Corporate Governance: Audit Committee Priorities | Deloitte US has been saved
By Krista Parsons, Audit & Assurance Managing Director, Governance Services and Audit Committee Program Leader, Deloitte & Touche LLP
Traditionally tasked with oversight of a company’s financial reporting and internal controls, audit committees have seen their scope of responsibilities expand over the years against a backdrop of increasingly complex regulations and other shifts in the business environment. Now, according to the third edition of the Audit Committee Practices Report: Common Threads Across Audit Committees, they’re reporting a range of strategically important priorities that have fallen under their purview.
Here are the top five priorities revealed in our most recent survey of audit committee members, along with some other topics covered in the report.
Beyond financial reporting and internal controls, most respondents (69%) indicate that cybersecurity will be in the top-three priority areas for the audit committee in the next 12 months. And three in 10 rank it as the No. 1 priority during that period.
One reason could be a new Securities and Exchange Commission regulation for cybersecurity disclosures. The rules require registrants to report material cybersecurity incidents and to provide annual disclosure of cybersecurity risk management and strategy, as well as an explanation of board and management oversight processes.
Almost half (48%) of respondents indicate that ERM will be a top-three priority in the next 12 months. Interestingly, respondents are evenly split in terms of ranking ERM’s priority order, with 16% each ranking it as first, second, or third.
Oversight of enterprise risk management has been an audit committee responsibility for many years. However, extra vigilance may be in order as the global risk landscape evolves and new types of threats emerge. Aside from general oversight, the audit committee must also assess whether current ERM processes can handle new threats, whether those processes are efficient and effective, and whether they’re supported by the proper resources.
Finance and internal audit talent is a priority for audit committees, with 37% of respondents indicating it’s one of their top-three priorities over the next 12 months; 9% suggest it’s the top issue. Forty-six percent say their committee addresses the topic quarterly, whereas 23% discussed the matter once in the past 12 months.
We also asked respondents about their internal audit functions. Overall, the majority view internal audit as both an effective function and one that adds demonstrable value. At the same time, almost 80% of respondents agree or strongly agree that internal audit could add more value. This view may be more a reflection of the talent crunch and rapidly changing business environment than of any discontent with the internal audit function itself, but it’s still a point worth considering.
More than a third (36%) of respondents cite compliance with laws and regulations as one of the top-three priorities for audit committees in the next 12 months. Seventeen percent suggest it’s the top issue. The heightened complexity of the regulatory environment may account for the increased priority assigned to this area this year. Forty-five percent of respondents indicate their company allocates oversight of compliance to the audit committee, 37% to the board, and 5% to the risk committee.
Thirty-three percent of respondents indicate that finance transformation is one of the three highest priorities for their audit committee in the next 12 months. Almost half of those respondents select this as the top issue. Finance transformation is complex given that it can be affected by a number of external forces including market shocks, industry consolidation and convergence, technology acceleration, and new regulatory requirements.
Additionally, the rapid rise of Generative AI is raising important questions about when and how to invest in appropriate technologies that may have an impact on the finance organization and the speed of transformation. It’s rather striking in that regard that 66% of respondents indicate their audit committee hasn’t spent enough time discussing AI governance in the past 12 months. Beyond that, the regulatory frameworks for AI are still in the works while some companies explore various use cases for AI—from financial planning to financial close and financial risk sensing.
There’s more in our latest Audit Committee Practices Report, including findings and insights on:
The third edition of the Audit Committee Practices Report: Common Threads Across Audit Committees is a collaborative effort between Deloitte’s Center for Board Effectiveness and the Center for Audit Quality. You can download a copy here. And if you’d like to learn more about current audit committee priorities and oversight responsibilities, please don’t hesitate to contact me.
Krista Parsons is an Audit & Assurance (A&A) managing director with Deloitte & Touche LLP and is a part of Deloitte’s Center for Board Effectiveness, which is committed to supporting executives, boards of directors, and others active in governance by providing them with resources and knowledge on current boardroom issues and governance trends. While she works across a broad range of governance-related areas, Krista leads Deloitte’s Audit Committee Program and is focused on advising audit committees on their role and responsibilities, recent trends, and hot topics. With more than 25 years of experience, she frequently speaks to public- and private-company boards and other audiences on a variety of governance topics. She has authored numerous articles and papers, several of which have been cited in reputable journals. Krista leads Deloitte’s Audit Committee Lab program, which supports directors during times of transition, and is also the New York board champion for Deloitte’s Board-Ready program, which offers educational and networking programs for retired or senior executives who have interest and experience to join a public company board. Krista also led the development and implementation of the strategy for Deloitte’s A&A and Risk & Financial Advisory businesses, managed A&A’s client feedback program, and spent more than 10 years serving clients within the audit business. Krista is a licensed CPA in the states of New York and New Mexico and a member of the AICPA. She is also on the advisory board of the New York All Stars Project, a nonprofit that uses a performance-based approach to help tens of thousands of inner-city youth and their families create success in their lives.