The Center for Audit Quality’s (CAQ) Audit Committee Practices Report found corporate boards are taking a fresh look at their audit committee structures and practices to respond to emerging corporate reporting areas and increased risks.
The second edition of the report, released this month, surveyed 164 audit committee members of U.S. large-cap public companies from August to October 2022. The report, conducted in collaboration with Deloitte’s Center for Board Effectiveness, is intended to help audit committee members measure their organization’s corporate governance against their peers and identify best practices in oversight they might adopt.
Among the highlights:
Committee composition: Over the next 12 months, one-quarter of respondents expect to make changes to their audit committee composition. One-quarter (25 percent) anticipate increasing audit committee size, 28 percent plan to replace the audit committee chair, and 42 percent expect to replace one or more committee members. The anticipated changes in composition are in response to increased responsibilities, committee member fatigue and attrition, and experience and knowledge gaps.
Audit committees have historically been primarily responsible for financial reporting, internal controls, and audit oversight, but pressure for oversight of new areas of reporting and disclosure requires new skill sets, backgrounds, and increased resources.
“Investors are making increased demands for disclosures outside of the traditional financial statements,” said Julie Bell Lindsay, CAQ chief executive officer.
The audit committee chairperson plays a major role in the committee’s activities.
“The expanding agenda, as confirmed by the survey results, indicates an undue burden on the chair,” said Krista Parsons, audit and assurance managing director with Deloitte’s Center for Board Effectiveness and audit committee program leader. “Other directors, however, cannot wash their hands of their responsibilities. Audit committees’ workloads are increasing, so it’s critical audit committee members use their time effectively and efficiently to execute their responsibilities to the capital markets and other stakeholders.”
Parsons shared the following ways audit committee chairs can be most effective in their role:
- Agenda: Ensure the right topics are being addressed and provide flexibility to incorporate new issues as they arise.
- Information: Confirm materials are comprehensive—but not exhaustive—and provide directors with adequate time to review, analyze, and formulate mindful questions.
- Discussions: Foster candid discussions among directors and constructively challenge management and auditors.
The report noted audit committees should have succession plans and a process for evaluating experience of candidates. In the survey, 74 percent of respondents said they did not have a formal or informal policy for rotating the audit committee chair and/or committee members.
Skills: Nearly all respondents (92 percent) reported their audit committees have the collective experience and expertise they need.
“Still, it is critically important for audit committees to continuously assess their current composition and skill set to make sure it meets the needs of the organization and the risks it faces,” Parsons said.
Respondents who called for additional skills and experience for their committees noted cybersecurity and technology as areas where effectiveness could be enhanced.
Audit committees must perform core oversight, along with understanding the risk areas their organizations face. As a result, boards must balance the need for subject matter experts in specialized areas with having broader strategic thinkers on their committees.
The report recommended tracking diversity characteristics of audit committee members to enhance performance; 35 percent of respondents indicated they do not track any diversity characteristics within their committees.
Agendas: Respondents reported the following areas where oversight was delegated to the audit committee:
- Cybersecurity (53 percent)
- Enterprise risk management (ERM) (43 percent)
- Environmental, social, and governance (ESG) disclosure and reporting (34 percent)
Last year, only 10 percent of audit committees had oversight for ESG disclosure and reporting, the report noted.
For the next 12 months, these same areas were reported to be the top subjects of audit committee focus (63 percent, 45 percent, and 39 percent, respectively). Only 20 percent of respondents included fraud risk in their top three focus areas.
Cybersecurity has been receiving increased attention from regulators, including the Securities and Exchange Commission (SEC). Respondents noted 41 percent of their audit committee members have appropriate experience/expertise in this area, a 6 percent increase from last year. In the last 12 months, 43 percent of audit committees used outside cybersecurity specialists, second only to the use of finance/accounting experts.
For ERM oversight, 75 percent of respondents stated their audit committee members have the experience/expertise they need and 17 percent used outside subject matter specialists in the last 12 months.
ESG is another area receiving increased regulatory focus, most notably the SEC’s proposed climate-related disclosure rule. Only 32 percent of respondents said their audit committee has the appropriate ESG experience/expertise and 30 percent utilized outside subject matter specialists in the last 12 months.
