What’s on the audit committee’s agenda for 2025: Focus areas and priorities

By Krista Parsons, Audit & Assurance Managing Director, Governance Services and Audit Committee Program Leader, Center for Board Effectiveness, Deloitte & Touche LLP; and Bob Lamm, Independent Senior Advisor, Center for Board Effectiveness, Deloitte LLP

Talking points

• Deloitte’s new On the Audit Committee’s Agenda discusses top focus areas for audit committees in 2025.
  
• Regulatory changes at the Securities and Exchange Commission (SEC) and Public Accounting Oversight Board (PCAOB) take center stage, with technology oversight and enterprise risk management (ERM) also making the list.
  
• Deloitte can advise you on navigating 2025 audit committee priorities as they continue to evolve.

With the new year comes Deloitte’s latest perspective about where audit committees should focus their attention in the year ahead. What developments could have an impact on audit committees in 2025, and what topics should they consider prioritizing? Deloitte’s new edition of On the Audit Committee’s Agenda offers insights to help you carry out the important—and ever-increasing—responsibilities of an audit committee member in 2025. Here’s a preview.

A fast-moving regulatory landscape

Staying up to date with evolving SEC and PCAOB priorities has long been a focus of audit committees. This year, the shift in administration and a new SEC chair will almost certainly bring changes in regulatory priorities. Although specific priorities are still to be determined, here are some things to keep in mind.

• SEC: Despite a slowdown in SEC rulemaking in the second half of 2024, several significant rules requiring audit committee focus in 2025 and beyond were adopted earlier in the year, including those regarding climate-related disclosures and the use of projections in disclosures. The climate rules led to litigation that resulted in those rules being put on hold. They may face additional challenges based on statements made by President Trump about his regulatory priorities. Regardless, companies may need to consider other climate-related rules they may need to comply with in Europe and California.
  
• PCAOB: In 2024, the PCAOB had a significant focus on modernizing audit standards. This resulted in the creation of the proposed new auditing standard called Non-Compliance with Laws and Regulations (NOCLAR). As anticipation mounted for possible adoption by the end of 2024, the PCAOB put the standard on hold in November as it determines next steps. We expect maintaining audit quality will remain a PCAOB focus area despite possible shifts in its regulatory approach under a new administration, and audit committees will continue to play an important role.

Keeping pace with emerging technology risks

The rapid rise of artificial intelligence (AI) over the past year underscores another audit committee priority for 2025: technology risks.

• AI and Generative AI (GenAI): While many boards are still defining how AI will be overseen by the board and its committees, audit committees may need to prioritize oversight of certain aspects of it as their companies begin using it more in their finance and internal audit organizations. Additionally, they will still likely play a role given regulatory uncertainties and the evolving understanding of AI’s capabilities and risks.
  
• Cybersecurity: Cybersecurity continues to be a key focus for audit committees and boards due to the increasing frequency of breaches, the rise in nation-state cyberattacks, and the severe consequences of breaches and ransomware attacks. The regulatory landscape, including the SEC’s 2023 disclosure rules, further underscores its importance. While some companies have established board-level technology committees, the majority of cybersecurity oversight still falls under the audit committee’s purview.¹ Given the current geopolitical climate, it is essential for directors to stay informed about the evolving threat landscape and ensure robust policies, procedures, and technologies are in place to mitigate cybersecurity risks.

The expanding scope of ERM

ERM has been a key area of oversight of the audit committee for many years. As in the past, the audit committee should monitor ERM program effectiveness by asking questions such as:

• How well is the ERM program working?
  
• Where do emerging risks reside, and what’s our process for considering them?
  
• Have there been situations where unanticipated risks arose or turned out to be much worse than we expected?

Many companies are taking a deeper dive into ERM this year because of potential new risks associated with geopolitical uncertainty and GenAI, which may require a new level of scrutiny from the audit committee.

Audit committee effectiveness

To manage their responsibilities more efficiently, audit committees should prioritize critical agenda items, use consent agendas for routine matters, and adopt other time optimization techniques. It’s also important to clearly delineate which issues fall under the audit committee’s purview and push back on areas that fit better in another committee or with the full board. Despite the significant focus on technology risk, many audit committees and boards have yet to leverage technology to enhance their own effectiveness, and GenAI could be a valuable tool in this regard. The audit committee chair plays a pivotal role in driving these efficiency initiatives and fostering consensus on adopting technological innovations to improve committee performance.

What role can Deloitte play?

Deloitte has extensive experience advising audit committees on ever-increasing oversight responsibilities, leading practices, and effectiveness. Feel free to reach out to us with questions.

Endnotes

¹ Spencer Stuart, 2024 U.S. Spencer Stuart Board Index, accessed December 2024.

The services described herein are illustrative in nature and are intended to demonstrate our experience and capabilities in these areas; however, due to independence restrictions that may apply to audit clients (including affiliates) of Deloitte & Touche LLP, we may be unable to provide certain services based on individual facts and circumstances.

This publication contains general information only and Deloitte is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte shall not be responsible for any loss sustained by any person who relies on this publication.

About Deloitte

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the “Deloitte” name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms.

Copyright © 2025 Deloitte Development LLC. All rights reserved.