2021 Audit Committee Transparency Barometer
Overview
In the 8th year of analyzing disclosures of audit committee oversight in proxy statements of companies in the S&P Composite 1500 (S&P 1500), the CAQ observed slight increases with some stagnation among disclosures that have been tracked over the years.
One exception is cybersecurity – these disclosures continue to be the biggest mover year-over-year increasing by 5 to 7 percentage points among S&P 500 companies each year since 2016. COVID-19 has changed how we work, with some companies opting to go permanently remote, resulting in an increased dependence on technology. Audit committees have reacted positively by increasing disclosure of how they oversee the company’s cybersecurity risks.
Voluntary disclosure of audit committee oversight signals higher levels of involvement.
Effective audit committee oversight enhances audit quality.
Why does disclosure matter?
The oversight role of independent audit committees is vital to investor protection. Independent audit committees are directly responsible for the oversight of the work of external auditors, including their appointment and compensation. This model – as required by the Sarbanes-Oxley Act – enhances audit quality. Greater transparency into the audit committee’s activities through disclosure provides investors with information about how the audit committee’s oversight role contributes to investor protection.
A 2021 study found that disclosure around the audit partner selection process is positively associated with audit quality. Specifically, the study found:
The engagement partner is a critical component of audit quality.
The oversight by the audit committee of the selection of the engagement partner is therefore critical to audit quality.
Audit committees more involved in the engagement partner-selection process help ensure the selection of a more rigorous engagement partner
Those audit committees who disclose their involvement in the engagement partner selection tend to be more engaged in the process.
Similarly, we believe that a focus on disclosure of the multiple additional ways audit committees oversee the external auditor contributes to audit quality. Transparency and disclosure are key elements of trust in the financial reporting system. In line with this, the CAQ continues to encourage robust audit committee disclosures in proxy statements to promote high-quality performance by public company auditors and investor trust in the audit committee’s oversight role.
Highlights of the 2021 Barometer
MOST COMMON DISCLOSURE
In 2021, the highest rates of disclosure (50% or more among S&P 500 proxy statements) continue to be related to non-audit services and potential impact to independence, auditor tenure, criteria considered to evaluate the audit firm and involvement in audit partner selection:
WHY DOES IT MATTER?
Non-audit services (Q5)
Stakeholders may not be aware that while the external auditor is prohibited from providing certain services to its audit clients, there are certain permissible services that may be provided. Pursuant to strict independence rules set by the SEC and PCAOB, the audit committee is responsible for overseeing these services to ensure they do not impact auditor independence. Disclosure describing the oversight by the audit committee in reviewing any permitted non-audit services provided by the independent auditor to the company helps stakeholders understand how non-audit services are reviewed and factors considered by the audit committee. Such disclosure reinforces the oversight of the auditor’s independence, a foundation of audit quality.
Auditor tenure (Q2)
The audit committee can explain any concerns regarding tenure for new firms and firms with long tenure. What are the benefits? What are the risks? The S&P Global Inc. (Example 8) disclosures related to these considerations offer a good standard.
Audit firm evaluation (Q8)
This disclosure can provide robust insight into the audit committee’s oversight of the audit firm. Avoid boilerplate language here and include specific details of the evaluation. What are the unique skills needed for the audit (e.g., industry, geographic reach, complex accounting expertise)? Is a formal evaluation performed? If yes, how often (e.g., see Q9 – is the evaluation at least annual)?
Audit partner selection (Q12)
As referenced above, this is an opportunity not only to explicitly state involvement in the selection of the audit engagement partner, but to also describe how the audit committee is involved. Does the full audit committee or the chair interview all potential candidates? Only the final candidate? If the final candidate, was that candidate vetted by management? Recommended by the audit firm? Why was a new engagement partner selected? Due to the 5-year rotation requirement? Some other reason?
