties the auditor encountered in the course of the audit work, this review should include restrictions on the scope of the auditor’s work or on access to requested information. The audit committee may also want to review the following:

■Accounting adjustments, material or otherwise, that were noted or proposed by the auditor but were “passed” by management

■Communications between the audit team and the audit firm’s national office with respect to auditing or accounting issues

■“Management” or “internal control” letter issued, or proposed to be issued, by the audit firm to the company.

The audit committee should also discuss the responsibilities, budget, and staffing of the internal audit function with the independent auditor.

Because the professional standards of independent auditors and the Sarbanes-Oxley Act set forth similar requirements, audit com-mittees are already fulfilling this standard to some degree, particularly as it relates to disagreements with management, account-ing adjustments, and management or internal control letters.

■_{The AICPA Audit Committee Toolkit} includes a document addressing com-munication with the independent auditor. It is available free of charge at http://www.aicpa.org/

Audcommctr/toolkits/homepage.htm.

■_{More information on Deloitte’s}

approach to communicating with the audit committee is available in the “External Audit” section on Audit Committe Online13

(19)

●17

The audit committee charter must address the committee’s responsibility to set clear hiring policies for

employees or former employees of the independent auditor NYSE

The audit committee must set clear hiring policies for employees or former employees of the independent auditor. The audit com-mittee charter must include a provision addressing this requirement.

Pursuant to Title II of the Sarbanes-Oxley Act, the SEC has implemented new rules with respect to auditor independence. Among other things, these rules address the possibility of employees and partners of audit firms accepting certain employment positions with audit clients. The audit committee’s establishment of hiring policies is another protective measure. Such policies should com-ply with the final rules to implement Title II of the Oxley Act. In addition to considering compliance with the Sarbanes-Oxley Act requirements, there are other matters the audit committee might consider in drafting the policy. These include:

■Will the policy apply only to the positions included in the final rules to implement Title II of the Sarbanes-Oxley Act or will the

policy apply to other positions?

■Will there be a blanket ban on hiring from the independent auditor at either the corporate level or around the world?

■If hiring from the independent auditor is permissible, will approvals be required from management, the audit committee, and/

or others within the company?

■Will the policy apply equally to subsidiaries/operations in non-domestic markets?

More information regarding the Sarbanes-Oxley Title II rules related to conflicts of interest arising from an employment relationship between partners and employees of the inde-pendent auditor and their attest clients can be found on Audit Committee Online.14

14 Audit Committee Online menu path: 1) select “External Audit” from the home page, 2) select “Auditor Independence”

The audit committee charter must address the committee’s responsibility to report regularly to the

board of directors NYSE

The audit committee must report to the board of directors regularly. These reports should include discussion of any issues that arise with respect to the quality or integrity of the company’s financial statements, the company’s compliance with legal or regula-tory requirements, the performance and independence of the independent auditor, or the performance of the internal audit func-tion. The audit committee charter must include a provision addressing these requirements.

Most audit committees already have a process for reporting to the board on a regular basis. To the extent possible, the audit com-mittee might consider a report at each board meeting or distributing the minutes of the audit comcom-mittee meetings to all direc-tors. Furthermore, the audit committee and board might consider establishing a process for timely communication of any urgent or sensitive matters to the board between meetings.

(20)

The audit committee charter must address the committee’s responsibility to review certain other

mat-ters/analyses NYSE

The audit committee must review:

■_{Major issues regarding accounting principles and financial-statement presentations, including any significant changes in the}

compa-ny’s selection or application of accounting principles; major issues as to the adequacy of the compacompa-ny’s internal controls; and any special audit steps adopted in light of material control deficiencies

■_{Analyses prepared by management and/or the independent auditor setting forth significant financial reporting issues and judgments}

made in connection with the preparation of the financial statements, including analyses of the effects of alternative GAAP methods on the financial statements

■_{The effect of regulatory and accounting initiatives, as well as off-balance-sheet structures, on the financial statements.}

The audit committee charter must include a provision addressing these requirements.

The timing and specifics of these other review requirements are not detailed; however, there are certain practices the audit committee may wish to consider.

With respect to the first of these requirements, discussions with management might occur quarterly, during the review and discussion of the quarterly financial statements to be filed with the SEC. Certain discussions regarding internal controls and any special audit steps adopted to address material control deficiencies also may be required by the Sarbanes-Oxley Act’s Section 302 certification require-ments for the CEO and the CFO.

