It’s May. For many it’s Commencement season with high school and college graduations. It’s a time to look forward to the future and get excited about opportunities. But, audit committees naturally think about risks and we’ll cover those here. We scour available resources and keep up with regulatory developments to help keep you current. Read on to stay informed on these relevant developments for audit committee members.We welcome input; please let us know what you think. Was this email forwarded to you by a colleague? Subscribe here so that you never miss an update from the CAQ.
Generative AI: Are You Addressing Factors of Trust and Ethics? There’s No Time to WasteGenerative AI is a lot like Roy Kent in Ted Lasso. It’s here! It’s there! It’s every $&!-ing where! (Roy Kent! Roy Kent!). Ask a 15-year old if they’ve heard of and/or used ChatGPT and the response is, “duh… of course.” Have you used it? Created an account? It’s not the only game in town, but it’s interesting to test it out. Ask ChatGPT:
You can test the results based on your knowledge. Your own biography may be way off base. It can be jarring. How do you know the output is correct? According to Deloitte’s AI Institute, the trustworthiness of Generative AI depends on how an organization uses it, and as enterprises wade into this fast-moving field of AI, there are factors of trust and ethics that should be addressed.
NACD Updates Its Director’s Handbook on Cyber-Risk OversightNow in its fourth edition, NACD partnered with the Internet Security Alliance (ISA), the U.S. Department of Homeland Security, and the Federal Bureau of Investigation to present principle-based guidance on the board’s role in securing their organizations in its Director’s Handbook on Cyber-Risk Oversight. The Question of Adding a “Cyber Expert” to the Board While the handbook is extensive related to cyber-risk oversight, we call to your attention considerations from the handbook of whether to add a “cyber expert” to the Board. According to a 2022 NACD survey of publicly traded company directors, 47 percent of boards delegate cybersecurity oversight tasks to the audit committee – the committee which most often oversees complex audits of financial and compliance matters, while 32 percent oversee the risk as a full board and 13 percent delegate it to a risk committee. Some companies in recent years have considered whether to add cybersecurity and/or IT security expertise directly to the board via the recruitment of new directors. According to the 2022 NACD Public Company Board Practices and Oversight Survey, 43 percent of surveyed companies displayed ambivalence about recruiting a cyber-savvy director to their board, while 42 percent either agreed or strongly agreed that adding this expertise would be worthwhile. If the US Securities and Exchange Commission’s proposed rule on cybersecurity is passed as it stood at the end of 2022, companies may be compelled by regulation to recruit someone with cybersecurity expertise onto their board. Should You Have a Cyber Expert on the Board? Naturally, the answer is, it depends. The NACD handbook offers these Questions to Consider:
Material Weaknesses Up Due to Tech Investments and Resource TurnoverAccording to PwC, the number of material weaknesses disclosed in a company’s 10-K jumped 73% from 2021 to 2022. In the first quarter of 2023, material weaknesses have increased 25% relative to the same period last prior year.
