Audit Committee

The audit committee is the board’s watchdog over financial integrity. Composed entirely of independent directors (required by the Sarbanes-Oxley Act), it reviews the company’s financial statements before they are published, examines internal control weaknesses, and oversees the relationship with the external auditor.

For the external audit process itself, see audit opinion. For accounting rules that auditors enforce, see GAAP.

Audit Committee — key facts

Size	Typically 3–5 directors
Independence	100% independent (required by law)
Financial expertise	At least one member must be a designated "financial expert"
Key role	Review financials, assess internal controls, hire/fire auditor

Why audit committees exist

Before Sarbanes-Oxley (2002), audit committees were optional in many companies. The law now requires all publicly traded companies to have one, and it must consist entirely of independent directors. The impetus came from a series of accounting scandals—Enron, WorldCom, and others—where existing board oversight failed catastrophically, destroying shareholder value and employee pensions.

The audit committee’s job is to be the first line of defense against two risks: (1) management manipulating earnings to hit targets or inflate compensation, and (2) the external auditor being pressured to go soft on problems to preserve a lucrative client relationship.

What an audit committee reviews

The committee meets quarterly (usually right before earnings release) to review the company’s financial statements. This includes the balance sheet, income statement, cash flow statement, and the footnotes and accounting policies disclosure. The chief financial officer and the external auditor both present to the committee, and the committee challenges assumptions, estimates, and changes in accounting methods that could inflate profits.

The committee also reviews the company’s risk management framework—market risk from currency or commodity exposures, credit risk from customer defaults, operational risk from supply chain disruption, and compliance risk from regulatory violations. Increasingly, audit committees oversee cybersecurity risk and the company’s data governance.

Internal controls and the auditor’s report

After Sarbanes-Oxley Section 404, the external auditor must test the company’s internal controls—the processes and checks that prevent errors or fraud in financial reporting. The auditor issues a separate report on internal control effectiveness. A material weakness (a control failure that could lead to a material misstatement) must be disclosed in the 10-K filing. The audit committee reviews this report and works with management to remediate any weaknesses.

Hiring and paying the auditor

The audit committee (not the CEO or CFO) recommends the external auditor for shareholder approval. The committee also approves the audit fee and any non-audit services the firm provides. Sarbanes-Oxley limits the type of consulting work an auditor can do for the same client—they cannot, for example, also design the company’s accounting system—to avoid conflicts of interest.

A key committee power is the ability to replace the auditor if performance is poor. In practice, auditor changes are rare because they are expensive and attract scrutiny from institutional investors, but the committee’s veto power is real.

Financial expertise and education

Audit committee members must have financial literacy, and at least one must be designated a “financial expert”—someone with accounting training, auditing experience, or financial management background. Most large companies now require multiple financial experts on the committee. The committee member’s role is not to recompute every number (that is the auditor’s job) but to ask intelligent questions: Is this estimate reasonable? Are we recognizing revenue too aggressively? Has our depreciation policy changed in a way that favors earnings over conservatism?

The audit committee’s reach and limits

The audit committee’s power is real but bounded. It cannot force the CFO to restate earnings or the CEO to resign. It can escalate concerns to the full board and, in extreme cases, refuse to certify the financials, which would make the company ineligible to trade on any major exchange. But the committee’s main tool is its subpoena power over management and its ability to hire independent advisors (forensic accountants, legal counsel) to investigate suspected misconduct.

Evolving scope

In recent years, audit committees have expanded their purview beyond financial reporting. Many now oversee environmental, social, and governance (ESG) reporting, tax strategy, whistleblower protections (required by Sarbanes-Oxley), and the company’s response to cybersecurity incidents. This scope creep reflects both regulatory pressure and investor demand for transparency on non-financial risks.