The Strategic Audit Committee: a 2020 Preview

Krista Parsons is Managing Director and Robert Lamm is Independent Senior Advisor at the Center for Board Effectiveness, Deloitte & Touche LLP. This post is based on their Deloitte memorandum.

Introduction

To anyone familiar with the role and responsibilities of audit committees, it will come as no surprise that the audit committee is sometimes called the “kitchen sink” committee. That is because at many companies, any topic that isn’t clearly the responsibility of another committee or the full board frequently ends up on the audit committee agenda.

Due to this and other factors, the audit committee agenda is usually jam-packed, and audit committees need to be strategic, prioritizing the matters they handle and using their time efficiently and effectively. The need for this strategic approach will almost surely increase in 2020, as the number and complexity of issues faced by boards and audit committees continue to grow.

Priorities

A big part of being strategic is the setting of priorities—determining which matters the audit committee should focus on, and how best to execute its responsibilities.

Financial reporting and internal controls

There are a number of areas that arguably fall within the core responsibilities of the audit committee, but first among these is oversight of financial reporting and internal controls. The accuracy and reliability of financial statements and information are critical to a company and a restatement or other adverse reporting event can cause long-term reputational harm. Some important areas of financial reporting focus for audit committees in 2020 are as follows:

  • Earnings quality: Users of financial reports increasingly go beyond the numbers to consider whether financial statements reflect the balanced and consistent application of accounting and financial reporting requirements reflecting the spirit, as well as the letter, of those Another factor in assessing the quality of earnings is the nature of judgments made in a variety of risk areas, such as revenue recognition and loss reserves.
  • Another topic that continues to generate scrutiny from the SEC and investors is the use of non-GAAP financial information. The SEC has publicly spoken about the importance of appropriate controls regarding the disclosure of such measures, and non-GAAP measures remained among the top areas of SEC comment through 2019. As part of their reviews of earnings releases and other financial disclosures, audit committee members should evaluate whether the use of non-GAAP information is appropriate under SEC guidelines. [1]
  • Implementation of new accounting pronouncements: To varying degrees, the implementation of new accounting pronouncements can be extremely complex and time-consuming. Audit committee members should be asking management and their independent auditors about the company’s implementation plans and processes, including whether the implementation team has adequate resources—which can increasingly involve the purchase and implementation of new technology—and whether and under what circumstances early adoption is advisable.
  • Audit committees should also inquire how the company is complying with Staff Accounting Bulletin (SAB) No. 74, Topic 11.M., Disclosure of the Impact that Recently Issued Accounting Standards Will Have on the Financial Statements of the Registrant When Adopted in a Future Period. SAB 74 imposes financial statement footnote disclosure requirements in advance of a company’s adoption of a new accounting standard. [2]
  • Another critical component of the implementation process is to establish and maintain appropriate controls designed to assure compliance with new For this and other reasons, the audit committee’s role does not end with adoption of a new pronouncement; post-implementation oversight, including of related controls, is important.
  • CAMs: Beginning in 2019, audit reports must include discussions of CAMs, or critical audit matters. While CAMs disclosure is the responsibility of the auditor, rather than the company, audit committees need to be cognizant of the requirements and aware of the auditor’s proposed CAMs disclosures throughout the audit process. In addition, committees should review the company’s disclosures on the topics addressed in the CAMs in light of the auditor’s reporting on those topics. Numerous publications clarifying CAMs disclosure requirements have been published since they were first issued, including interpretations by the Public Company Accounting Oversight Board. [3] In addition, the Council of Institutional Investors has published a “first look” at CAMs disclosures, including suggestions for improvements in CAMs reporting. [4] Audit committee members should consider reviewing these and other publications to effectively oversee how the company’s CAMs are being reported.
  • Other disclosures: Although the audit committee’s key responsibility with respect to disclosures relates to financial reporting, it has an important role to play in oversight of the company’s other disclosures. That role is increasingly played out in areas in which disclosure is not mandated by current SEC rules, including reporting on the company’s environmental, social, and governance (ESG) activities. Moreover, as noted in a recent Deloitte report, “[c]ompanies are also recognizing that simply providing the data may not go far enough for investors; accordingly, 36 percent of S&P 500 companies now obtain assurance on select ESG information in their sustainability reports and 3 percent obtain assurance on sustainability reports as a whole.” [5] Audit committees will be on the “front line” in overseeing whether and the extent to which assurance can be provided as to ESG and other non-financial disclosures. Similar issues may arise in the event the SEC adopts recently proposed rules that would call for disclosure on “human capital.” [6]
  • Financial Talent and Resources: An important aspect of the audit committee’s responsibility is oversight of the company’s financial talent and resources. Even high-quality financial systems may not be able to overcome inadequate human resources. For this reason, audit committees need to consider not only the competence of the financial team, but also its bench strength; for example, how would the company’s financial reporting and internal control systems fare if the CFO or another key member of the team were to leave the company? At the same time, the committee cannot ignore the company’s financial systems, including whether are able to benefit from technological advances. The latter point may be of growing importance as technology continues to create opportunities for finance transformation, providing more real-time financial data and insights into future performance. An inability to benefit from these and other technologies could negatively impact the company.

