Audit Committees are Increasingly Tasked with Additional Areas of Oversight, Survey Finds
February 13, 2023
The scope of a company’s audit committee’s oversight responsibilities continues to expand, according to a new report from Deloitte Development LLC and the Center for Audit Quality (CAQ).
Additional areas of oversight include environmental, social and governance (ESG) reporting; cybersecurity; and enterprise risk management (ERM), noted Audit Committee Practices Report: Priorities and Committee Composition published in January 2023.
“Audit committees continue to be challenged by ‘scope creep’ — new demands that involve overseeing areas of disclosure and reporting that extend beyond their historical core responsibility of financial reporting and audit oversight,” Krista Parsons, Audit & Assurance managing director with Deloitte’s Center for Board Effectiveness and Audit Committee Program leader, said in a statement. “As a result, audit committees are considering if their composition needs to change.”
Deloitte and CAQ put together the report after a survey of 164 audit committee members last year. Most or 73 percent were from larger public companies with more than $700 million in market capitalization.
In particular, 63 percent said cybersecurity was the top area of focus outside of financial reporting and internal controls. This was followed by ERM with 45 percent and ESG disclosure and reporting with 39 percent.
“Increased cybersecurity threats, as well as additional attention and focus from regulators, factor into cybersecurity’s high ranking on the audit committee agenda,” Deloitte and CAQ said.
Over half, or 53 percent said that company management delegates cybersecurity oversight to audit committees. Almost half or 43 percent said audit committees were given responsibility for ERM oversight while 34 percent said they had oversight of ESG matters, which is a 24-point increase over the previous year.
“Investors are making increased demands for disclosures outside of the traditional financial statement,” said CAQ Chief Executive Officer Julie Bell Lindsay in a statement. “Audit committees play a critical oversight role that contributes to high-quality financial reporting and investor confidence in the U.S., and it is encouraging that their skills and expertise can be transferable to other areas of corporate reporting.”
CAQ, an affiliate of the AICPA, represents accounting firms that audit public companies.
“This report can help audit committee members gauge how their organization stands with regards to their peers and corporate governance and identify best practices,” Lindsay added.
Almost all, or 92 percent, said that they believe their audit committees have appropriate experience at this juncture.
“Still, it is critically important for audit committees to continuously assess their current composition and skill set to make sure it meets the needs of the organization and the risks it faces,” Parsons said.
The report noted that 25 percent of the respondents said that they expected to increase the size of the committees in the next 12 months when surveyed.
A little bit more than a quarter, or 28 percent, said that they anticipated replacing the current audit committee chair, and 42 percent expected replacing one or more audit committee member.
But three quarters, or 74 percent, said that they do not have a policy to rotate the chair or members of their audit committees.
The top areas of expertise that could enhance audit effectiveness were cybersecurity and technology, among those respondents who said they do not believe their audit committees have an appropriate mix of skills and experience.
In response to a question that asked how many SEC qualified financial experts are on the audit committee, 55 percent said less than three, 25 percent said three, 10 percent said four and 7 percent said more than four.
The survey also found that 81 percent disclosed the members who qualify as financial experts in their proxy statements.