Audit Committee Blueprint

EXECUTIVE SUMMARY

The Big Picture: What's Changed? 

Our discussions with members of the Audit Committee Working Group focused on several fundamental questions about audit committee oversight that are acute today, starting with the big picture: what macro trends affecting audit committee practices, priorities, skill sets, and committee composition will be key going forward? 

It’s clear that the audit committee’s core role—oversight of financial reporting, related controls, disclosures, and oversight of auditors—has not fundamentally changed. And principles from the 2010 Report of the NACD Blue Ribbon Commission on the Audit Committee still hold true. However, aspects of reporting itself are changing, and audit committees must stay current on developments in areas including environmental, social, and governance (ESG) issues, cybersecurity, artificial intelligence, and geopolitics. At the same time, the increased complexity and uncertainty of the business and risk landscape have raised the stakes and increased the workload of audit committees. COVID-19, the Russia-Ukraine war, high-profile cyberbreaches, digital disruption, mounting climate risks, inflation, and economic dislocations are among the issues that continue to test audit committee and board practices and skill sets. 

Several overarching themes emerged from the Working Group’s discussions: 

• Expanding risk oversight responsibilities. The increasing complexity and unexpected interconnectedness of risks has put a premium on more holistic risk management and oversight. Many (if not most) audit committees today are shouldering heavy risk agendas and oversight responsibilities beyond their core responsibilities—for cybersecurity, data privacy, supply chain, geopolitical, and regulatory compliance risks, as well as oversight responsibility for all or aspects of management’s enterprise risk management (ERM) system and processes. 
• Expanding responsibilities for ESG oversight. Demands from regulators, investors, employees, customers, and other stakeholders for action as well as increased disclosure and transparency—particularly around climate, cybersecurity, and ESG—continue to intensify. Many audit committees are evaluating what their role should be vis-à-vis their companies’ corporate sustainability reports and other ESG disclosures, as well as the selection of disclosure frameworks (to the extent not mandated by law or regulation). The US Securities and Exchange Commission (SEC) has been aggressive in identifying deficiencies in disclosure controls and procedures and in calling out “greenwashing.” 
• The game changer for audit committees: regulation of climate and other ESG disclosures by the SEC and foreign regulators. The SEC’s disclosure proposals, particularly its climate proposal, as well as recent foreign sustainability reporting requirements—such as the European Union’s Corporate Sustainability Reporting Directive, which has an extraterritorial reach that may touch many US multinationals—are likely a game changer for audit committees. They greatly expand the committee’s workload and oversight responsibilities (including overseeing the company’s compliance with differing global ESG reporting regimes, and the external auditor’s attestation of green house gas emissions and other information required by global regulators) and require greater coordination with other standing committees than has historically occurred. 
• Increasing complexity of the audit committee’s core oversight responsibilities. While the scope of audit committee oversight responsibilities has increased significantly, the committee’s core oversight responsibilities—for financial reporting, related controls, disclosures, and oversight of auditors—have also become more complex and demanding, particularly given the uncertain business and risk environment. 
• Impact of changing audit committee member skill sets—including reliance on one or two members as financial experts. As the audit committee’s role and responsibilities continue to expand and evolve beyond its core oversight responsibilities, the skill sets of many audit committees have changed, or are in the process of changing. As audit committees add members with experience in IT, cybersecurity, climate, or other areas critical to the business, many audit committees may be relying on one or two members, such as the chair, to do the “heavy lifting” in the oversight of financial reporting and controls.

Members of the Working Group offered different viewpoints on the implications of these challenges to audit committee oversight and effectiveness. Based on their insights—as well as on recent KPMG Board Leadership Center/Audit Committee Institute research and ongoing dialogue with audit committees—this report spotlights 10 critical areas of focus going forward.

As emphasized by the Working Group members, the 10 areas of focus are not fundamentally new. But our discussions put them into a new light and fresh context (some, including “critical alignments,” with a note of urgency). Taken together, they can provide the audit committee with a good overarching view—a framework—for reassessing and fine-tuning its oversight practices, skill sets, and leadership.

More broadly, the considerations and recommendations offered here can also help the audit committee support the full board’s consideration of risk oversight roles and responsibilities. Indeed, audit committees have long been an important voice and catalyst in sparking healthy discussions by the full board about risk oversight, corporate compliance, culture, and transparency.

Used in tandem with NACD’s The Future of the American Board report, the following recommendations can enrich those full-board, multi-committee discussions as the audit committee rethinks and fine-tunes its own effectiveness.

Read More