The importance of the audit committee’s oversight of financial reporting and related matters is the focus of many stakeholders, including regulators. In fact, at the end of December 2019, the SEC issued a “Statement on Role of Audit Committees in Financial Reporting and Key Reminders Regarding Oversight Responsibilities” [7] that outlines the SEC’s views on the nature of the audit committee’s responsibilities in these areas.

Risk oversight

Risk oversight has long been another key area of responsibility of the audit committee. Even as oversight responsibilities for certain key risks have increasingly been assigned to other committees—for example, compensation committees address compensation risk—or retained by the full board, the audit committee remains responsible for overseeing the entire risk process. [8] This task has taken on additional significance with the seemingly endless emergence of risks facing companies, such as cyber, culture, geopolitical, technology, and disruption. The audit committee needs to consider how these and other risks are overseen and how the committees and the board—as well as management—need to coordinate so that all key risks are effectively overseen and to avoid having certain risk areas “fall through the cracks.” Even for companies that have risk committees, the potential impact of various risks on financial reporting and disclosure requires that the audit committee have a key role.

While all the above and other risks merit attention by the audit committee, cyber is one that may require particular focus, as it can impact many areas of the company. For example, a breach or a ransom demand can impair the company’s financial or internal control systems such that it may not be able to comply with financial reporting requirements.

Given the audit committee’s role in risk oversight, it is also important that the committee consider the company’s culture— the “tone at the top” (including the boardroom), the “mood in the middle,” and the “buzz at the bottom.” While culture oversight responsibility goes beyond the audit committee, culture is a major influence on compliance and associated risks, thus giving the committee an important role to play. Committee members should consider various ways of helping to oversee culture risk, such as “walking the halls”—i.e., interacting with people at all levels of the company—to assess the company’s culture, including the extent to which employees understand the importance of compliance and their willingness to come forward when compliance concerns arise, whether through the company hotline, as a whistleblower, or otherwise. [9] Evaluating the processes by which employees can convey those concerns, including conducting engagement surveys to assess their willingness to do so, are some of the areas in which the audit committee has a significant role. The audit committee can also review antifraud programs and controls and conduct periodic reviews of the company’s code of conduct.

Being more strategic

Making meetings more strategic

Given the number of priorities noted previously—which by no means addresses all of the audit committee’s responsibilities—and the number of audit committee-specific requirements, it can be challenging to get through the agenda, while making sure to drive a strategic discussion. The committee should focus, therefore, on how to implement a strategic approach to meetings. In the absence of such an approach, it is questionable whether the committee can execute its responsibilities effectively. In our experience there are a number of process-related components that can make for a more strategic meeting, some of which include:

  • An effective committee chair: The importance of having an effective chair cannot be overstated. The chair can facilitate strategic meetings in many ways, such as supervising the creation of the agenda (discussed in more detail below); directing presenters to spend most of their time on discussion rather than reading slides or other materials; and managing discussions so that topics can be appropriately—but not excessively—addressed. The chair should also engage with management around pre-reads and other meeting materials, confirming that their content and format will adequately inform committee members and drive meeting discussions. And in cases where it becomes apparent that a committee member has not read pre-reads or is otherwise unprepared, it is the chair’s responsibility to address the matter.
  • The agenda and meeting materials: A well thought-out agenda, including the accompanying materials, can greatly enhance the quality of a committee meeting. The agenda can focus the committee’s discussions on priority topics and help avoid spending too much time on less consequential ones. Ordering the agenda to address challenging areas at the beginning of the meeting rather than waiting until the end of the meeting—when time may be short—can also help to focus the committee on the most important matters.
  • Pre-reads and other meeting materials also influence the quality of committee meetings. Extensive materials in which important information is “buried” or hard to find can result in committee members overlooking things they should consider; and overly lengthy materials can deter committee members from reading materials carefully. Even the format of materials can be very important. Is an executive summary provided? Do the materials indicate why they are being provided to the committee (e.g., for action, for discussion, or for information only)? Is the important information easy to find? The timing of delivery of materials is also critical—materials delivered shortly before a meeting may not be read, or read carefully. While technology has enabled committee members to review materials on a tablet, phone, or laptop rather than having to carry voluminous materials, it has also been cited as making it too easy to send voluminous materials and to wait until the last minute to send them.
  • Executive sessions: The effective use of executive sessions can help the audit committee to have more strategic and efficient and effective There are various types of executive sessions, which may include: a brief (5–10 minute) audit committee-only session immediately before the audit committee meeting to align on priorities; individual post-meeting sessions with the CFO, other individuals responsible for financial reporting and internal audit, the independent auditor, the general counsel, etc.; and audit committee-only sessions following the meeting to discuss follow-up items and matters to be addressed at future meetings. Each of these sessions should be conducted to afford the committee and the individuals an opportunity to discuss issues—including sensitive ones—candidly. These executive sessions should be scheduled, and on the agenda, at every meeting regardless of whether or not there are things to discuss. This avoids the awkwardness that may occur if these sessions are scheduled only when issues arise.

