Audit committee charter: drafting one that's not just boilerplate
Most audit committee charters read the same. They were drafted by copying a template that copied a template. The charter that produces a working audit committee is specific to the company — particularly on scope, dispute resolution, and the executive session with the auditor.
Section 177 of the Companies Act, 2013 requires every listed company and every public company above the prescribed thresholds to constitute an audit committee. The charter governing that committee is one of the documents the company secretary drafts in the first year and rarely revisits.
We see two charters most often. The first is a boilerplate copy of the Section 177 language plus the Schedule IV residual: the committee has the powers and responsibilities set out in the statute. The second is a more substantive document but borrowed from another company's charter and not adapted to the current company's circumstances. Both produce committees that go through the motions and miss the substantive review the committee was set up to perform.
A charter that works for the company has to address five things specifically: composition and quorum, the cadence of meetings, the scope of the committee's authority and how it interacts with management, the reporting line to the board, and the dispute-resolution mechanism between the committee and management when they disagree.
What the statute requires
Section 177(2) requires the audit committee to have a minimum of three directors, with independent directors forming a majority. The chair must be independent in the case of a listed company.
Section 177(4) sets the residual scope: recommending the appointment, remuneration, and terms of appointment of the auditors; review and monitoring of the auditor's independence and performance; examination of the financial statement and the auditor's report; approval of transactions with related parties; scrutiny of inter-corporate loans and investments; valuation of undertakings or assets, wherever necessary; evaluation of internal financial controls and risk management systems; and monitoring the end use of funds raised through public offers.
Section 177(5) gives the committee the right to call for the comments of the auditors, the auditors' independent review of the company's internal control systems, and the auditors' independent assessment of the financial statements.
This is the floor. Charters that stop here are charters that have not been drafted.
Composition and quorum
The charter should specify the number of directors on the committee, the proportion of independent directors (which must satisfy Section 177(2) but can be higher), and the quorum for a meeting.
We recommend a quorum of two-thirds of the membership or two members, whichever is higher, with at least one independent director. A quorum of any two members — which is the default many charters fall into — permits a meeting between two non-independent directors, which substantively defeats the committee's independence.
Chair backup. The charter should specify who chairs the meeting if the independent chair is unavailable. The default — the most senior member present — defaults to whoever the most senior member is, which is often not independent. Specify that an independent member chairs in the absence of the elected chair, or postpone the meeting.
Cadence
Section 177 does not prescribe a meeting cadence. SEBI's LODR Regulations require listed companies to hold at least four audit committee meetings a year, with a gap of not more than 120 days between two consecutive meetings.
For unlisted public companies and private companies that have constituted audit committees, we recommend the same cadence. Quarterly meetings, anchored around the financial reporting cycle (quarterly results for listed; quarterly internal review for unlisted), plus an additional meeting before the AGM to finalise the recommendation on the auditor's reappointment and the year-end accounts.
The charter should specify the meeting pattern and the standing agenda items for each meeting. Without standing agenda, the committee chair is rebuilding the agenda each quarter; with standing agenda, the chair is adding to a stable base.
Authority and scope
The charter should set out the committee's authority with enough precision that the committee chair can act without going back to the board for each decision.
Statutory auditor recommendation
The committee recommends the statutory auditor's appointment, reappointment, removal, and terms of remuneration to the board. The board's role is to consider the recommendation and, where it concurs, to put the matter to shareholders.
The charter should specify: the committee's process for evaluating the incumbent auditor at the end of the term, the criteria for selecting a successor (independence, sector experience, firm-rotation status under Section 139), the process for the request-for-proposal and the auditor interview, and the timing of the recommendation to the board.
Internal audit
The internal audit function reports administratively to management and substantively to the audit committee. The charter should specify: who appoints the internal auditor (the committee), who approves the annual internal audit plan (the committee), who receives the internal audit reports (the committee, in parallel with management), and what the committee does with findings (review, monitor remediation, report unresolved items to the board).
Related-party transactions
Section 177(4)(iv) gives the committee approval authority over related-party transactions. The charter should specify which RPTs go to the committee for approval (typically all, with materiality thresholds for matters that also need shareholder approval under Section 188), the documentation required for approval (the transaction terms, the arm's-length pricing analysis, the disclosure to the committee of the related-party relationship), and the standing reporting at each meeting (a register of approved transactions and their status).
Risk management and internal controls
The committee's role here is review and monitoring, not management. The charter should specify what reports the committee receives (the internal financial controls assessment, the risk management framework, the cybersecurity report where applicable, the regulatory compliance dashboard), the cadence of those reports, and the committee's escalation path when a deficiency is identified.
Executive session with the auditor
The single most important provision in a working audit committee charter is the executive session with the statutory auditor — a portion of the audit committee meeting in which the auditor is present and management (CFO, MD, and other executives) is not.
The executive session is where the auditor raises observations that they are reluctant to raise in management's presence. The charter should specify: that an executive session takes place at every meeting where the auditor is present, the duration (typically 20 to 30 minutes), and the standing agenda for the session (auditor's observations not raised in the main meeting, auditor's independence confirmation, scope concerns, fee adequacy).
Charters that do not provide for executive session produce committees that hear from the auditor only what the auditor is willing to say with management in the room. That is not the auditor's full view.
Dispute resolution
Where the audit committee disagrees with management — on a financial reporting treatment, on a related-party approval, on an audit observation — the charter should specify how the disagreement is resolved.
The default escalation is to the board. The charter should specify: how the disagreement is documented (a written note from the committee chair to the board), how the board considers it (a board meeting agenda item with the auditor present), and what the board's decision-making framework is (the committee's view is not binding on the board, but the board records its reasons for departing from the committee's view in the minutes).
Where the board concurs with management against the committee, the committee chair has the option to request a note in the minutes recording the committee's dissent. The charter should preserve that option.
Reporting to the board
The committee reports to the board after each meeting. The charter should specify: the format of the report (a written summary of matters considered, decisions taken, and items referred to the board), the timing (within 14 days of the committee meeting), and the standing items (RPT approvals, internal audit progress, statutory auditor matters, financial reporting observations).
The annual report should contain a section on the audit committee's activities — composition, meetings held, attendance, matters reviewed. This is mandatory for listed companies under SEBI LODR; we recommend it as a matter of governance for unlisted companies as well.
What boilerplate charters miss
Four omissions repeat across the charters we audit.
No specification of executive session. The auditor is present at the meeting; whether they speak freely is unclear.
No materiality thresholds for RPT approval. Every RPT goes to the committee, or every RPT is treated as below threshold and approved by management. Neither is right.
No internal audit reporting line stated. The internal auditor reports to management for performance and pay, and substantively to the committee for findings. Where this is not stated, the internal auditor reports only to management and the committee receives a sanitised version.
No dispute-resolution mechanism. The committee disagrees with management on a year-end provision. The disagreement is recorded in the minutes as 'discussed'. The provision is booked as management proposed. The committee's view is never escalated to the board. The auditor signs the accounts. Six months later, the matter surfaces in a tax dispute.
A charter we would sign
The charter we draft for a client is typically eight to twelve pages, specific to the company's industry, size, and shareholder structure. It is reviewed by the audit committee at the first meeting each financial year and amended where the prior year's experience suggests amendment is warranted.
A working charter is a living document. A boilerplate charter sits in a folder and signs every minute as 'taken as read'. The difference between the two is the difference between a committee that performs its statutory role and a committee that exists to satisfy the law's requirement that the committee exist.
References
