Audit committee disclosure

Analysis

Audit committee disclosure in proxy statements—2019 trends

Deloitte’s analysis of the 2019 S&P 100 proxies

Transparency into audit committee oversight activities and performance provide a better understanding for investors.

Introduction

In recent years, the role of the audit committee—and, in particular, its oversight of the independent auditor—has been subject to increased scrutiny from regulators, investors, and other stakeholders. The independent auditor is critical to maintaining confidence in the reliability of financial information and, ultimately, in the proper functioning of the capital markets. Increasingly, investors also look to the independent auditor to provide insights that support sound, well-informed financial decisions. With changes to the auditor’s reporting model that went into effect this year and the imminent requirement to identify critical audit matters (CAMs), transparency around the audit committee’s interactions with the independent auditor is even more essential.

Now in its fifth year, Deloitte’s observations and analysis of trends in audit committee disclosures in the proxy statements of S&P 100 companies reflect moderate increases in disclosure in most areas of frequent focus by regulators and investors.

Trends in cyber risk disclosures

The role of the board in overseeing cyber risk is evolving. Boards are working to determine if oversight should be the responsibility of the full board, shared with a committee, or delegated to a committee.

Some companies have moved oversight of cyber risk from the audit committee to another committee or designated it as a shared responsibility with the full board or other committee, perhaps in recognition of the importance and pervasiveness of this issue. For examples of ways in which boards have assigned responsibility for the oversight of cyber risk, read more of the 2019 Proxy Review.

Of the 58 percent of companies that disclose the role of the audit committee in oversight of cyber risk:

Other committees that companies disclosed as having oversight for cyber risk include risk, cybersecurity, operations and technology, special activities, nominating and governance, or regulatory compliance.

 

Suggestions for audit committees

Deloitte’s interactions with audit committees demonstrate that the oversight work of the committee usually goes beyond the satisfaction of minimum requirements. A compelling proxy statement—one that goes beyond minimum required disclosure—can educate investors and other stakeholders, providing a more holistic view of the work of the board of directors and each committee. To enhance the transparency and usefulness of the proxy, consider the following:

  • Provide more granular information on key topics on the audit committee agenda
  • Specify independent auditor evaluation criteria
  • Discuss issues encountered during the audit and how they were resolved
  • Enhance readability throughout the proxy by utilizing graphics to depict important information or personalize the audit committee with photos or other messages tailored to readers

Fullwidth SCC. Do not delete! This box/component contains JavaScript that is needed on this page. This message will not be visible when page is activated.