Audit Committee Insights | July 2022

Are you surviving the heat? Whether you are in the Northeast or Europe – it’s been hot and as these areas cool down, other parts of the country are heating up. And that’s just the weather. During these challenging times – politically, environmentally, and otherwise – as an audit committee member you have to keep your cool. Read on to stay informed on relevant developments for audit committee members.

We welcome input; please let us know what you think. Subscribe here so that you never miss an update from the CAQ.

The CAQ Launches Audit Partner Pulse Survey Offering Unique Insights on Capital Markets & State of the Economy

The CAQ launched the first of its kind survey of the US public company audit industry offering a bird’s-eye view of the state of the economy that only auditors can provide. Due to the nature of the auditor’s work, which necessarily includes risk assessment procedures, auditors obtain unique insights across a broad spectrum of industries. The analysis in this survey provides valuable, independent observations on the state of the economy, economic indicators on the horizon, cybersecurity preparedness, corporate disclosure trends and more.

Key Findings

State of the Economy and Top Concerns

• Most audit partners are not optimistic on the economic outlook over the next 12 months (84% responded pessimistic or neutral). 75% of audit partners believe that inflation will be a factor for more than the next 12 months.
• The top economic risks to businesses over the next twelve months are inflation, labor shortages, and supply shortages and supply chain disruptions.
• 77% of audit partners believe that companies will raise prices for consumers by more than historical trends to offset the impact of inflation. Consumer and industrial products are the leading industry sectors in this regard with price increases expected by 95% and 94% of partners, respectively.

More Progress Needed in Cybersecurity

• Audit partners think more progress is needed in cybersecurity. Apart from communications between management and the board, where significant progress was observed by 54% of respondents, half or more of the audit partners surveyed reported companies have more work to do across the remaining surveyed cybersecurity areas.

Top Corporate Priorities in This Economic Environment

• Talent and labor was identified by audit partners as the single most important corporate priority for 2022.
• Increasing workplace flexibility and increasing employee compensation were the top talent and labor priorities identified by audit partners for corporations.
• Audit partners reported that climate change is both a short- and long-term priority for public companies, but cited reporting challenges. Nearly two-thirds of audit partners (63%) said businesses take climate change into account when developing their corporate strategy.
• Accepting cryptocurrency as a form of payment does not appear to be a priority for public companies according to 69% audit partners. However, two industries, financial services and technology, telecommunications, media, and entertainment, appear to be early adopters of cryptocurrency per the survey results, and were slightly more likely to be considering or preparing for accepting crypto as a form of payment (51% and 43%, respectively).

 See more details on the CAQ website here.

Top Audit Committees Considerations for 2022

FORVIS – the new firm resulting from the merger of accounting firms BKD and DHG – provides a Top 10 list for audit committees to consider. This list is geared towards financial institutions, but broadly applicable.

1. LIBOR Transition

Audit committees should monitor the impact on LIBOR-based contracts of the decommission of LIBOR as a rate option.

2. ESG

Consider a 4-phase approach to building an ESG program:

• Assess – Define what success looks like via dialogue with executive leadership, engage with the investment community to understand how they are integrating ESG into investment decisions, identify ESG risks and opportunities, identify ESG KPIs, and determine which reporting framework(s) to use;
• Design – Develop an ESG narrative and messaging plan, identify data sources, develop controls for data reliability, design an ESG report, develop a communication plan for different audiences, provide transparency of reporting processes, and evaluate technology solutions for reporting;
• Implement – Draft a report, using a structured, machine-readable format; conduct third-party assurance for confidence in reported information; use financial reporting processes as a model for review and approval; finalize and publish the report; execute a messaging plan; and execute a communication plan; and
• Monitor – Actively seek key stakeholder feedback; measure and refine reporting and messaging based on stakeholder feedback; and develop systems and processes to capture, prioritize, and assign responsibility to address stakeholder feedback.

3. Tax Considerations

Tax reform continues to be an important topic for audit committees. President Joe Biden’s 2023 federal budget proposes an increase to the corporate income tax rate from the current 21% to 28%. While this budget proposal has yet to become law at the date of this publication, many companies are planning and modeling for the potential impact.

4. Current Expected Credit Loss (CECL)

For non-SEC filers, this new accounting standard takes effect January 1, 2023. Even for SEC filers who already adopted, given economic conditions, CECL is often a significant estimate for audit committees to focus on. While this new accounting standard will most significantly impact financial institutions, all companies need to consider.

CAQ note: Here is a tool designed to help audit committees exercise their oversight responsibilities as companies implement the new credit losses accounting standard. The tool includes an overview of the new standard and offers key questions and resources for audit committee members to consider. The effective date for non-SEC filers was deferred to 2023 since the tool was published.

