Wachtell Lipton recently published an updated version of its longstanding “Audit Committee Guide.” The 2023 edition weighs in at 212 pages. Here’s an excerpt about the audit committee’s role in risk management — a topic that’s taken on heightened importance due to market fluctuations, regulatory enforcement initiatives and today’s complex and interconnected business environment:
The board should implement a coordinated approach toward risk oversight and ensure an effective flow of information among the directors, senior management and risk managers in order to satisfy itself as to the adequacy of the risk oversight function and to understand the company’s overall risk exposures. Given the NYSE requirement, if a company oversees some or all risk management through a structure that uses a board committee other than the audit committee, these processes should nonetheless be reviewed in a general manner by the audit committee (but the risk management function of such other committee need not be replaced or duplicated by the audit committee).
If a company charges the audit committee with overseeing risk management, the audit committee should schedule time in its agenda for periodic reviews of risk management outside the context of its role in reviewing financial statements and accounting compliance. The audit committee should also hold sessions in which it meets directly with key executives primarily responsible for risk management and compliance programs. In light of the Caremark standard discussed below (see Chapter XI: “Audit Committee Member Liability Issues”), an audit committee charged with overseeing risk management should feel comfortable that “red flags” and “yellow flags” are being reported to it so that key risks may be investigated and reported to the board if appropriate.
It is important to build a record demonstrating allocation of sufficient time and focus to the risk oversight role. The goal should be to provide, through one means or another, serious and thoughtful board-level attention to the company’s risk management process and system. Further, in light of a recent Delaware holding that corporate officers may be held liable for breach of the duty of oversight, as discussed below (see Chapter XI: “Audit Committee Member Liability Issues”), the board committee tasked with overseeing risk management should take steps to ensure that officers are implementing appropriate corporate controls and addressing issues as necessary.
In addition to an overview of best practices, the Guide includes Model Charters, a Model Audit Committee Responsibilities Checklist, a Model Audit Committee Member Financial Expertise and Independence Questionnaire, a Model Audit Committee Pre-Approval Policy, Model Policies and Procedures with respect to Related Person Transactions, Model Whistleblower Procedures and a Model Audit Committee Self-Evaluation Checklist, and more — which can be modified to fit specific company situations.
This resource is posted along with heaps of other helpful resources in our “Audit Committees” Practice Area. If you aren’t already a member of TheCorporateCounsel.net, start a “no-risk trial” today! Our “100-Day Promise” guarantees that during the first 100 days as an activated member, you may cancel for any reason and receive a full refund. If you have any questions, email Sales@CCRcorp.com — or call us at 800.737.1271.
– Liz Dunshee, TheCorporateCounsel.net, May 10, 2023