Audit Committee

< Back to Committee Composition

Chair Fernando Aguirre, Member Jeffrey R. Balser, M.D., Ph.D., Member Anne M. Finucane, Member Jean-Pierre Millon, Member Guy P. Sansone, Member Mary L. Schapiro,

Download Audit Committee Charter

Committee Members

CVS HEALTH CORPORATION

A Delaware corporation
(the "Company")

Audit Committee Charter

Approved as of March 21, 2024

Audit Committee Charter Quicklinks

Link directly to the portion of the charter in which you are most interested. Or, print the whole document using the link above.

Purpose
Membership
Authority
Procedures
Responsibilities
Limitations Inherent in the Committee’s Role

Purpose

The Audit Committee (the “Committee”) was created by the Board of Directors of the Company (the “Board”) to:

  • assist the Board in its oversight of:
  • the integrity of the financial statements of the Company;
  • the qualifications, independence, performance and engagement of the Company’s independent registered public accounting firm (the “independent auditor”);
  • the performance of the Company’s internal audit function;
  • the policy standards and guidelines for risk assessment and risk management;
  • the Company’s compliance program, including compliance with the Company’s Code of Conduct; and
  • compliance by the Company with legal and regulatory requirements; and
  • prepare the Audit Committee Report to be included in the Company’s annual proxy statement.

Membership

The Committee shall consist of at least three members, comprised solely of independent directors meeting the independence and experience requirements of the New York Stock Exchange and the Securities and Exchange Commission (the “SEC”) as promulgated from time to time for membership on a company’s audit committee. Each member shall be financially literate and at least one Committee member must qualify as an audit committee financial expert under SEC rules, as determined by the Board. The Nominating and Corporate Governance Committee shall recommend nominees for appointment to the Committee annually and as vacancies or newly created positions occur. Committee members shall be appointed by the Board and may be removed by the Board at any time. The Nominating and Corporate Governance Committee shall recommend to the Board, and the Board shall designate, the Chair of the Committee, and the Committee member(s )who qualify(ies) as audit committee financial expert(s), as defined in SEC rules.

Procedures

The Committee shall meet as often as it determines is appropriate to carry out its responsibilities under this charter, but not less frequently than four times a year. The Chair of the Committee, in consultation with the other Committee members, shall determine the frequency and length of the committee meetings and shall set meeting agendas consistent with this charter. The Committee shall maintain minutes of its meetings and make available copies of such minutes to the Board. The Secretary of the Company shall maintain copies of all minutes as permanent records of the Company. The Committee shall meet with management as it deems appropriate. In addition, the Committee shall meet separately on a periodic basis as it deems appropriate with the Chief Audit Executive (“CAE”), the Chief Compliance Officer (“CCO”) and with the independent auditor.

Authority

General

The Committee has the sole authority to retain and terminate legal, accounting, financial or other advisors that the Committee may consider necessary, including retaining any accounting firm for the purpose of preparing or issuing an audit report or performing other audit, review or attestation services, without conferring with or obtaining the approval of management or the full Board. The Committee has the sole authority to approve all of such advisors’ fees and other retention terms and shall have available appropriate funding from the Company. The Committee is directly responsible for the appointment, compensation and oversight of any such advisor’s work. The Committee shall also have available appropriate funding for payment of ordinary administrative expenses of the Committee that are necessary or appropriate in carrying out its duties.

Delegation

The Committee may delegate its authority to subcommittees or the Chair of the Committee when it deems appropriate and in the best interests of the Company.

Responsibilities

In addition to any other responsibilities that may be assigned from time to time by the Board, the Committee is responsible for the following matters:

General

  • The Committee will maintain open lines of communication with the Company’s Chief Financial Officer (the “CFO”), CAE, CCO, and with the Company’s independent auditors, each of whom will have free and direct access to the Committee. The CCO is authorized to communicate promptly and personally to the Committee on all matters that he or she deems appropriate.