5. Cybersecurity

The cybersecurity threat landscape has dramatically changed over the last several years and so has the approach to dealing with these threats. Companies need to begin their journey from perimeter security design to a well-thought-out “zero-trust” network design architecture. This requires significant network architecture design changes to address the risks of a perimeter security design. This means there should be a hard outer shell, i.e., the firewall, and the internal network behind it is soft, more relaxed, and built for ease of use by end-users and network administrators where internal devices are implicitly trusted as being safe. To better understand this, zero-trust architecture design is the paradigm shift of removing the implicit trust from internal network devices, and everything is as if it is on the internet and no longer behind a trusted perimeter firewall. Under this new paradigm, an eventual breach event is “assumed,” and the zero-trust network architecture design shrinks the “blast radius” risk of security incidents/compromised devices down to acceptable levels of risk and limits the number of enterprise endpoints and data that can be affected by security incidents like ransomware.

6. Enterprise Risk Governance

Companies and financial institutions should have internal controls, information systems, and internal audit programs that are commensurate with their size, sophistication, and complexity. Emphasis should be placed on several elements, including the implementation of a board-approved risk appetite statement, identification and assessment of risks on a regular basis, and a risk culture framework supported by training across all levels.

7. Culture & Conduct Risk

Conduct risk has received increased regulatory scrutiny over the last few years. Regulators have observed shortcomings in the prevailing culture of financial institutions as the root cause for continued misconduct, and regulators hold board members and senior management directly responsible for establishing and maintaining their financial institution’s culture. Institutions have the challenge of integrating conduct risk into existing risk management frameworks to meet regulatory and supervisory expectations. Identifying and maintaining a strong organizational culture begins at the highest levels of management. In terms of generational changes, baby boomers continue leaving the workforce and are replaced with Generation X, Millennials, and now Generation Z employees. A strong culture is critical among all employees to deliver a consistent brand message that customers can trust, and studies show that organizations that encourage ethical behavior are less likely to face misconduct, including financial reporting fraud.

8. Regulatory Compliance – Impact of the Russia-Ukraine War

Banks should ensure Bank Secrecy Act/Anti-Money Laundering (BSA/AML) compliance programs are well designed to respond to the additional risks the war has imposed on Russian sanctions to prevent civil monetary penalties for non-compliance.

9. Emerging Technologies

Audit committees play a critical role in monitoring impacts on financial reporting as it relates to emerging technologies. As companies and institutions utilize more sophisticated systems and applications to process and move data throughout their organizations, it is important to have tools to evaluate and interpret the information generated. However, these new technologies can also pose additional threats to the control environment. The CAQ’s Emerging Technologies: An Oversight for Audit Committees publication provides various questions that can be asked by audit committees.

10. Press the Reset Button

As the demands and new challenges imposed on audit committees have increased significantly over the past decade, it is important to make sure a committee is focused on appropriate topics. If not already addressed, take some time to review the committee’s focus to determine top priorities.

Here are other updates for Q2, 2022 – EY Center for Board Matter’s Update for 2022 Q2 reporting, KPMG’s Directors Quarterly (July 2022), and Deloitte Center for Board Effectiveness’ Audit Committee Brief (July 2022).

The SEC’s Proposed Rule on Climate-Related Disclosures – What Do the Comment Letters Say?

The SEC received 10,589 comment letters in response to its proposed rule, The Enhancement and Standardization of Climate-Related Disclosures for Investors. Yup. More than ten thousand comment letters. Of these, more than 4,000 are unique. Here is a summary of themes from KPMG based on a targeted review of 150 responses.

Listen to KPMG’s podcast, Responses to the SEC’s Climate Proposal.

Based on KPMG’s targeted review of 150 responses, there was general standard-setting support across stakeholders but concerns about the proposal expressed:

1. Financial statement disclosure
   • Operability was primary concern
   • 63% of responses reviewed wanted the disclosure threshold to be based on investor materiality rather than a bright line
2. Greenhouse gas (GHG) emissions disclosures
   • 43 respondents reviewed (28%) requested changes to the proposed organizational boundary.
   • Scope 3 sentiment – 30% opposed the proposed; 34% supported with changes; 11% supported the proposal; 25% silent
3. GHG emissions attestation – comment letters reviewed:
   • 56% were silent
   • 20% supported limited assurance (some responded “at least” limited assurance)
   • 12% supported reasonable assurance
   • 12% commented no assurance needed
4. TCFD-like disclosures
   • 55% of the targeted review were generally supportive
   • 35% were silent
   • 10% opposed
5. Timing and liability a concern
   • 44% of the responses reviewed requested expanded safe harbor for issuers, including some requests for safe harbor for board members designated as climate experts.
   • GHG emissions data was the most common item requested to be furnished at a date later than the Form 10-K filing.
6. Transition a challenge
   • 53% of respondents reviewed supporting pushing out the effective date citing needing time for the implementation of systems, processes and controls to gather and validate the required data. 42% were silent.
   • 34% of respondents reviewed supported a prospective implementation model – i.e., without the presentation of historical periods upon adoption. 62% were silent.
7. Support for a global baseline
   • 40% of respondents reviewed discussed achieving baseline disclosures globally that can be built upon by individual jurisdictions.
   • Of those who commented, 62% noted their support for the ISSB as an alternative framework for FPIs, while others spoke more generally about the acceptance of other frameworks.

