(This post is part of The Conference Board Governance Center series on the job description of a corporate director from the perspective of various stakeholders. Quotes from this Q&A is highlighted in Just What Is the Corporate Director’s Job? Independent Auditors’ and Regulators’ Perspectives on the Board Member’s Job Description.)

Daniel Sunderland serves as Deloitte’s Chief Auditor. Prior to this role, he served as National Leader – Audit and Assurance Services, where he led the group responsible for developing Deloitte’s policies and methodology (on a US and a global basis), engaging in standard setting, and consulting with the field. In addition, the group has significant interaction with those responsible for technology, learning and innovation.

He has more than 35 years of public accounting experience, serving many of Deloitte’s most complex multinational clients in manufacturing, financial services, life sciences and high technology. He has significant experience in mergers and acquisitions, including due diligence and purchase accounting; equity compensation; employee benefit plan structures and accounting; and other complex accounting areas.

Sunderland also serves on the Research Advisory Board for the Center for Audit Quality. He is a graduate of Dickinson College, and holds an MBA from the University of Chicago.

He recently spent some time talking with Gary Larkin, the author of The Conference Board report, about the job description of a corporate director from the point of view an independent auditor. What follows are his thoughts.

As an external auditor, how do you see the job of a corporate director in today’s business environment? How about the job of an audit committee member? 

I often think of “agency” when I think of director responsibilities. In agency relationship has been defined as ‘a contract under which one or more persons (the board of directors) engage another person (management) to perform some service on their behalf which involves delegating some decision-making authority to the agent. The relationships between both shareholders and directors – and directors and management – is one of agency. Look at the directors acting as an agent for the shareholders. Look at management acting as agent for the directors.  

The board of directors has contracted with management to run the day to day business. The board of directors must therefore oversee its agent in sufficient detail as to fulfill its fiduciary duty to the shareholders. The audit committee is the arm of the board of directors that intensifies the financial oversight of the management; each member of the board of directors may define “financial oversight” differently – but they act in concert to fulfill this duty.

What role does the external auditor play in the job of a corporate director?

The external auditor has been hired by the board of directors to further validate the financial performance of the company…and, most importantly, of management. A board of directors/audit committee needs an independent monitor to further validate how management is performing. It could take management’s own reporting at face value. Yet to do so would likely not allow the board of directors to fulfill its fiduciary duty to the shareholders.

You can go back over the last 150 years and see how this theory of agency has yielded (i) strong financial reporting regimens; and (ii) the need for an external auditor to validate such reporting. When all is said and done, the external auditor works for the board of directors – and those the board represents – the shareholders.

How do you define tone at the top? Who owns that, the board or management?

To me, tone at the top is the corporate mantra.  It is that ‘sacred message’ that pervades an organization. Generally, it manifests itself through the day-to-day interaction of management with the overall organization. Management is the initial purveyor of this message. At the end of the day, however, the mantra can be what the board of directors wants it to be because it has the ability to hire and fire senior management.

In order to understand whether the desired “tone” or “mantra” pervades an organization, the board of directors must have some sort of mechanisms to both incent management to carry this mantra and monitor whether it is actually being manifested both inside and outside the organization.

While it was mentioned at the roundtable that disclosure is the foundation of engagement between the board and shareholders, how do boards ensure that disclosure is not boilerplate?

As noted earlier, the board of directors has really – for the most part – delegated its responsibility of communication to the shareholders to management. It therefore behooves the board to ensure that management’s communications to the shareholders is transparent and relevant all of the time. This means that the board of directors/audit committee be active in commenting on communications such as press releases; management’s communications to the investing community (analyst calls, etc.); financial reporting (10-Ks, 10-Qs, 8-Ks, etc.).

All of the communications mentioned above can become boilerplate and robotic without this on-going dialogue and constructive interaction between the board of directors/audit committee and management. For example, a number of audit committee chairs that I have been associated with have multiple conversations with management around the propriety of “special item” or “non-GAAP” disclosure or the clarity and transparency of critical impending matters such a litigation, etc.

What is the makeup of an ideal audit committee?

The audit committee should be made up of individuals who can help the that committee carry out its charter. Hence, if the board delegates a number of matters to the audit committee that fit loosely under the financial heading – like cybersecurity – the audit committee needs to be expanded to have individuals who have that expertise. Over time I have seen audit committees come to realize the importance of having members with strong management information system backgrounds, strong treasury backgrounds – in addition to those who had base-line financial statement expertise.

Yet it goes without saying that the primary focus of the audit committee is financial matters and things relevant to those matters. Hence, from my perspective, it is always good to have:

• An individual with senior financial leadership in her/his background. This helps to better interpret not only the internal financial reporting regimen (including controls) but also treasury activities and IT activities
• An individual with a strong IT background. Systems are now so integral to the financial monitoring and financial well-being of an organization that it is imperative that there is a strong understanding of what is and what isn’t in this realm. This individual should be able to translate tech speak for the committee into plain English
• An individual with a strong understanding of the external financial reporting regimen and the regulatory land-mines that exist out there. Ideally, there is a place for a very seasoned and experienced retired external auditor on an audit committee

Should the definition of the audit committee financial expert be redefined?

The definition, from my perspective, does not need to be changed. I am a strong believer in “principles-based” regulation. I would guess if people are saying it’s too broad or too narrow means that it’s principles-based. The current definition provides sufficient guidance to the Board of directors to provide for a strong audit committee.

How does a board guarantee it is getting sufficient information about its company? What kind of balance should there be between what they receive from management and external sources?

In an agency relationship as exists between directors and management, monitoring is required. And what does monitoring require more than anything else – information – both quantitative and qualitative. 

How can one judge the sufficiency of it – its particular relevance –or its reliability?

This question of sufficiency is one that is worthy of exploring. Should the information be sufficient for the board of directors:

• To carry out “common law” duty?
• To carry out the very particular requirements of Sarbanes-Oxley?
• To carry out fulsome monitoring of “agent” performance?

It probably is the latter. The board of directors or the audit committee needs to see more than summary financial information. There should be an agreement between the audit committee/board and management about what internal information is given to directors. It’s not that there should be unfettered access, but they need to see the details to be able to ask questions.

On the external front, it is the audit committee/board member’s fiduciary duty to bring in outside sources when they don’t get all the answers from management.

Information should not only flow from the “inside out” – but also from the “outside in.”

The views presented on the Governance Center Blog are not the official views of The Conference Board or the Governance Center and are not necessarily endorsed by all members, sponsors, advisors, contributors, staff members, or others associated with The Conference Board or the Governance Center.