CHARTER OF THE AUDIT COMMITTEE
OF THE BOARD OF DIRECTORS
OF
McKESSON CORPORATION
As Approved by the Board on April 24, 2024
I. PURPOSE OF THE COMMITTEE
The purposes of the Audit Committee (“Committee”) of the Board of Directors (“Board”) of McKesson Corporation (“Company”) shall be to assist Board oversight of:
- The integrity of the Company’s financial statements.
- The Company’s compliance with legal and regulatory requirements.
- The qualifications, independence and performance of the registered public accounting firm engaged as the Company’s independent auditor (“Independent Auditor”).
- The performance of the Company’s internal audit function.
The Committee’s purpose shall also include preparing the disclosure required by Item 407(d)(3)(i) of Regulation S-K promulgated by the Securities and Exchange Commission (“Commission”) to be included in the Company’s annual proxy statement.
II. COMPOSITION OF THE COMMITTEE
The members of the Committee shall be appointed in accordance with Article III, Section 10(c) of the By-Laws of the Company. The Committee shall consist of no fewer than three members. The members of the Committee shall meet the independence and experience requirements of the New York Stock Exchange (“NYSE”), Section 10A(m)(3) of the Securities Exchange Act of 1934 (“Exchange Act”) and the rules and regulations of the Commission (collectively, “Applicable Rules”). All members of the Committee shall meet the financial literacy requirements of the NYSE. At least one member of the Committee must have accounting or related financial management expertise, as the Board interprets such qualification in its business judgment. The Company shall disclose as required by the Commission whether the Board has determined that at least one member of the Committee is an “audit committee financial expert” as defined by the Commission. The simultaneous service by a member of the Committee on the audit committees of more than two other public companies requires a Board determination that such simultaneous service would not impair the ability of such member to serve effectively on the Committee and requires disclosure of that determination.
III. MEETINGS AND PROCEDURES OF THE COMMITTEE
The Committee may fix its own rules of procedure, which shall be consistent with the By-Laws of the Company and this Charter. The Committee shall meet as often as it determines, but not less frequently than quarterly, and the Committee shall meet jointly with the Compliance Committee at least once annually. Through the respective committee chairs, the Committee will coordinate with the Compliance Committee on risk oversight responsibilities and other matters as those committee chairs deem appropriate, including with respect to technology-related risks, cybersecurity and privacy matters.
The Board may designate one member of the Committee as its Chair. In the absence of such a designation by the Board, the Committee shall by majority vote of the full Committee designate one member of the Committee as its Chair. If the member so designated is not present at a meeting of the Committee, the members present shall by majority vote designate a Chair pro tem for that meeting.
The Committee shall meet periodically with management, the internal auditors and the Independent Auditor in separate sessions, and also may meet in executive session with only the Committee members.
The Committee may request that any directors, officers or employees of the Company, or other persons whose advice and counsel are sought by the Committee, attend any meeting of the Committee to provide such pertinent information as the Committee requests, or to meet with any members of, or advisors to, the Committee.
At least quarterly, the Committee shall deliver a report to the Board, including a summary description of actions taken by the Committee at the meeting. The Committee shall keep written minutes of its meetings, which minutes shall be maintained with the books and records of the Company. In lieu of a meeting, the Committee may also act by unanimous written consent resolution.
The Committee shall review and reassess the adequacy of this Charter annually and recommend any proposed changes to the Board for approval. The Committee shall annually conduct a performance evaluation of the Committee and report the results to the Board.
IV. COMMITTEE AUTHORITY
The Committee shall have the sole authority and direct responsibility for the appointment, compensation, retention and oversight of the work of any independent auditor engaged (including resolution of disagreements between management and the Independent Auditor regarding financial reporting) for the purpose of preparing or issuing an audit report or performing other audit, review or attest services. The Independent Auditor shall report directly to the Committee.
The Committee shall have the authority to, and shall, preapprove all auditing services and permitted non-audit services (including the fees and terms thereof) to be performed for the Company by its Independent Auditor, subject to the de minimis exceptions for non-audit services described in Section 10A(i)(1)(B) of the Exchange Act, which should be approved by the Committee prior to the completion of the audit. In connection with such approvals, the Committee may form and delegate to subcommittees consisting of one or more members the authority to grant preapprovals of audit and permitted non-audit services, provided that decisions of such subcommittee to grant preapprovals shall be presented to the Committee at a subsequent meeting.
The Committee shall have the authority to conduct investigations into any matters within its scope of responsibility. The Committee shall have the authority to retain independent legal, accounting or other advisors. The Company shall provide for appropriate funding, as determined by the Committee, for payment of compensation to the Independent Auditor for the purpose of preparing or issuing an audit report or performing other audit, review or attest services, of compensation to any advisors employed by the Committee, and of ordinary administrative expenses of the Committee that are necessary or appropriate in carrying out its duties.
V. COMMITTEE RESPONSIBILITIES
The Committee shall, to the extent it deems necessary or appropriate or as required by the Applicable Rules:
As to Financial Statement and Disclosure Matters
- Review and discuss with management and the Independent Auditor the annual audited financial statements and disclosures made in management’s discussion and analysis (“MD&A”), and recommend to the Board whether the audited financial statements should be included in the Company’s Form 10-K.
- Review and discuss with management and the Independent Auditor the Company’s quarterly financial statements, including disclosures made in the MD&A, prior to the filing of its Form 10-Q, including the results of the Independent Auditor’s review of the quarterly financial statements.