The discussions with management regarding the second requirement also might be held during the meeting to review the quarterly financial statements. The audit committee could have management identify recurring financial reporting issues, including significant accounting policies, estimates, and judgments. A standard quarterly analysis could be developed for use in the meeting. Of course, management would have to tailor the analysis to include new or unique items arising during the quarter. Because the final rules imple-menting Section 204 of the Sarbanes-Oxley Act require the independent auditor to discuss alternative effects of GAAP methods on the financial statements, the information presented by management should be corroborated by the independent auditor.

The review for the third requirement would likely occur in conjunction with any technical updates provided to the audit committee. As the audit committee is informed of pending technical and regulatory matters that could affect the company, management should dis-cuss the potential impact of such initiatives on the financial statements. The review of off-balance-sheet structures should be a periodic item on the agenda; frequency will depend on the company’s operations and inclination to use such structures. The audit committee might consider requiring a review of off-balance-sheet structures, or at least material ones, before they are executed. The questions presented later in this section, in our discussion of the NASDAQ related-party transaction requirements, may be useful in evaluating potential off-balance-sheet structures. Because the accounting, legal, and financial implications of off-balance-sheet structures can be complex, the audit committee might consider seeking advice from appropriate internal and external advisors.

■The audit committee may want to

refer to Deloitte & Touche’s Integrity & Quality series to assist in deter-mining the appropriate questions to pose regarding significant account-ing issues, estimates, judgments, and initiatives. These questions can be found in:

• The appendix of our booklet enti-tled IQ: Quality of Earnings, which is available through your Deloitte & Touche partner or on Audit Committee Online15

• The appendix of our booklet enti-tled IQ: Quality of Financial Position—The Balance Sheet and Beyond, which is also available through your Deloitte & Touche partner or on Audit Committee Online16

■The AICPA Audit Committee Toolkit includes an outline of items for con-sideration in evaluating off-balance-sheet transactions. It is available free of charge at http://www.aicpa.org/ Audcommctr/toolkits/homepage.htm.

15 Audit Committee Online menu path: 1) select “Financial Reporting” from the home page, 2) select “Transparency in Financial Reporting,” 3) select “Deloitte Perspectives”

(21)

●19

Maintain an internal audit function NYSE

The NYSE rules include the requirement that listed companies maintain an internal audit function to provide management and the audit committee with an ongoing assessment of the company’s risk management processes and system of internal control. The new standards do not specify the size or structure of the internal audit function, but do note that the function may be out-sourced to a professional service provider other than the independent auditor.

Companies without an internal audit function already in place will need to establish one. The cost and benefits of building the function internally should be weighed against the option of total or partial outsourcing. Factors to be considered in establishing an internal audit function, and in reviewing an existing one, include the caliber of resources, the scope of responsibilities, and the budget. The appropriate reporting line and policies and procedures to ensure objectivity are key in providing the right tone and framework to support an effective function. The optimal structure will vary depending on the specific circumstances of each com-pany. These considerations and others are explored in more detail in the resources and tools presented.

■_{Establishing an Internal Audit Shop}_, an article by the IIA, provides sug-gestions and resources for compa-nies that are creating an internal audit function. This article and other information on internal audit are available on Audit Committee Online.17

■_{For companies that are considering}

engaging a third party to perform some or all of the internal audit function, A Fresh Look at Cosourcing

provides a thoughtful discussion of the benefits and drawbacks, the decisionmaking process, and con-tractual considerations. This article is available on Audit Committee Online.18

■_{The IIA recently conducted a}

bench-marking study to determine com-mon practices. Highlights are avail-able on Audit Committee Online19

and the full study can be purchased at www.gain2.org.GAIN, or the Global Audit Information Network, conducts other benchmarking stud-ies on various aspects of the internal audit function

.

17 Audit Committee Online menu path: 1) select “Internal Audit” from the home page, 2) select “The Role of Internal Audit,” 3) select “Resources & Best Practices” 18 Audit Committee Online menu path: 1) select “Internal Audit” from the home page, 2) select “The Role of Internal Audit,” 3) select “Deloitte Perspectives” 19 Audit Committee Online menu path: 1) select “Internal Audit” from the home page, 2) select “Quality Assessment of the Internal Audit Function,” 3) select

(22)

Review and approve related-party transactions NASDAQ

Under pre-existing rules, NASDAQ requires each listed company to conduct an ongoing review of all related-party transactions. Under the new standards, all such transactions must be approved, as opposed to merely reviewed, by the listed company’s audit committee or another independent body of the board. For the purpose of this requirement, “related-party transactions” refers to transactions that must be disclosed pursuant to Regulation S-K, Item 404. This requirement became effective on January 15, 2004. If the audit committee is to be charged with approving such transactions, this duty should be set forth in the audit committee charter.

