Audit Committees Being Challenged by Increased Complexity, ‘Scope Creep,’ According to New Report from Deloitte and the Center for Audit Quality (CAQ) has been saved
Audit Committees Being Challenged by Increased Complexity, ‘Scope Creep,’ According to New Report from Deloitte and the Center for Audit Quality (CAQ)
Inaugural edition of the “Audit Committee Practices Report,” a collaboration between Deloitte’s Center for Board Effectiveness and the CAQ, indicates audit committees of all sizes are rigorous in addressing an expanding agenda
WASHINGTON, January 25, 2022
Audit committees, already contending with the ongoing impact of the pandemic, are also being challenged by increased complexity in their core responsibilities and scope creep across other areas within their organizations, according to a new survey and report from Deloitte and the Center for Audit Quality (CAQ).
The Audit Committee Practices Report: Common Threads Across Audit Committees, a survey of 246 audit committee members of primarily large-cap, public companies in the U.S., provides an illuminating snapshot about how audit committee responsibilities are expanding. In particular, the report shows that while nearly all respondents (96%) rank financial reporting and internal controls – including fraud risk – as a top area of focus, audit committees are also focused on cybersecurity (53%), data privacy security (48%), ethics and compliance (48%), third-party risk (47%) and enterprise risk management (ERM) (42%).
“Audit committee oversight and the corporate governance landscape is evolving rapidly and becoming increasingly demanding, and that’s even before considering the growth around ESG reporting,” said Krista Parsons, Audit & Assurance managing director with Deloitte’s Center for Board Effectiveness. “The good news is most audit committee respondents recognize their primary responsibilities, which include oversight of financial reporting, internal controls, and the independent auditor. The challenge in the future is maintaining this focus on their core responsibilities while addressing emerging risks and potential new areas of oversight. At the end of the day, the audit committee doesn’t necessarily need to oversee all new risks. In some instances, the full board or another committee may be better positioned to do so, and the audit committee chair can drive those discussions with the board chair.”
Indeed, additional responsibilities such as ESG (environmental, social, governance) are increasingly capturing the audit committee's attention. Two-thirds (66%) of respondents noted that their company issued a sustainability or ESG-related report, and 69% obtained or are actively discussing obtaining third-party assurance on one or more components of ESG or sustainability data. Still, merely 10% of audit committees responded as having oversight responsibility for ESG reporting.
However, given the audit committee's role, certain ESG-related areas typically fall within their purview, including understanding and oversight of internal controls around ESG metrics, disclosures and reporting requirements, assurance activities, and the connection between ESG strategy and impacts on the financial statements.
The survey respondents suggest that audit quality among public companies remains high – 98% of respondents stated audit quality either increased or remained the same as the previous year – and that competence of the engagement team and strong communication between the engagement partner and the audit committee contribute most to audit quality.
“Audit committees are critical to high-quality financial reporting that is in turn critical to functioning capital markets. This report provides valuable insights for audit committee members seeking more information about their peers’ leading practices,” added Julie Bell Lindsay, chief executive officer of the CAQ. “As the audit environment continues to evolve, we encourage audit committees to understand their role in overseeing risk areas and emerging issues.”
Audit committees are increasingly adding cybersecurity experience/expertise, according to the report. More than one-half (53%) of respondents said they have oversight responsibility for cybersecurity, and 69% of those anticipate spending more time on it in the coming year. At the same time, 35% of respondents reported their audit committee members have cybersecurity experience/expertise, with 41% acknowledging they needed additional expertise in this area – more than any other area.
Additional key takeaways:
- Forty-two percent of respondents indicated fraud risk has increased. Additionally, 74% said they updated their internal controls over the last 12 months to address the remote work environment.
- Oversight of ERM (enterprise risk management) varied, but most of the respondents (42%) indicated the audit committee is responsible for overseeing ERM at their companies. Of those responsible for ERM, 32% indicated that they expect to spend more time on ERM oversight in the next year.
About the Audit Committee Practices Report
The inaugural edition of the Audit Committee Practices Report presents findings from a survey distributed to audit committee members from Aug. 2 to Sept. 21, 2021. Survey results are presented for all companies in total. The questions and this report were developed jointly by Deloitte and the CAQ. The data provided in response to the survey were presented and analyzed anonymously. Therefore, the responses and results cannot be attributed to a specific company or companies individually or collectively. A total of 246 individuals participated in the survey.
Deloitte provides industry-leading audit, consulting, tax and advisory services to many of the world's most admired brands, including nearly 90% of the Fortune 500® and more than 7,000 private companies. Our people come together for the greater good and work across the industry sectors that drive and shape today's marketplace — delivering measurable and lasting results that help reinforce public trust in our capital markets, inspire clients to see challenges as opportunities to transform and thrive, and help lead the way toward a stronger economy and a healthier society. Deloitte is proud to be part of the largest global professional services network serving our clients in the markets that are most important to them. Building on more than 175 years of service, our network of member firms spans more than 150 countries and territories. Learn how Deloitte's more than 330,000 people worldwide connect for impact at www.deloitte.com.
About the Center for Audit Quality
The Center for Audit Quality (CAQ) is a nonpartisan public policy organization serving as the voice of U.S. public company auditors and matters related to the audits of public companies. The CAQ promotes high-quality performance by U.S. public company auditors; convenes capital market stakeholders to advance the discussion of critical issues affecting audit quality, U.S. public company reporting, and investor trust in the capital markets; and using independent research and analyses, champions policies and standards that bolster and support the effectiveness and responsiveness of U.S. public company auditors and audits to dynamic market conditions.