Audit Committee Practices Report

Common Threads Across Audit Committees

The Audit Committee Practices Report, a collaborative effort between Deloitte’s Center for Board Effectiveness and the Center for Audit Quality, provides insight into the most pressing issues facing audit committees today and leading practices to help them execute their responsibilities effectively.


Audit committee oversight is an important job that just keeps getting more complex. Since the Sarbanes-Oxley Act (SOX) came into play in 2002, audit committees have evolved and adapted to fulfill their unique and expanding role. Audit committees are charged with helping oversee financial reporting, audit processes, internal controls, ethics and compliance programs, and external and internal audit. Increasingly, such duties also include oversight of key risks, including cybersecurity and environmental, social and governance (ESG) reporting. Audit committees are being challenged by increased complexity in their core responsibilities, as well as scope creep across other areas within their organizations.

Against this backdrop, audit committee members often want to understand what their peers are doing to address this complexity and if there are leading practices they can employ within their own organizations. To this end, we are pleased to provide you with the inaugural edition of the Audit Committee Practices Report, a collaborative effort between Deloitte’s Center for Board Effectiveness (Deloitte) and the Center for Audit Quality (CAQ). The report is based on a survey of 246 audit committee members from predominantly large (greater than $700 million market cap), U.S.-based public companies. Conducted by Deloitte and the CAQ, the survey inquired about:

  • Areas of oversight
  • Key risks
  • Audit committee practices

This report provides information related to certain issues facing audit committees today and how peers may be responding. The survey results and related analysis can also serve as a benchmarking resource for gauging your own committee’s practices.

We hope you find the report to be helpful in this fast-paced and increasingly demanding corporate governance environment.

Audit Committee Practices Report: Common Threads Across Audit Committees

Select key insights

Download the full PDF for complete findings.

Audit quality

Nearly every respondent said audit quality either increased (32%) or remained the same (66%) over the last year. Despite concerns about the impact of working remotely, respondents noted that auditors pivoted to embrace the use of technology to execute smart and efficient audits—without sacrificing audit quality. Fortunately, audit firms and public companies have invested in technologies to enable audits to be performed remotely. For many auditors, the pandemic accelerated the adoption of such tools. While fully remote audits—similar to board meetings—are not expected to be the norm in the future, companies and audit committees experienced some benefits from working remotely. While the “new normal,” which will likely be a hybrid of remote work and on-site interaction, is still evolving, the focus on audit quality must continue.

When asked what contributes to audit quality, 85% of respondents cited the competence of the engagement team and strong communication between the engagement partner and the audit committee as the most important factors. The quality of firm resources and innovations in technology followed closely behind. These responses underscore what many believe to be a fundamental tenet of audit quality—the relationship and communication with the auditor.


Enterprise risk management

When asked who was responsible for oversight of enterprise risk management (ERM) within their organizations, 42% of respondents said the audit committee, 33% said the board, and 20% said the risk committee. It’s noteworthy that 24% of survey respondents primarily operate in the financial services industry. The regulatory requirement for certain publicly traded financial services companies to have a separate risk committee may be driving this result.

Of those respondents indicating that their audit committee was responsible for overseeing ERM, 32% expect to spend more time on ERM oversight compared to last year, possibly as a means of managing the growing number of emerging risks. The list of external factors impacting organizations’ risk profiles continues to expand and includes risks related to the geopolitical arena; the regulatory environment; supply chain; climate change; and diversity, equity, and inclusion; among others.

Where are audit committees on ESG?

Separately, the CAQ examined publicly available ESG data for S&P 500 companies and found that 95% of S&P 500 companies had detailed ESG information publicly available.1 This information was primarily outside of an SEC submission in a standalone ESG, sustainability, corporate responsibility, or similar report. Of the remaining 5%, most companies published some high-level policy information on their websites.

Audit committees responded that 66% of their companies issue a sustainability or ESG-related report, and 69% obtain or are actively discussing obtaining third-party assurance on one or more components of ESG or sustainability data. While this speaks to the growing importance of ESG, only 10% of audit committees responded as having oversight responsibility for ESG reporting. In our experience, oversight of the various components of ESG may be distributed across the board and its committees. Given the role audit committees play in overseeing financial reporting and internal controls, there are certain areas that typically fall within their purview:

  1. Focusing on internal and disclosure controls and procedures related to the metrics being publicly disclosed in a sustainability report or otherwise (e.g., on the website, in filings, etc.). This includes working closely with other committees to understand how ESG risks are identified and prioritized and how materiality is defined. Understanding how ESG-related disclosures compare between sustainability (or similar) reports and filings; management should be prepared to explain any differences.
  2. Understanding the connection between the ESG strategy and related goals and metrics—and how management considers any impacts it may have on the financial statements. Understanding and coordinating ESG and risk oversight connections between primary committee owners.
  3. Monitoring assurance-related activities—both understanding why or why not the organization is obtaining assurance, and by overseeing the third-party providing that assurance, if applicable.

Learn more about trends in board governance of ESG. Download Deloitte’s January 2022 On the audit committee’s agenda titled, Navigating the ESG journey in 2022 and beyond and the NACD 2022 Governance Outlook titled, The Role of the Board in Overseeing ESG.

1 The data reflects the S&P 500 index as of March 12, 2021 and the company’s most recent available ESG information as of June 18, 2021.

Did you find this useful?