The audit committee or another designated independent body of the board may wish to consider the following items in review-ing related-party transactions:

■Will special meetings be called as potential transactions arise or will potential related-party transactions be included on every

meeting agenda?

■What type of information is needed about each potential transaction to enable the committee to make an informed judgment

about its appropriateness?

■Who will be responsible for presenting such information?

■For each potential transaction brought to the committee for approval, the committee might consider asking:

• What are the business reasons for the transaction? Are these reasons in line with the overall strategy and objectives of the company?

• How will the transaction be perceived by investors when it is disclosed?

• What insiders will benefit from the transaction and in what way?

• What impact will the transaction have on the financial statements?

(23)

Closing Considerations

The new corporate governance listing standards complete,

for now, the picture of audit committee roles and responsibilities.

There is no doubt that the time commitment

required of audit committee members has

increased in response to the committee’s expanded

responsibilities, and it is likely to continue to do so.

A November 2003 survey of 90 of Deloitte &

Touche’s largest public audit clients indicated that

the average number of audit committee meetings

held each year rose by approximately 50 percent

after the enactment of the Sarbanes-Oxley Act, and

there was a comparable increase in the average

duration of audit committee meetings.

Audit committees need to evaluate their calendars

in light of the new corporate governance listing

standards. The specifics of the final calendar will

vary from company to company. The audit

commit-tee should consult with management, the

corpo-rate secretary, legal counsel, and the governance

officer in modifying its calendar. For a sample audit

committee calendar and planning tool, please

con-tact your Deloitte & Touche partner.

●21

(24)

The NYSE standards are more detailed than the

NASDAQ standards in specifying the audit

commit-tee’s responsibilities. Many of the responsibilities

specified in the NYSE standards, but not specified

in the NASDAQ standards, have become common

practice for a number of public companies,

regard-less of where they are listed. Accordingly, NASDAQ

companies may want to consider voluntary

adop-tion of certain items specifically required only of

NYSE companies. This possibility should be

dis-cussed with the audit committee, the board,

man-agement, and legal counsel.

(25)

Audit Committee Checklist for New

Sarbanes-Oxley and NYSE and

NASDAQ Listing Requirements

March 2004

This checklist was compiled based on the incremental audit committee requirements set forth in the Sarbanes-Oxley Act of 2002 and the new corporate governance listing standards of the NYSE and NASDAQ. The latter were approved by the SEC on November 4, 2003. The italicized notations following each requirement indicate which Sarbanes-Oxley Act section or listing standards include and discuss that requirement. The middle column indicates the effectiveness/compliance timeframe for each requirement. Many of the new responsibilities require modification of the audit committee charter to reflect the new responsibility by the specified date, while other new requirements must be performed by the speci-fied date. Unless noted that the charter requires modifi-cation by the specified date, the requirement must be performed or in place by the date specified.

This checklist is designed for the general SEC issuer; cer-tain issuers, including investment companies, small busi-ness issuers, and foreign private issuers, are granted some exceptions or accommodations. Many of the items presented here are not applicable to voluntary filers.

Because many of the new NYSE requirements are com-mon or emerging practices, NASDAQ-listed companies may want to consider implementing certain of those requirements. Similarly, NYSE companies may consider implementing the NASDAQ requirement relating to

review and approval of related-party transactions. This checklist only includes duties that are required of the audit committee; it does not include duties that might commonly be assigned to the audit committee by the board outside of those required by rules and regulations (e.g., maintenance of a code of business conduct and ethics, interactions with internal audit, etc.).

This checklist contains general information only and does not constitute, and should not be regarded as, legal or similar professional advice or service. This checklist is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect you or your business. Any such decision or action should be taken only upon the advice of a qual-ified professional advisor. This checklist was prepared based on information available as of March 1, 2004, and is subject to change as interpretive guidance is issued by the SEC, NYSE, or NASDAQ. Neither Deloitte & Touche LLP, Deloitte Touche Tohmatsu, nor any of their affiliates or related entities shall have any liability or responsibility to any person or entity with respect to the use of or reliance on this checklist. All companies should consult with legal counsel regarding the applicability and imple-mentation of the various requirements presented.

