Cybersecurity ranks among the top priorities for audit committees, enterprise risk management, and finance and internal audit talent, outside of financial reporting and internal controls, according to a new
Other priorities cited by the 237 survey respondents include compliance with laws and regulations, finance transformation, ESG reporting, AI governance, third party risk and data privacy.
Beyond financial reporting and internal controls, the survey found that 93% of respondents ranked cybersecurity as one of their top three priorities, with 50% ranking it as the leading priority for the audit committee. In addition, 71% of the respondents indicated cybersecurity is on their agenda on a quarterly basis. Cybersecurity has consistently been ranked as the top priority of audit committees in each of the four years the survey has been performed.
"Cybersecurity remains atop audit committees' agendas because the stakes have never been higher," said Vanessa Teitelbaum, senior director of professional Practice at the Center for Audit Quality, in a statement Wednesday. "With the increasing sophistication of cyber threats and the potential for significant financial, operational, and reputational harm, it's critical for audit committees to stay ahead. Their continued focus and evolving expertise are essential to protecting organizations in this heightened risk environment."
Audit committee members would also like to see the effectiveness of their meetings improved in various ways. When asked about different strategies to enhance audit committee effectiveness, over two-thirds of respondents (69%) felt meetings might be improved by implementing one or more of the following strategies:
- 40% of respondents want to improve the quality of presentations during meetings, jumping from third place last year to the top area of improvement this year;
- 34% of respondents want more engagement and discussion from committee members during meetings;
- While most respondents feel they have enough time to cover agenda items, 12% of them suggested they could use more time.
"As I work with audit committees, enhancing meeting effectiveness remains a top priority. In the face of new and evolving risks, the ability to better prioritize agendas, access comprehensive and timely information, and engage in open and candid discussions are critical factors that will drive efficiency and overall effectiveness," stated Krista Parsons, audit and assurance managing director and Governance and Audit Committee Program leader at Deloitte's Center for Board Effectiveness.
Artificial intelligence has become a growing concern for audit committees. The number of respondents who identified AI governance as a priority grew year over year, jumping to 35% from 20% last year. A growing proportion of audit committees are taking on primary oversight of AI governance (up to 20% from 14% last year). However, oversight mostly falls with the full board (58%).
Other survey results suggest work has been done to develop governance structures for AI oversight, with fewer respondents (6%) acknowledging they "don't know" where AI oversight falls within their organization this year compared to last year (17%). Amid ongoing conversations around how organizations govern AI, the question of who should be responsible for primary oversight continues to evolve.
