Audit committees are including more disclosures about oversight areas within the proxy statements of public companies about cyber risks and environmental, social and governance matters, but there's still a disconnect between what investors expect and what companies are willing to disclose.
A report released Wednesday by the Center for Audit Quality and Audit Analytics found a number of positive disclosure trends among S&P 500 companies. Cybersecurity disclosures increased year-over-year as cyber threats grow. Over half (54%) of the S&P 500 audit committees reported they had responsibility for cyber risk oversight, an eight-percentage point increase since 2021.
With the rise in ESG reporting, the CAQ's
Audit committees are assuming far more than traditional financial reporting oversight. The report aims to share leading practices from interviews in the hope that audit committee members can find interesting ideas to consider and apply within their own boards. The report describes practices for managing audit committee time, skill sets, and shared governance, such as being strategic with pre-readings and pre-meetings, purposely including educational opportunities into meetings, and inviting directors to attend any committee meeting.
"We know that audit committee disclosures are correlated with enhanced audit quality and auditor independence, and we're pleased to observe a continued positive trend of these disclosures in proxy statements," said CAQ CEO Julie Bell Lindsay in a statement. "We encourage audit committees to consider how they can provide even more detailed disclosures in areas such as the execution of oversight responsibility to give investors insight into the processes, considerations and decisions made by the audit committee."
The analysis suggests there's frequently a disconnect between what investors would like to learn about audit committee oversight versus what companies actually disclose. In the report, the CAQ and Audit Analytics include information from investors and offer a step-by-step approach to spur companies to take a fresh look at their audit committee-related disclosures.
"We find that boards often think of the audit committee as the "kitchen sink" because many of these areas of evolving oversight responsibility — cybersecurity, enterprise risk management, or ESG disclosures — tie back to some element of financial reporting and internal control processes," said the report. "The audit committee has experience thinking broadly about the economic transactions of the company. There are both pros and cons if boards think in this way, and our hope is to highlight these issues as boards consider how to approach their oversight when evolving risks arise."
The report also points out areas where audit committees can offer more customized disclosures. While 71% of audit committees disclose the tenure of auditing firms in their proxy statement, only 9% disclose how the audit committee considers length of tenure when reappointing the outside auditor. And while only a little over half (51%) of audit committees disclose they're involved in choosing the audit engagement partner, few disclosed much information about what their involvement in picking the audit engagement partner involves.
With the growing extent of oversight for audit committees, how the committees manage and disclose these responsibilities is a major consideration in today's environment. These considerations are discussed in a separate report from the CAQ and academic researchers at the University of Tennessee Knoxville's Neel Corporate Governance Center and the Pamplin College of Business at Virginia Tech. Published in conjunction with the barometer report, "
The study is based on 2,200 minutes of interviews with audit committee chairs or members along with other stakeholders, according to the researchers from the University of Tennessee and Virginia Tech. "Forty percent of audit committee members interviewed described their audit committees as the 'kitchen sink' of the board given their increasing scope and workload," they said in a statement. "Audit committees are an essential component to the health of our financial reporting ecosystem and capital markets. It's vital that they have the tools and resources they need, including peer insights and leading practices, to play an effective role in oversight and, ultimately, investor protection. This report provides a step-by-step guide for audit committee members to provide ideas for managing this evolving workload and enhancing their disclosures."
Both reports can be found on the