●A-1

(26)

The audit committee comprises at least three directors, all of whom meet the inde-pendence requirements, including compensation-related provisions, of Sarbanes-Oxley and the applicable SRO rules.2_{[Sarbanes-Oxley Act Section 301; NYSE}

Corporate Governance Rules 6 and 7(a) and (b); and NASDAQ Corporate Governance Rule 4350(d)(2)]

Sarbanes-Oxley, NYSE, and NASDAQ:First annual share-holders’ meeting occurring after January 15, 2004, but not later than October 31, 2004

The audit committee has a formal, written charter that is reviewed annually and addresses the items required by applicable rules. [NYSE Corporate Governance Rule 7(c) and NASDAQ Corporate Governance Rule 4350(d)(1)]

NYSE and NASDAQ: First annual shareholders’ meeting occurring after January 15, 2004, but not later than October 31, 2004; previous NYSE and NASDAQ charter requirements are still applicable to the extent they were not superseded by new listing standards

Disclose whether at least one member of the audit committee qualifies as an “audit committee financial expert.” If the board determines that at least one member ful-fills the SEC criteria, disclose the name of that individual and whether he or she is independent of management. If the board determines there is no audit committee financial expert, disclose why the company does not have a qualifying individual.

[Sarbanes-Oxley Act Section 407]

Sarbanes-Oxley: Disclosure is required for fiscal years end-ing on or after July 15, 2003

The audit committee has the authority to determine funding for the appropriate compensation of the independent auditors, other advisors that the audit committee chooses to engage, and ordinary administrative expenses of the audit committee.

[Sarbanes-Oxley Act Section 301; NYSE Corporate Governance Rule 6; and NASDAQ Corporate Governance Rule 4350(d)(3)]

All audit committee members are able to read and understand financial statements at the time of their appointment (rather than within a reasonable period of time after appointment, as was the case under pre-existing requirements). [NASDAQ Corporate Governance Rule 4350(d)(2)]

NASDAQ: First annual shareholders’ meeting occurring after January 15, 2004, but not later than October 31, 2004

The audit committee has the authority to engage independent counsel and other advisors as it deems appropriate. [Sarbanes-Oxley Act Section 301; NYSE Corporate Governance Rule 6; and NASDAQ Corporate Governance Rule 4350(d)(3)]

The audit committee meets periodically with management, the internal auditor, and the independent auditor in separate executive sessions. [NYSE Corporate Governance Rule 7(c)(iii)(E)]

NYSE:The audit committee charter must include this provi-sion by the first annual shareholders’ meeting occurring after January 15, 2004, but not later than October 31, 2004

Sarbanes-Oxley, NYSE, and NASDAQ: First annual share-holders’ meeting occurring after January 15, 2004, but not later than October 31, 2004

REQUIREMENT EFFECTIVENESS/COMPLIANCE TIMEFRAME ACTIONS TO COMPLY1

General

1This column is intended to permit each company to document actions necessary to comply with the requirement or to enhance the benefits resulting from compliance with the requirement.

(27)

●A-3

The audit committee reports regularly to the board of directors. [NYSE Corporate Governance Rule 7(c)(iii)(H)]

NYSE: The audit committee charter must include this provi-sion by the first annual shareholders’ meeting occurring after January 15, 2004, but not later than October 31, 2004

An annual performance assessment of the audit committee is performed.

[NYSE Corporate Governance Rule 7(c)(ii)]

An internal audit function is maintained. [NYSE Corporate Governance Rule 7(d)] NYSE:First annual shareholders’ meeting occurring after

January 15, 2004, but not later than October 31, 2004

The audit committee is directly responsible for the following regarding the inde-pendent auditor:

• Appointment • Compensation • Retention • Oversight

• Resolution of any disagreements with management regarding financial reporting.

[Sarbanes-Oxley Act Section 301; NYSE Corporate Governance Rule 6; and NASDAQ Corporate Governance Rule 4350(d)(3)]

The audit committee reviews with the independent auditor any audit problems or difficulties and management’s response. Such reviews should include a discussion concerning the responsibilities, budget, and staffing of the internal audit function.

[NYSE Corporate Governance Rule 7(c)(iii)(F)]

The audit committee establishes clear hiring policies, compliant with governing laws and regulations, for employees or former employees of the independent auditor.

[NYSE Corporate Governance Rule 7(c)(iii)(G)]

REQUIREMENT EFFECTIVENESS/COMPLIANCE TIMEFRAME ACTIONS TO COMPLY

General (cont.)

Independent Auditors

The audit committee holds timely discussions with the independent auditor regarding: • All critical accounting policies and practices

• All alternative treatments of financial information within GAAP that have been dis-cussed with management, ramifications of the use of such alternative disclosure and treatments, and the treatment preferred by the independent auditor

• Other material written communications between the independent auditor and man-agement, including, but not limited to, the management letter and schedule of unad-justed differences.

[Sarbanes-Oxley Act Section 204]

New Corporate Governance Listing Standards