The to-do list for corporate audit committees keeps expanding, with members taking on new responsibilities in overseeing cybersecurity, ethics and risk management, according to a new poll.
A
Auditors and the audit committees that oversee their work need to pay attention to a greater variety of risks during the pandemic at a time of rising inflation and supply chain constraints.
“Audit committees are critical to high-quality financial reporting that is in turn critical to functioning capital markets,” said CAQ CEO Julie Bell Lindsay in a statement. “This report provides valuable insights for audit committee members seeking more information about their peers’ leading practices. “As the audit environment continues to evolve, we encourage audit committees to understand their role in overseeing risk areas and emerging issues.”
Audit committees are increasingly adding cybersecurity experience/expertise, according to the report. More than one-half (53%) of respondents said they have oversight responsibility for cybersecurity, and 69% of those anticipate spending more time on it in the coming year. At the same time, 35% of respondents reported their audit committee members have cybersecurity experience/expertise, with 41% acknowledging they needed additional expertise in this area – more than any other area. Forty-two percent of respondents indicated fraud risk has grown. In addition, 74% said they updated their internal controls in the past 12 months to address the remote work environment.
“Audit committee oversight and the corporate governance landscape is evolving rapidly and becoming increasingly demanding, and that’s even before considering the growth around ESG reporting,” said Krista Parsons, audit and assurance managing director with Deloitte’s Center for Board Effectiveness, in a statement. “The good news is most audit committee respondents recognize their primary responsibilities, which include oversight of financial reporting, internal controls, and the independent auditor. The challenge in the future is maintaining this focus on their core responsibilities while addressing emerging risks and potential new areas of oversight. At the end of the day, the audit committee doesn’t necessarily need to oversee all new risks. In some instances, the full board or another committee may be better positioned to do so, and the audit committee chair can drive those discussions with the board chair.”
Oversight of enterprise risk management differed, but many survey respondents (42%) indicated the audit committee is responsible for overseeing ERM at their companies. Of those responsible for ERM, 32% said they expect to spend more time on ERM oversight in the next year.
In addition, environmental, social, governance matters are getting the attention of audit committees. Two-thirds (66%) of the respondents indicated their company issued a sustainability or ESG-related report, and 69% obtained or are actively discussing obtaining third-party assurance on one or more components of ESG or sustainability data. Nevertheless, only 10% of audit committee members indicated they have oversight responsibility for ESG reporting.