Auditing the structure and operation of Executive Compensation and Benefits (ECB) programs is a legitimate and appropriate role for internal auditing. If a risk assessment indicates a review is warranted, the Chief Audit Executive (CAE) should add ECB to the audit plan, which the board will review and approve. Internal auditing will choose the audit approach and design risk-based audit procedures. This Practice Guide provides discussions relating to such an audit and includes several considerations that may be relevant to an organization’s business activities or risk profile.
Strong governance systems are needed for ECB programs, as management often is in the position of both designing and recommending its own compensation. There are several specific risks internal auditors should consider, including employment market, compliance, financial reporting, reputation, operating, and external business relationship risks. ECB programs also are subject to fraud risk.
Due to the sensitive nature of this area, internal auditing must have an appropriate audit approach and access to the necessary information. While there can be obstacles to obtaining this information, internal audit needs to proceed in accordance with its charter.
The audit scope could include a focus on the board, management, and extended business relationships. There are a number of unique aspects in audits of each of these areas of focus which should be considered before performing audit work.
This guide will assist internal auditors with an explanation of the audit approach, audit considerations such as access to information and privileged communications, as well as the skills and knowledge necessary to serve on the audit team. A section on audit program development includes various concepts, potential tests, and questions to help auditors create an audit program. The appendix provides definitions relative to various types of compensation and benefits.
ECB programs have risks that require effective board governance and management processes. Internal auditors have an important role in providing assurance that appropriate and effective controls are in place around ECB programs.