2022 Audit Committee Transparency Barometer
In 2014, the Center for Audit Quality (CAQ), together with Audit Analytics – an Ideagen solution, undertook an effort to gauge how public company audit committees approach the public communication of their external auditor oversight activities by measuring the robustness of proxy disclosures of companies in the Standard & Poor’s (S&P) Composite 1500. This index is comprised of the S&P 500 large-cap companies (S&P 500), the S&P MidCap 400 (S&P MidCap), and the S&P SmallCap 600 (S&P SmallCap).
In our 9th year of analyzing disclosures of audit committee oversight in proxy statements we continue to observe an overall uptick in key areas of disclosure. Going beyond our initial scope set out in 2014, we explore a bit more into the quality of disclosures with some additional questions, new in 2022.
New in 2022
In 2022, the CAQ added four new questions. Two focus on digging deeper into how audit committees execute their oversight responsibilities. We believe there is room for improvement for audit committees to provide more tailored disclosures to provide transparency about how and what the audit committee does to execute their oversight responsibilities. These questions build on existing questions:
Two other new questions relate to disclosure of ESG oversight, similar to our existing questions on cybersecurity expertise. Audit committees are continually facing emerging risks and are frequently evaluating the requisite expertise and composition of the committee. These new questions are:
We also examined the utility of the questions explored in the report and removed those that were redundant or failed to capture relevant data.
In addition, we’re excited to highlight 4 steps to enhancing disclosures as excerpted from a new report, Audit Committee: The Kitchen Sink of the Board, How Audit Committees Can Manage Their Evolving Responsibilities and Polish Their Proxy Disclosures.
Further, we pulled together the various example disclosures where audit committees provided robust disclosure into a new appendix, Appendix III, Sample: Leading Practices Audit Matters and Report. This is illustrative of the comprehensive disclosure that pulls in the robust disclosure related to strong audit committee oversight.
Lastly, in another new appendix, Appendix IV, Questions to Consider When Preparing Audit Committee Disclosures, we include questions for audit committees to consider when thinking about how to enhance existing disclosures.
Highlights of the 2022 Barometer
Oversight of the External Auditor
Over the past nine years, the CAQ and Ideagen’s Audit Analytics have tracked disclosure of several key areas of audit committee oversight within the proxy statements of companies in the S&P Composite 1500 (S&P 1500). The 2022 Barometer continues to reflect positive long-term disclosure trends. Here are the results for 2022:
The majority of audit committees (71% for S&P 500) disclose the length of time the auditor has been engaged, however, very few audit committees (9% for S&P 500) disclose how the audit committee considers length of auditor tenure when re-appointing the external auditor.
The relationship between auditor tenure, auditor independence and audit quality has long been debated and researched, and since 2018 auditor tenure has been required to be disclosed in the auditor’s report. What’s important for stakeholders to understand is what does the audit committee think about the tenure of the audit firm in relationship to auditor independence and audit quality? Is it and how is it considered when re-appointing the audit firm? For example, the audit committee may disclose the benefits and potential risks of the auditor’s tenure that were considered. See examples 1 and 2 in Appendix II for disclosures about how the audit committee evaluated auditor tenure.
Audit Partner Selection
Similarly, many audit committees (51% of S&P 500) disclose that they are involved in the selection of the audit engagement partner, but few disclose what their involvement entails.
- The engagement partner is a critical component of audit quality.
- The oversight by the audit committee of the selection of the engagement partner is therefore critical to audit quality.
- Audit committees more involved in the engagement partner-selection process help to enable the selection of a more rigorous engagement partner.
- Those audit committees who disclose their involvement in the engagement partner selection tend to be more engaged in the process.
Through tailored disclosures, the audit committee can explain their role in the engagement partner selection process. For example, did the full audit committee or the chair interview all potential candidates or only the final candidate? If the final candidate, was that candidate vetted by management? Recommended by the audit firm? Even if a new engagement partner was not selected in the current year, there is an opportunity for the audit committee to describe the selection process policy, as well as disclose the year that the current engagement partner was selected. See examples 5 and 6 in Appendix II for disclosures regarding the audit committee’s oversight when selecting the engagement partner.
Providing detailed disclosures about how the audit committee executes its oversight responsibility, instead of relying on boilerplate language, provides investors with useful information into the processes, considerations, and decisions made by the audit committee to support audit quality. As shown in the examples in Appendix II, each audit committee has a unique story tell. The detailed disclosures relay the extent of engagement of the audit committee, which contributes to audit quality.
Cybersecurity disclosures continue to increase year-over-year, consistent with expectations of audit partners that they expect voluntary company disclosure about cybersecurity to increase. As cyber threats continue and investor and other stakeholder interest in cybersecurity vulnerabilities increases, the CAQ expects that boards and audit committees will continue this upward disclosure trend.
Additionally, consistent with prior years, there is an increase in disclosure of cybersecurity experts on the Board of Directors. As the risk environment evolves, it’s important for boards to monitor the skillset composition of committee members. We also continue to see cybersecurity oversight responsibilities are delegated to the audit committee for many public companies.
The CAQ and Ideagen’s Audit Analytics began tracking disclosure of audit committee oversight related to ESG in the current year. We found that for S&P 500 companies, 39% of audit committees disclose having an ESG or sustainability expert (this is equal to the percentage of audit committees who disclose having a cybersecurity expert (Q9)). The percentage of audit committees that disclose having responsibility for ESG oversight is significantly lower. For S&P 500 companies, 54% and 18% of audit committees, respectively, disclose responsibility of oversight of cybersecurity and ESG. Similar to cybersecurity, ESG is a multi-faceted emerging risk. How the Board considers oversight of this risk among its committees is helpful information for stakeholders.
Audit committees will likely continue to have an increased role in ESG oversight given their expertise and experience in oversight of internal controls and financial reporting. A CAQ analysis, published in 2022, of ESG reporting in the Form 10-K of the S&P 500 found that 453 companies (or 91%) mention some sort of climate-related information in the Form 10-K. As ESG information continues to make its way into SEC filings, audit committee disclosures around this topic will become increasingly important.
Download the full report PDF to view a summary table of disclosure rates and examples of effective disclosure, and to read about the benefits of audit committee disclosures.
Audit Committee: The Kitchen Sink of the Board
Audit Committee Insights Newsletter
Sign up today for the Audit Committee Insights newletter so that you never miss an update.