Stay updated on the latest resources and financial reporting news and insights curated for audit committee members with our Audit Committee Insights.
View the most recent edition of the Audit Committee Insights newsletter below, and scroll down for older editions of the newsletter.
Sign up today for the Audit Committee Insights newletter so that you never miss an update.
Happy Halloween! Did you miss us? We took August off. Then September went by in a flash! And now the pumpkin lattes have been out for over a month and holiday candy is in stores. And not Halloween candy…the December holidays! We scour available resources and keep up with regulatory developments to help keep you up to date. Read on to stay informed on these relevant developments for audit committee members.
Ask your auditor. Suggestions from the PCAOB.
How are auditors responding to the financial reporting and auditing risks posed by the current economic environments?
The PCAOB Spotlight offers questions for audit committees to consider, such as:
- How have economic factors (e.g., supply chain disruption, inflation) influenced the auditor’s risk assessment for the current year’s audit?
- If management made changes to certain accounting policies, practices, or estimates as a result of current events (e.g., higher inflation and costs of capital, the invasion of Ukraine), has the auditor considered how those changes may impact the planned audit strategy?
- What is the audit firm doing to attract and retain talent to ensure that all engagement team members have appropriate levels of competency, degree of proficiency, training, and supervision?
- Did the auditor identify and assess cybersecurity risks and evaluate potential cyber breaches within the company’s operations, which may have an effect on financial reporting? If so, what were the results of the auditor’s procedures?
- Are there any complexities (e.g., multiple systems) or concerns (e.g., data security) at the company preventing the use of technology by the auditor?
The PCAOB Spotlight offers other suggested questions for audit committees to consider related to auditor independence, audit firms’ quality control systems, initial public offerings and M&A, and auditing digital assets.
Cyber Governance and Disclosure? Game On.
EY analyzed cyber-related disclosures in the proxy statements and Form 10-K filings of Fortune 100 companies and found an increase in disclosures related to cybersecurity risk management and oversight.
What does ‘Good’ disclosure look like? Here’s what Fortune 100 companies are disclosing:
- 100% – Cybersecurity as a risk factor
- 70% – Audit committee oversees cyber
- 51% – Cyber in at least one director biography
- 51% – Company maintains a level of cybersecurity insurance
- 14% – External advisor provided attestation
- 9% – Preparedness includes simulations, tabletop exercises or response readiness tests
- 7% – Cybersecurity in executive compensation considerations
The North American and European Audit Committee Leadership Networks of Tapestry held a recent discussion on the future of cyber risk. Key takeaways include:
- AI can be pretty cool… but also creates new cybersecurity and ethical risks. For example, UnitedHealth is being investigated for its algorithm that a study found prioritized care for healthier white patients over sicker black patients. Read more on AI governance from Deloitte.
- Ask questions about what checks and balances are in place as new technologies are developed and deployed.
- Look at cyber from both sides now. You really might not know cyber at all. Audit committees can drill down to understand and prepare for future vulnerabilities
- Close call? Ask management about near misses, not just the big breaches
- Bring it down a level. Bring in business unit leaders on a rotating basis to explain their cybersecurity practices
- Security is multilayered and includes ‘on premises’ and ‘on the cloud’
- Got talent? Talent management is a top cyber concern
- Having trouble finding cyber talent? You’re not alone. The global cybersecurity workforce has 2.72 million unfilled positions
- This lack of skilled talent is the topmost barrier to meeting corporate security needs
- Fake news is an emerging risk
- Companies are facing targeted disinformation – the intentional spread of false or manipulated information to harm an organization, brand, or person – at growing rates.
- Identify relevant stakeholders and assign responsibility
- Train employees to recognize disinformation
- Create an incident response plan and hold practice drills
BDO weighs in. It’s an important time for boards to review their oversight of cyber risk. Taking a proactive stance on cybersecurity can help strengthen an organization’s ability to prevent, detect, mitigate and respond to threats. You can also check out the CAQ’s The Role of the Auditors in Company-Prepared Cybersecurity Information.
Practical Tips for the audit committee chair? Nailed it.
Scope creep. Increased workload. Emerging risks and evolving regulatory requirements. The audit committee and the chair especially are pressed for time. But time you can manage. It’s the right skills and experience you need to focus on. PwC provides practical tips for the chair:
- Committee size – Four audit committee members is typically the right size with at least two financial experts.
- Watch for over-boarding – Directors on NYSE-listed companies must get approval to serve on more than three public company audit committees.
- Succession planning – Formally consider board rotation of five to seven years.
- Successful onboarding – Focus on successful onboarding of new committee members involving the chair, CEO, financial leadership team, internal audit and external audit.
- Board education – Have a mix of in-boardroom education sessions with internal and external speakers as well as external training and events.
