Cyber security, ERM, and ESG reporting are topping audit committees' agendas
- Published: Wednesday, 18 January 2023 10:11
Corporate boards are taking a fresh look at their audit committee structures and practices in light of emerging corporate reporting areas and increased risks, according to a new survey and collaborative report from Deloitte's Center for Board Effectiveness and the Center for Audit Quality (CAQ).
‘Audit Committee Practices Report: Priorities and Committee Composition’, a survey of 164 audit committee members of primarily large-cap, public companies in the US, provides insight into shifting oversight priorities and practices related to audit committee composition.
Over the next 12 months, one-quarter of respondents expect to make changes to the composition of their audit committee, with 25 percent anticipating increasing the size of their audit committee, 28 percent planning on replacing their audit committee chair, and 42 percent expecting to replace one or more committee members.
"Audit committees continue to be challenged by 'scope creep' — new demands that involve overseeing areas of disclosure and reporting that extend beyond their historical core responsibility of financial reporting and audit oversight. As a result, audit committees are considering if their composition needs to change," said Krista Parsons, Audit & Assurance managing director with Deloitte's Center for Board Effectiveness and Audit Committee Program leader. "The good news is that audit committees overwhelmingly report (92 percent) they have the expertise they need. Still, it is critically important for audit committees to continuously assess their current composition and skill set to make sure it meets the needs of the organization and the risks it faces."
Respondents calling for additional skills and experience of their audit committee pointed to cyber security and technology as areas of expertise that could enhance their effectiveness. Within the financial services sector, respondents noted compliance as an area for enhanced proficiency; non-financial services respondents identified industry experience as the next top area needed to close the skills gap.
Increased cyber security threats, as well as additional attention and focus from regulators, factor into cyber security's high ranking on the audit committee agenda, with 53 percent reporting that their company delegates cyber security oversight to audit committees. In addition, 43 percent of respondents noted that audit committees were responsible for enterprise risk management oversight within their organizations and 34 percent of respondents said that audit committees were responsible for the oversight of ESG disclosure and reporting — a significant 24-point increase over the previous year.
Despite increased attention from regulators for fraud detection, only 20 percent of total respondents ranked fraud risk among their top three focus areas in the next 12 months. This response rate was slightly higher at 29 percent for those on the audit committee of financial services companies.