- Review major issues regarding accounting principles and financial statement presentations, including any significant changes in the Company’s selection or application of accounting principles; major issues as to the adequacy of the Company’s internal controls; and any special audit steps adopted in light of any material weakness or significant deficiency in internal controls over financial reporting.
- Review analyses prepared by management (and/or the Independent Auditor as noted in item 5 below) setting forth significant financial reporting issues and judgments made in connection with the preparation of the financial statements, including analyses of the effects of alternative generally accepted accounting principles (GAAP) methods on the financial statements.
- Discuss quarterly reports from the Independent Auditor on the following:
a) All critical accounting policies and practices to be used.
b) All alternative treatments of financial information within GAAP that have been discussed with management, ramifications of the use of such alternative disclosures and treatments, and the treatment preferred by the Independent Auditor.
c) Other material written communications between the Independent Auditor and management, such as any management letter or schedule of unadjusted differences. - Discuss with management the Company’s earnings press releases, including the use of “pro forma” or “adjusted” non-GAAP information, as well as financial information and earnings guidance provided to analysts and rating agencies. Such discussion may be done generally (i.e., the types of information to be disclosed and the types of presentations to be made) rather than specifically as to individual press releases, analysts and rating agencies.
- Discuss with management and the Independent Auditor the effect of regulatory and accounting initiatives as well as off-balance sheet structures on the Company’s financial statements.
- Discuss with management the Company’s major financial risk exposures and the steps management has taken to monitor and control such exposures.
- Discuss with management the guidelines and policies to govern the process by which risk assessment and management is undertaken by management.
- Discuss with the Independent Auditor the matters required to be discussed by the prevailing auditing standards relating to the conduct of the audit, including any difficulties encountered in the course of the audit work, any restrictions on the scope of activities or access to requested information, and any significant disagreements with management, including any significant accounting adjustments that were noted or proposed by the Independent Auditor but were rejected by management.
- Review disclosures made to the Committee by the Company’s CEO and CFO during their certification process for the Form 10-K and Form 10-Q about any material weakness or significant deficiency in the design or operation of internal controls over financial reporting and any fraud involving management or other employees who have a significant role in the Company’s internal controls over financial reporting.
As to Oversight of the Company’s Relationship with the Independent Auditor - Review and evaluate the lead partner of the Independent Auditor and present the Committee’s conclusions to the Board.
- Obtain and review a report from the Independent Auditor at least annually regarding:
a) the Independent Auditor’s internal quality-control procedures,
b) any material issues raised by the most recent internal quality-control review, or peer review, of the Independent Auditor, or by any inquiry or investigation by governmental or professional authorities within the preceding five years respecting one or more independent audits carried out by the Independent Auditor,
c) any steps taken to deal with any such issues, and
d) (to assess the Independent Auditor’s independence) all relationships between the Independent Auditor and the Company. - Evaluate the qualifications, performance and independence of the Independent Auditor, including considering whether the Independent Auditor’s quality controls are adequate and whether the provision of any permitted non-audit services is compatible with maintaining the Independent Auditor’s independence, and taking into account the opinions of management and internal auditors. Present conclusions with respect to the Independent Auditor to the Board. This shall include a review and discussion of the annual communication as to independence delivered by the Independent Auditor pursuant to Applicable Rules.
- Ensure the rotation as required by law of the lead (or coordinating) audit partner having primary responsibility for the audit and of the audit partner responsible for reviewing the audit.
- Set clear policies for the Company’s hiring of employees or former employees of the Independent Auditor.
- Meet with the Independent Auditor prior to the audit to discuss the planning and staffing of the audit; including the type and scope of services to be provided by the Independent Auditor.
As to Oversight of the Company’s Internal Audit Function - Review the appointment, performance and replacement, as necessary, of the senior internal auditing executive.
- Review the significant issues raised in reports to management prepared by the internal auditing department and management’s responses.
- Review at least annually the internal audit department and its mission, responsibilities, independence, procedures, budget and staffing and any recommended changes in the planned scope of the internal audit. This review shall include discussions with the Independent Auditor regarding these matters.
As to Compliance Oversight Responsibilities - Obtain from the Independent Auditor assurance that Section 10A(b) of the Exchange Act has not been implicated. Section 10A(b) relates to illegal acts that have come to the attention of the Independent Auditor during the course of the audit.
- Review the report prepared by management, and attested to by the Independent Auditor, assessing the effectiveness of the Company’s internal control structure and procedures for financial reporting and stating management’s responsibility to establish and maintain such structure and procedures, prior to its inclusion in the Company’s Form 10-K.
- Establish procedures for the receipt, retention and treatment of complaints received by the Company regarding accounting, internal accounting controls or auditing matters, and the confidential, anonymous submission by employees of concerns regarding questionable accounting or auditing matters.
- Discuss with management and the Independent Auditor any correspondence with regulators or governmental agencies and any published reports that raise material issues regarding the Company’s financial statements or accounting policies.
- Discuss quarterly with the Company’s Chief Legal Officer legal matters that may have a material impact on the Company’s financial statements.
VI. LIMITATION OF AUDIT COMMITTEE’S ROLE
Although the Committee has the duties and responsibilities set forth in this Charter, the Committee is not responsible for planning or conducting the audit or for determining whether the Company’s financial statements are complete and accurate and are in accordance with GAAP. Management is responsible for the financial reporting process, the preparation of consolidated financial statements in accordance with GAAP, the system of internal controls, and procedures designed to ensure compliance with accounting standards and applicable laws and regulations. The Company’s Independent Auditor is responsible for auditing the financial statements.