The strategic audit committee: Navigating 2021 has been saved
The strategic audit committee: Navigating 2021
On the audit committee's agenda, February 2021
It’s been said a lot: 2020 was a difficult year. The effects of the COVID-19 pandemic have led to unprecedented economic conditions and continued uncertainty in the business environment. This has resulted in increased complexities and risks that may have long-term implications. Seemingly overnight, employees began working virtually, and boards and audit committees had to find new ways to engage with management and their auditors in order to effectively execute their oversight responsibilities.
As companies continue dealing with the impact of the pandemic, the audit committee’s agenda and its processes will need to remain flexible to address issues and challenges as they arise. To provide effective oversight and help management navigate these challenging times, audit committees need to ask direct, targeted questions to understand management’s processes and decisions, as well as alternatives that were considered when addressing key issues.
We’ve been operating in this environment for three quarters and have learned much. Audit committees will continue to face an expanding agenda, and prioritization will be critical. While the role of the audit committee is vast, this publication focuses on two areas of oversight that may be critical for audit committees in the upcoming year: financial reporting and internal controls, and risk. Our focus is on providing a set of topics and additional resources for audit committees to consider as they manage their 2021 activities.
Financial reporting and internal controls
Audit committees play a critical role in overseeing financial reporting and internal controls. Continued uncertainty in the business environment, combined with increasing complexities and risk, requires a high degree of judgment for many companies as they report their results. The pandemic introduced additional uncertainty into the various judgments and estimates included in financial statements. Additionally, the work-from-home environment required companies to modify or implement new internal controls that need to be reviewed in conjunction with financial reporting.
Although aspects of the internal control environment may have changed during the pandemic, the Sarbanes-Oxley Act’s requirement for effective internal control over financial reporting (ICFR) has not, and regulators continue to emphasize the importance of ICFR. Accordingly, companies should not lose sight of what is appropriate for maintaining effective ICFR.
The audit committee’s role in overseeing financial reporting and internal controls remains critical. As they perform their responsibilities in this area, topics to consider discussing with management and the auditors include:
- Forecasts and related impairment analyses
- Reg S-K modifications to MD&A, selected financial data, and supplementary financial information
- New or modified internal controls
- Going concern assessment
- Non-GAAP measures
- Stakeholder communications, including SEC filings and earnings releases
Given the volatility of the risk environment during the pandemic, it’s more important than ever for boards and audit committees to understand management’s process for managing risk, including how it identifies and assesses emerging and strategic risks. Risk is never the responsibility of a single individual or group, which is why it’s critical for the audit committee to work with the board to allocate oversight of key risks across the full board and its committees.
Audit committees play a significant role in setting the tone around the importance of risk management and in understanding the infrastructure and related policies that govern an effective risk management program. The committee should understand how management continually senses and refreshes key risks, especially in an environment where disruption seems to be the norm. Additionally, the audit committee should understand how new risks are included on the company’s risk map, who the risk owner is, and how risks are captured in disclosures.
Finally, the audit committee should approach meeting agendas with a risk lens, prioritizing discussions with regard to risk oversight and making sure key risks are on the agenda. Beyond financial reporting risks, some of the highest-priority risks for audit committee oversight may include:
- Cyber risk
- Fraud risk
- Extended-enterprise risk
- Ethics and compliance
- Regulatory changes
- Environmental, social, and governance risk (ESG)
The role of the audit committee has always been challenging and is unlikely to become easier in 2021. Whether dealing with the priorities discussed here or others the audit committee may face, it all comes down to execution. It’s critical for audit committees to have processes and procedures in place to support its activities in times of calm and crisis.
The Deloitte Governance Framework provides four attributes to consider with regard to overall effectiveness: skills and knowledge, process, information, and behavior. These attributes can be useful as audit committees plan and prepare for the challenges in front of them in 2021. When considering how well-positioned they are to deal with these challenges, audit committees may want to ask the following questions, which are aligned to the four attributes:
- Do the members of the audit committee have the appropriate skills and knowledge to effectively execute their responsibilities?
- Does the audit committee’s meeting frequency, structure, and format provide adequate time and flexibility for the committee to carry out its responsibilities, particularly in the mostly virtual world we’re operating in today?
- Does the audit committee receive appropriate information from management, its internal and external auditors, and outside parties to be adequately informed for discussions?
- Are audit committee agendas structured to focus on key risks and priorities while allowing flexibility to address emerging risks and issues?
- Are audit committee meetings run in a manner that facilitates candid, open discussions and allows for healthy debate?
While we all may want to put 2020 behind us, 2021 will have its own challenges. Audit committees play an important oversight role for investors and other stakeholders. The committee’s ability to effectively manage their calendars and agendas and prioritize the most critical financial reporting, risk, and other topics can help companies better navigate what lies ahead.
Year-end accounting and financial reporting considerations: Questions for audit committees to consider
On the audit committee’s agenda, December 2020
On the audit committee’s agenda, November 2020