MODERATE RATES OF DISCLOSURE
In 2021, moderate rates of disclosure (26-49% among S&P 500 proxy statements) continue to be related to engagement partner rotation, considerations when appointing the external auditor, and stating the evaluation of the external auditor occurs at least annually. Disclosure of oversight of cybersecurity risk has jumped by 5-7 percentage points since 2020 (more on cybersecurity later).
WHY DOES IT MATTER?
Audit partner rotation (Q11)
The mandatory 5-year rotation requirement for the audit engagement partner is an important element of the auditor independence framework established by SOX. Audit committee disclosure in this area dovetails with auditor tenure disclosures (i.e., may mitigate concerns if an audit firm has a long tenure) and the audit committee’s role in engagement partner selection disclosures.
Oversight of cybersecurity (Q13-15)
Who is best suited to oversee cybersecurity risk? It often falls to the audit committee. Stakeholders want to understand which committee is responsible, along with the “why” and “how.” The biggest uptick in disclosure year-over-year was related to cybersecurity. See the trend analysis on cybersecurity disclosures below for more details.
Appointing and evaluating the external auditor (Q1, Q9)
Does the audit committee evaluate the external auditor and if yes, how often? Explaining the rigor and substance and frequency of the evaluation process gives stakeholders a true sense of audit committee engagement and oversight.
LOWER RATES OF DISCLOSURE
This year, there are not high levels of disclosure among the following areas and this has been the case for some time. We believe these areas present the greatest opportunity for increased transparency by the audit committee.
WHY DOES IT MATTER? An opportunity for audit committees.
Responsible for fee negotiation; audit fee connection to audit quality; consideration of auditor compensation (Q6, Q3, Q4)
The mandatory 5-year rotation requirement for the audit engagement partner is an important element of the auditor independence framework established by SOX. Audit committee disclosure in this area dovetails with auditor tenure disclosures (i.e., may mitigate concerns if an audit firm has a long tenure) and the audit committee’s role in engagement partner selection disclosures.
Explanation for a change in audit fees (Q7)
Continuing on the theme mentioned above, full disclosure of specific reasons for changes in fees paid to the external auditor increases transparency. While stakeholders may be concerned that audit fees are too high and the audit is not efficient, audit fees that are too low could also be a concern that audit quality is compromised. In reality, the change in fee is often due to a unique transaction or circumstance. Disclosure of why there are significant changes in fees paid to the external auditor further illustrates the audit committee’s effective oversight of auditor compensation.
Significant areas addressed (Q10)
It’s true that critical audit matters (CAMs) provide information about the audit from the auditor’s point of view and there are plenty of required disclosures that provide transparency from management’s perspective. But what areas did the audit committee focus on and spend time addressing with the auditor? What were the audit committee’s areas of concern? How did the audit committee address these areas with the auditor? This is an opportunity for the audit committee to better explain its oversight role of the audit and the gatekeeper function it performs on behalf of investors and other stakeholders. We believe audit committees and their members take this role seriously; disclosure of how they do so can only bolster investor trust.
CYBERSECURITY
Cybersecurity disclosures increased dramatically since tracking began over six years ago and for good reason. According to PwC’s 2020 Global Economic Crime and Fraud Survey, cybercrime made up 34 percent of all fraud events outpacing accounting/financial statement frauds, asset misappropriation, and tax fraud. Cybersecurity oversight responsibilities are being delegated to the audit committee for many public companies and the trend towards remote work has exposed new vulnerabilities to address. As investor and other stakeholder interest in cybersecurity vulnerabilities increases, the CAQ expects that boards and audit committees will continue this upward disclosure trend.
Read the full report
Disclosure is a powerful tool that can be used by audit committees to shine a light on the important oversight activities they perform day in and day out on behalf of investors. Such disclosure can dispel skeptics’ concerns that the audit committee oversight is ceremonial in nature and not serving the role as intended by SOX. The CAQ sees opportunities for audit committees to enhance transparency of the critical work they do and role they fill, and we encourage audit committees to seize the opportunities identified in this report.