Happy Birthday Sarbanes-Oxley! SEC Chair Gensler Joins the CAQ and Reflects on the Work Ahead

Similar to your favorite movie that feels it came out recently but in fact came out 20 years ago, the landmark Sarbanes-Oxley Act is also 20 years old! Old enough to drive not old enough to drink. Signed into law on July 30, 2002, the law established a framework to protect institutional and hardworking individual investors alike by improving the accuracy and reliability of the information that drives investments in our capital markets.

To mark this momentous birthday, the CAQ and Capitol Account hosted SOX: The Evolution of Corporate Reporting, featuring remarks from SEC Chair Gary Gensler and a robust discussion with CAQ CEO Julie Bell Lindsay and Deloitte US CEO Joe Ucuzoglu.

Here are our top five takeaways:

1. Sarbanes-Oxley has had a positive impact on audit quality. As Chair Gensler said “The quality of publicly company audits has improved.”
2. Diversity and inclusion are the future. It is critical to the work of public company auditors that the profession better reflect the demographics of the broader population. Collective efforts like Accounting+ and Bold Ambition will be critical to bringing in the next generation of auditors.
3. Critical auditing standards updates. In May of this year the PCAOB announced plans to update most of its interim standards that were adopted when it was created. Chair Gensler cited this as a key area of focus for him.
4. Public company auditors are prepared.As investors call for new data in corporate reporting, the expertise of independent public company auditors is applicable to emerging areas such as ESG and cybersecurity.
5. An emphasis on enforcement. Keeping in mind investor protection, the SEC and PCAOB will bring a greater focus on investigations and enforcement actions.

Click here to replay the event and here for Gensler’s full statement.

For more on the impact of SOX’s legacy, see EY’s new publication, SOX at 20: the enduring legacy of the Sarbanes-Oxley Act, which reminds readers of the important provisions of the Act and its significant impact on corporate governance, financial reporting and audit quality over the last two decades. PCAOB Chair Erica Williams also spoke with the Council of Institutional Investors about the PCAOB’s mission.

ICYMI: CAQ Public Policy and Technical Alert (PPTA), June 2022

Each month, the PPTA highlights and examines the regulatory, standard-setting, legislative, and broader financial reporting developments impacting the public company audit profession. The CAQ’s June Alert included these featured articles.

• The critical importance of the general standard of auditor independence and an ethical culture for the accounting profession
  In a statement, SEC acting chief accountant Paul Munter discussed the critical importance of the auditor independence framework under Rule 2-01(b) of Regulation S-X (“Rule 2-01(b)” or the “general standard”); the Office of the Chief Accountant’s approach to auditor independence consultations; certain recurring issues in recent auditor independence consultations; and the paramount importance that accounting firms foster an ethical culture with respect to auditor independence and fulfill their professional responsibilities.
• PCAOB issues Spotlight providing staff overview for planned 2022 inspections
  The PCAOB issued a Spotlight report that highlights selected areas of planned inspection focus in 2022. Selected areas of inspection focus include fraud and other risks, IPOs and M&A activity, audit firms’ execution challenges, broker-deal specific considerations, independence, use of service providers in the confirmation process, critical audit matters, audit areas with continued deficiencies, firms’ quality control systems, and technology.

Summer Escape – Top 10 Reads

Need an escape this summer? Here are Goodreads’ Members Hit Books of the Year So Far Top 10 Fiction:

1. One Italian Summer by Rebecca Serle
2. Black Cake by Charmaine Wilkerson
3. To Paradise by Hanya Yanagihara
4. Violeta by Isabel Allende
5. The Christie Affair by Nina De Gramont
6. The Diamond Eye by Kate Quinn
7. Lessons in Chemistry by Bonnie Garmus
8. Olga Dies Dreaming by Xóchitl González
9. The Candy House by Jennifer Egan
10. The Unsinkable Greta James by Jennifer E. Smith

Looking for another source? Former President Obama also recently released his summer reading list.

Questions and comments about Audit Committee Insights can be addressed to Vanessa Teitelbaum, Senior Director, Professional Practice (vteitelbaum@thecaq.org). This newsletter is intended as general information and should not be relied upon as being definitive or all-inclusive. The CAQ encourages readers to refer to applicable rules, standards, guidance, and other resources in their entirety. All entities should carefully evaluate which requirements apply to their respective organizations.

Check out the CAQ’s Audit Committee Resource Collection for more information.