Being—and staying—informed

While all of the matters discussed above are important, they cannot substitute for knowledge. Reading and digesting committee materials and company disclosures and staying on top of business, industry, and other relevant publications is important; however, audit committee members—indeed, all directors—can greatly benefit from going beyond these basics to learn about new and developing trends, become familiar with new technologies, and understand how other committees and boards are meeting the challenges of being a director and a member of the audit committee in the 21st century.

Director education is increasingly being provided in a variety of ways. Some companies are providing education as part of or as an adjunct to regularly scheduled meetings, often in conjunction with the independent auditor. Others are providing education annually, such as in connection with board retreats, to discuss strategy and other matters. And there are many programs conducted by governance related-organizations, colleges and universities, and other educational institutions at which directors can not only learn but also network with other directors to discover how their companies address challenges. Attending meetings of investor organizations can also be very helpful to gain a better understanding how these key stakeholders view the company.

Conclusion

The responsibilities of audit committees continue to grow, seemingly geometrically or even exponentially, with new challenges arising all the time. While these responsibilities can seem overwhelming, focusing on the committee’s most important priorities and taking actions to make the committee and its meetings more strategic, can greatly assist the committee in executing its responsibilities in a comprehensive and effective manner.

Questions for audit committee members to consider asking:

  1. Does our committee have a clear understanding of the company’s priorities?
  2. What does the investing public think of the quality of our earnings?
  3. Are there any new or proposed accounting pronouncements or disclosure requirements that we should concentrate on? Are we adequately prepared to address and implement them?
  4. Are we satisfied that the risks facing the company have been appropriately allocated among all committees and the full board? In particular, have we properly allocated oversight responsibility for cyber risk?
  5. What are we doing to be able to provide assurance on ESG and other “soft” information?
  6. Do we adequately understand the company’s culture? Do we need to do more work (such as conducting and engagement survey) to better understand it?
  7. Are our hotline and other processes to report compliance matters up to speed? How is the information in those reports conveyed to us?
  8. Is the committee agenda prioritized such that we are able to discuss the most critical matters? Are the committee materials formatted and prepared in a way that enhances our effectiveness as a committee?
  9. Do we have the right financial team with the capabilities needed for current and future needs? Are we providing appropriate development opportunities and addressing succession planning for the team?
  10. Are we keeping up with trends and developments relevant to the company? What educational opportunities should we take advantage of?

Endnotes

1https://www2.deloitte.com/us/en/pages/audit/articles/a-roadmap-to-non-gaap-financial-measures.html(go back)

2https://www2.deloitte.com/content/dam/Deloitte/us/Documents/audit/ASC/HU/2017/us-aers-headsup-the-new-revenue-standard-are-you-still-assessing-the-impact.pdf(go back)

3See, for example, “Implementation of Critical Audit Matters: The Basics”, at https://pcaobus.org/Standards/Documents/Implementation-of-Critical-Audit-Matters-The-Basics.pdf and “What to expect from auditor reporting of critical audit matters”, at https://www2.deloitte.com/us/en/pages/center-for-board-effectiveness/articles/auditor-reporting-critical-audit-matters.html. Also see https://www2.deloitte.com/content/dam/Deloitte/us/Documents/audit/ASC/HU/2019/us-aers-hu-critical-audit-matters-make-their-debut.pdf.(go back)

4See “Critical Audit Matters Reporting: A First Look”, at https://www.ciiref.org/cams-reporting-a-first-look.(go back)

5See “On the board’s agenda – The front line of ESG disclosure: The board’s role” at https://www2.deloitte.com/us/en/pages/center-for-board-effectiveness/articles/sustainability-disclosure-and-expanded-reporting-trends.html(go back)

6See https://www.sec.gov/rules/proposed/2019/33-10668.pdf(go back)

7https://www.sec.gov/news/public-statement/statement-role-audit-committees-financial-reporting(go back)

8See “On the board’s agenda — 2019 Proxy Review” at https://www2.deloitte.com/content/dam/Deloitte/us/Documents/center-for-board-effectiveness/us-cbe-2019-proxy-report.pdf(go back)

9See “On the board’s agenda — Board oversight of corporate compliance: Is it time for a refresh?” at https://www2.deloitte.com/content/dam/Deloitte/us/Documents/center-for-board-effectiveness/center-for-board-effectiveness-board-oversight-of-corporate-compliance.pdf(go back)

Trackbacks are closed, but you can post a comment.

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

  • Subscribe or Follow

  • Supported By:

  • Program on Corporate Governance Advisory Board

  • Programs Faculty & Senior Fellows