- Meet the chiefs – Meet separately in private session with the CFO, chief audit executive, and external auditor at a minimum. Other individuals to consider meeting with include the chief compliance officer, chief risk officer, chief information security officer, chief information officer, general counsel, and tax leaders.
Want to leverage internal audit better? PwC has questions you should ask for that too. (*Spoiler alert*)
- What is your confidence level that the internal audit function is spending time in the right areas?
- How is internal audit working with process owners, functional areas, and possibly external auditors in advance of the finalization of the proposed SEC disclosure rules on climate, human capital, and cybersecurity?
- How is internal audit working with other risk functions (e.g., compliance, enterprise risk) to deliver a combined view of risk to the audit committee?
A few quick hits are:
- Detailed audit committee requirements – including SEC, NYSE, and Nasdaq
- Tools and resources, including a sample audit committee charter, sample calendar planning tool and a self-assessment tool
- Tips for managing meetings, and auditor evaluation (including reference to the CAQ’s External Auditor Assessment Tool)
- *Love this* “Questions for the audit committee to consider” on composition, charter, self-assessment, earning release, ICFR, related-party transactions, proxy disclosures, ERM, fraud risk, cyber risk, M&A, ESG, independent auditor oversight, internal auditor oversight, code of ethics and conduct, and hotlines all in one spot. And a manageable 9 pages (really 8 pages as last page is just logo)!
ICYMI: CAQ Public Policy and Technical Alert (PPTA), August & September 2022
Each month, the PPTA highlights and examines the regulatory, standard-setting, legislative, and broader financial reporting developments impacting the public company audit profession. The CAQ’s August and September Alerts included these featured articles.
S&P 500 10-K analysis of climate, GHG emissions, and net-zero carbon neutral commitment
The CAQ posted a new analysis of S&P 500 companies’ 10-Ks in which it sought to understand their SEC filing disclosures regarding climate-related information, greenhouse gas emissions, and net-zero and carbon neutral commitments. CAQ observed that most companies mention climate-related information in their 10-K, but the type of information varies greatly from company to company.
PCAOB signed a Statement of Protocol with the China Securities Regulatory Commission and the Ministry of Finance of the People’s Republic of China
The PCAOB signed an agreement with China, taking the first step toward opening access for the PCAOB to inspect and investigate registered public accounting firms headquartered in mainland China and Hong Kong completely, consistent with U.S. law.
The PCAOB provides 2021 observations from the target team, a group of inspectors who focus on emerging audit risks and topics
The PCAOB posted its August 2022 report Spotlight: Observations From the Target Team’s 2021 Inspections. It spotlights fraud, interim reviews of special purpose acquisition companies (SPACs), going concern, and cash and cash equivalents.
FASB issues standard to enhance transparency around supplier finance programs
The FASB issued an Accounting Standards Update (ASU) that enhances transparency on the use of supplier finance programs for investors and other allocators of capital. Under the new ASU, a company that uses a supplier finance program in connection with the purchase of goods or services will be required to disclose sufficient information about the program to allow a user of financial statements to understand the program’s nature, activity during the period, changes from period to period, and potential magnitude. The buyer will be required to provide the key terms of the program as well as certain information regarding the obligations that the buyer has confirmed as valid to the finance provider or intermediary.
SEC adopts pay versus performance disclosure rules
The SEC adopted amendments to its rules to require registrants to disclose information reflecting the relationship between executive compensation actually paid by a registrant and the registrant’s financial performance. The rules implement a requirement mandated by the Dodd-Frank Act. Specifically, the amendments require registrants to provide a table disclosing specified executive compensation and financial performance measures for their five most recently completed fiscal years. With respect to the measures of performance, a registrant will be required to report its total shareholder return (TSR), the TSR of companies in the registrant’s peer group, its net income, and a financial performance measure chosen by the registrant.
M&Ms and Sour Patch Kids cross the aisle – Halloween’s popular candy by state
The Candy Store reports that M&Ms and Sour Patch Kids (SPK for those in the know) are the top choices in 7 states each. M&Ms are beloved in DC, Vermont, Oregon, Ohio, New Hampshire, Kansas, and Iowa. SPK are the faves in New York, Nebraska, Massachusetts, Maine, Illinois, Delaware, and Alaska. Top billing in 5 states are Reese’s Cups – Wyoming, North Carolina, Kentucky, Florida, and California. Did we take the popular candy by state chart and make a pivot table? Maybe. We might have done that.
Now, The Food Network cites Snickers as the favorite candy in 23 of 50 states. You know, “You’re not you when you’re hungry. Snicker satisfies.” You are now probably craving a Snickers. Their research data is based on a state-by-state breakdown of the top Halloween candies, according to Google search volume. Just goes to show different data, different story.