Independent Auditor

  • The Committee shall be directly responsible for the appointment, compensation, retention and oversight of the work of any accounting firm engaged for the purpose of preparing or issuing an audit report or performing other audit, review or attestation services for the Company (subject, if applicable, to shareholder ratification). Each such accounting firm shall report directly to the Committee.
  • The Committee shall pre-approve the audit services and non-audit services to be provided by the Company’s independent auditor pursuant to pre-approval policies and procedures established by the Committee. The pre-approval policies and procedures shall be periodically reviewed by the Committee. The Committee may delegate its authority to pre-approve services to one or more Committee members, provided that such designees present any such approvals to the full Committee at the next Committee meeting.
  • The Committee shall discuss with the independent auditor its responsibilities under generally accepted auditing standards, review and approve the scope and staffing of the independent auditor’s annual audit plan(s), with emphasis on accounting and financial areas where the Committee, management, or the accountants believe special attention should be directed, and discuss any significant findings from the audit, including any problems or difficulties encountered.
  • The Committee shall evaluate the independent auditor’s qualifications, performance and independence, and shall present its conclusions with respect to the independent auditor to the full Board on at least an annual basis. As part of such evaluation, at least annually, the Committee shall:
    • obtain and review a report or reports from the Company’s independent auditor:
      • describing the independent auditor’s internal quality-control procedures;
      • describing any material issues raised by (i) the most recent internal quality-control review, or peer review, of the independent auditor, or (ii) any inquiry or investigation by governmental or professional authorities, within the preceding five years, regarding one or more independent audits carried out by the independent auditor, and any steps taken to deal with any such issues;
      • describing all relationships between the independent auditor and the Company consistent with the applicable requirements of the Public Company Accounting Oversight Board (“PCAOB”) regarding the independent auditor’s communications with the Committee concerning independence; and
      • assuring that Section 10A of the Securities Exchange Act of 1934, as amended, has not been implicated;
    • consider whether the provision of non-audit services is compatible with maintaining auditor independence;
    • confirm, and evaluate the rotation of, the audit engagement team partners, review and evaluate the lead partner and consider whether rotation should occur more frequently, so as to assure continuing auditor independence;
    • consider whether the independent auditor should be rotated, so as to assure continuing auditor independence; and
    • obtain the opinion of management and the internal auditors of the independent auditor’s performance.
  • The Committee shall establish and periodically review the policies for the Company’s hiring of current or former employees of the independent auditor.

Internal Auditors

  • At least annually, the Committee shall evaluate the performance, responsibilities, budget and staffing of the Company’s internal audit function and review the internal audit plan. Such evaluation shall include a review of the responsibilities, budget and staffing of the Company’s internal audit function with the independent auditor.
  • At least annually, the Committee shall review the annual internal audit plan with the senior officer or officers responsible for the internal audit function of the Company. The review shall focus on the scope and effectiveness of internal audit activities and the department’s capability to fulfill its objectives.
  • At least annually, the Committee shall review significant findings by the internal audit staff and management’s responses to such findings and instances of remedial action not being taken by management within appropriate timeframes in response to any such findings, if any.
  • At least annually, the Committee shall review the appointment, performance, reassignment or dismissal, and compensation of the CAE, who shall report directly to the Committee and administratively to the CFO of the Company.