What does this mean for you and your audit committee? Consider if these conditions exist at your company. Work with your internal and external auditors as well as management to be proactive to ensure a material weakness doesn’t sneak up on you. PCAOB Enhances Transparency of Inspection Reports With New Section on Auditor Independence and MoreThe PCAOB has enhanced its inspection reports with a new section on auditor independence and a range of other changes intended to make more information publicly available that is relevant, reliable, and useful for investors and other stakeholders. The enhanced inspection reports will include:
ICYMI: CAQ Public Policy and Technical Alerts (PPTA), March and April 2023Each month, the PPTA highlights and examines the regulatory, standard-setting, legislative, and broader financial reporting developments impacting the public company audit profession. The CAQ’s March and April 2023 Alerts included these featured articles. PCAOB Investor Advisory: Exercise Caution With Third-Party Verification/Proof of Reserve Reports The PCAOB’s Office of the Investor Advocate issued an Investor Advisory due to concern that investors and others may place undue reliance on proof of reserve reports (“PoR Reports”), which are not within the PCAOB’s oversight authority. The Office of the Investor Advocate is aware of some service providers, including PCAOB-registered audit firms, issuing PoR Reports to certain crypto entities (e.g., crypto exchanges, stablecoin issuers). The Investor Advisory says investors should note that PoR engagements are not audits and, consequently, the related reports do not provide any meaningful assurance to investors or the public. PCAOB Proposes Modernization of Standards Addressing Core Auditing Principles and Responsibilities The PCAOB issued for public comment a proposed new standard, AS 1000, General Responsibilities of the Auditor in Conducting an Audit. If adopted, AS 1000 would reorganize and consolidate a group of standards that were adopted on an interim basis by the PCAOB in April 2003 and that address the core principles and responsibilities of the auditor, such as reasonable assurance, professional judgment, due professional care, and professional skepticism. The proposal would also amend certain other standards that address responsibilities fundamental to the conduct of an audit. Comments are due by May 30, 2023. A New PCAOB Staff Spotlight Reminds Auditors That Professional Competence and Skepticism Are Essential to Quality Audits The PCAOB posted a new report, Spotlight: Professional Competence and Skepticism Are Essential to Quality Audits. The staff of the PCAOB reminds auditors of the importance of critically assessing the audit firm’s capabilities, obtaining proper understanding of the company they are auditing, and performing work with due professional care and professional skepticism. These matters are particularly important in circumstances where changes to economic conditions or other factors affect the company. Auditors are reminded of their responsibility to take into account all evidence obtained when evaluating the results of the audit, including information regarding potential bias in management’s judgments about the amounts and disclosures in the FASB Seeks Public Comment on Proposed Improvements to the Accounting for and Disclosure of Certain Crypto Assets The FASB published a proposed ASU intended to improve the accounting for and disclosure of certain crypto assets. The amendments would require an entity to measure crypto assets at fair value each reporting period with changes in fair value recognized in net income. They also would improve the information provided to investors about an entity’s crypto asset holdings by requiring disclosure about significant holdings, restrictions, and changes in those holdings. The amendments would apply to all entities holding crypto assets that meet all the following criteria:
Comments are due by June 6, 2023. FRC Publishes Conversation Starters to Boost Investor-Audit Committee Engagement The FRC announced the launch of a new web page providing conversation starters aimed at promoting better engagement between investors and audit committees. The resource is intended to facilitate better understanding of companies and their approach to financial reporting and internal control. The series of conversation starters is aimed at investors wishing to engage with audit committees and companies on assurance-related topics. The conversation starters have been developed in consultation with stakeholders, including investors, audit committees, and other interested parties. CAQ Audit Quality Reports Analysis: A Year in Review The CAQ announced a study that examines the most recent audit quality reports for each of the eight accounting firms represented on the CAQ’s Governing Board. The study observed over 100 unique qualitative disclosures and quantitative audit quality metrics providing transparency into the firm-level processes that accounting firms employ to promote and enhance audit quality. Corporate Decision-Making: Why Choose a CPA for Your ESG Assurance Needs? The CAQ and AICPA teamed up to release a new publication on choosing a CPA for ESG assurance. The publication explores:
Reframing failure as steps to success![]() Giannis Antetokounmpo, the Milwaukee Bucks’ power forward, after being asked if he considered the past season a failure: Do you get a promotion every year at your job? No, right? So every year, your work is a failure? No. Every year, you work towards something, which is a goal: It’s to get a promotion, to be able to take care of your family, provide a house for them, or take care of your parents. It’s not a failure, it’s steps to success. There’s always steps to it. Michael Jordan played for 15 years and won 6 championships. The other 9 years were a failure? That’s what you’re telling me. There’s no failure in sports. There’s good days, bad days, some days you are able to be successful, some days you’re not, some days it’s your turn, some days it’s not your turn. That’s what sports about. You don’t always win, some other people are gonna win. And this year, someone else is gonna win. Simple as that. Applicable to sports. Applicable to life. (And as Dani Rojas in Ted Lasso says, “Fútbol is life!”)
|