Are you handing out your state’s favorite candy this year? Or maybe you will pretend not to be home (one in five adults will (21%) according to a 2021 YouGov poll, as reported by Today). Or maybe you’re dressing up in this year’s most popular costumes as characters from “Stranger Things,” “Ted Lasso,” and Yellowstone. 😉 Trick or Treat!
Recent AC Insights newsletters
In this edition:
- Ask your auditor. Suggestions from the PCAOB.
- Cyber Governance and Disclosure? Game On.
- Practical Tips for the audit committee chair? Nailed it.
- ICYMI: CAQ Public Policy and Technical Alert (PPTA), August & September 2022
- M&Ms and Sour Patch Kids cross the aisle – Halloween’s popular candy by state
In this edition:
- The CAQ Launches Audit Partner Pulse Survey Offering Unique Insights on Capital Markets & State of the Economy
- Top Audit Committees Considerations for 2022
- The SEC’s Proposed Rule on Climate-Related Disclosures – What Do the Comment Letters Say?
- Happy Birthday Sarbanes-Oxley! SEC Chair Gensler Joins the CAQ and Reflects on the Work Ahead
- ICYMI: CAQ Public Policy and Technical Alert (PPTA), June 2022
- Summer Escape – Top 10 Reads
In this edition:
- The CAQ Response on the SEC’s Proposed Climate-Related Disclosures
- Excluding SPACs, Restatements Down 10% in 2021
- It’s Never Too Early to Think About Enhancing Audit Committee Disclosures in Your Proxy
- ICYMI: CAQ Public Policy and Technical Alert (PPTA), May 2022
- Important Legal Ruling in June (Not That One)
In this edition:
- SEC Extends Deadline for Comment Letters on Climate-Related Disclosures
- PCAOB Updates Standard-Setting and Research Agendas
- PCAOB Announces New Advisory Groups
- Have You Performed Your External Auditor Assessment?
- ICYMI: CAQ Public Policy and Technical Alert (PPTA), April 2022
- Fun Facts About May (including Naked Garden Day)
In this edition:
- The SEC’s Climate-Related Proposed Rule: 5 Things Boards Can Do Now
- Not Just Climate…the SEC’s Proposed Rule on Cybersecurity
- PCAOB Talks to Audit Committee Chairs
- ICYMI: CAQ Public Policy and Technical Alert (PPTA), February/March 2022
- Creativity Has No Limits
In this edition:
- CISA Warns: Shield’s Up To Protect Against Heightened Cyber Threats
- Investors Want More ESG Disclosure This Proxy Season
- Larry Fink Tells Audit Committees – Culture is Main Source of Board Effectiveness
- 2022 Fraud Risk Outlook – Cyber, Compliance, and Fraud Threats
- ICYMI: CAQ Public Policy and Technical Alert (PPTA), January 2022
- Irish Blessings
In this edition:
- What’s Happening? Audit committees dealing with increased complexity, “scope creep,” according to new report from Deloitte and the Center for Audit Quality (CAQ)
- The Role of the Audit Committee: Be Bold. Be Ambitious.
- Regulatory Developments: Focus on Accounting Estimates
- ICYMI: CAQ Public Policy and Technical Alert (PPTA), December 2021
- For Inspiration: Remembering Martin Luther King Jr.
In this edition:
- What’s happening? A new sustainability standards board.
- The role of the audit committee: Disclose the good job you are doing in your proxy
- Regulatory developments: SEC focus on materiality and auditor independence
- Make a list and check it twice: On the audit committee agenda for 2022
- ICYMI: CAQ Public Policy and Technical Alert (PPTA), October and November 2021
- The GOAT and a nice guy. Tom Brady and teammates surprise boys’ freshman basketball team.
In this edition:
- More Directors Say ESG Linked to Corporate Strategy but Risks Not Very Well Understood
- New Approach to Cyber Oversight for Board of Directors
- Regulatory Developments: PCAOB Staff Previews 2020 Inspection Reports; SEC Chief Accountant Emphasizes Importance of Effective Audit Committee Oversight
- ICYMI: CAQ Public Policy and Technical Alert (PPTA), September 2021
- Your Employees May Be Languishing. The Antidote is Flow.
In this report, learn about the importance of board diversity, the role of the Audit Committee, analysis of SEC comment letters, and insights on reconnecting friendships and work relationships.
In this update, read about what’s staying virtual, how to govern culture, mitigating the risk of fraud, and dealing with Zoom fatigue.
The June 2021 Insights highlight climate change disclosures, why the Board oversees ESG, auditor independence, changes to the SEC Reg Flex Agenda, and unforgettable Olympic moments.