Financial Statements and Disclosure Matters; Capital Allocation

  • The Committee shall meet to review and discuss with management, the internal auditors and the independent auditor, in separate meetings if the Committee deems it appropriate:
    • the annual audited financial statements, including the Company’s specific disclosures under “Management’s Discussion and Analysis of Financial Condition and Results of Operations”, prior to the filing of the Company’s Form 10-K;
    • the quarterly financial statements, including the Company’s specific disclosures under “Management’s Discussion and Analysis of Financial Condition and Results of Operations”, prior to the filing of the Company’s Form 10-Q;
    • analyses or other written communications prepared by management and/or the independent auditor setting forth significant judgments made in connection with the preparation of the financial statements, including analyses of the effects of alternative GAAP methods on the financial statements and estimates made by management having a material impact on the financial statements;
    • the critical accounting policies and practices of the Company;
    • critical audit matters disclosed in the independent auditor’s reports;
    • off-balance sheet transactions and structures;
    • the Company’s regulated capital investment portfolio; and
    • the effect of regulatory and accounting initiatives or actions applicable to the Company (including any SEC investigations or proceedings) and any significant accounting, reporting, regulatory and other developments affecting the Company’s annual and quarterly financial statements, related footnotes and related disclosures.
  • The Committee shall review, in conjunction with management, the Company’s earnings press releases and to the type of financial information and earnings guidance provided to analysts and rating agencies, paying particular attention to the use of non-GAAP financial information.
  • The Committee shall review, in conjunction with management, the financial and other metrics presented in the Company’s environmental, social and governance (“ESG”) disclosures included as part of the Company’s reports to be filed with the SEC, along with the assurance processes and the internal and disclosure controls and procedures for such ESG disclosures.
  • The Committee shall, in conjunction with the Chief Executive Officer (the “CEO”) and CFO of the Company, at least annually, review and approve the Company’s disclosure controls and procedures and also review the effectiveness of the Company’s internal controls over financial reporting. The review of internal controls over financial reporting shall include whether there are any significant deficiencies and material weaknesses in the design or operation of internal control over financial reporting that are reasonably likely to affect the Company’s ability to record, process, summarize and report financial information, and any fraud involving management or other employees with a significant role in internal control over financial reporting. The Committee shall also review any special audit steps adopted in light of material control deficiencies.
  • The Committee shall review and discuss with the independent auditor any audit problems or difficulties and management’s response thereto, including those matters required to be discussed with the Committee by the independent auditor pursuant to established auditing standards.
  • The Committee shall establish and periodically review the procedures for:
    • the confidential, anonymous submission by employees of the Company of concerns regarding questionable accounting or auditing matters, and
    • the receipt, retention and treatment of complaints received by the Company regarding accounting, internal accounting controls or auditing matters.
  • The Committee shall review any complaints regarding accounting, internal accounting controls or auditing matters received pursuant to such procedures.
  • The Committee shall prepare the Audit Committee Report that the SEC rules require to be included in the Company’s annual proxy statement.

Risk Assessment, Risk Management and Compliance Matters

  • The Committee shall review, in conjunction with management, the independent auditor and the internal audit department, the Company’s policies and practices and its implementation and effectiveness with respect to risk assessment and risk management of the Company’s major risks, and the steps that have been taken to monitor, control and report such exposures.
  • The Committee shall periodically review and approve and shall oversee compliance with the Company’s Code of Conduct. The Committee shall also review and consider any requests for waivers of the Company’s Code of Conduct for the Company’s directors, executive officers and other senior financial officers, and shall make a recommendation to the Board with respect to such request for a waiver.
  • The Committee shall periodically review the Company’s information governance framework, including the Company’s privacy program and the cyber security aspects of its information security program.The Committee shall review significant cases of employee conflict of interest, misconduct, or fraud.
  • As part of its oversight of the Company’s compliance program, the Committee shall review the Company’s compliance with laws and regulations, including major legal and regulatory matters, such as federal health care program requirements, consent decrees, corporate integrity agreements or similar obligations. In that regard, the Committee shall review and discuss, in conjunction with management, the implementation and effectiveness of CVS Health’s compliance program, including the performance of the CCO. The Committee shall also review any litigation or investigations that may have a material impact on the Company’s financial statements or accounting policies. The Committee shall meet with the CCO no less than four (4) times per year, and shall meet and discuss legal and regulatory matters with management and others as appropriate, including the General Counsel.

Reporting to the Board

  • The Committee shall report to the Board periodically and at least annually. These reports shall include a review of any recommendations or issues that arise with respect to the quality or integrity of the Company’s financial statements, compliance with the Company’s Code of Conduct, the Company’s compliance with legal or regulatory requirements, the independence and performance of the Company’s independent auditor, the performance of the internal audit function and any other matters that the Committee deems appropriate or is requested to be included by the Board.
  • At least annually, the Committee shall evaluate its own performance and the Chair of this Committee shall report to the Board on such evaluation.
  • The Committee shall periodically review and assess the adequacy of this charter and recommend any proposed changes to the Board for approval.

Limitations Inherent in the Committee’s Role

It is not the duty of the Committee to plan or conduct audits or to determine that the Company’s financial statements are complete and accurate and are in accordance with GAAP and applicable rules and regulations. This is the responsibility of management and the independent auditor. Furthermore, while the Committee is responsible for reviewing the Company’s policies and practices with respect to risk assessment and management, it is the responsibility of the CEO, CFO and senior management to determine the appropriate level of the Company’s exposure to risk.