The Center for Audit Quality, working with Ideagen Audit Analytics, has just released a new edition of its annual Audit Committee Transparency Barometer, which, over the past ten years, has measured the robustness of audit committee disclosures in proxy statements among companies in the S&P Composite 1500. Why is that important? According to the CAQ, “numerous studies have identified a positive correlation between increased communication of audit committee oversight through disclosures in the proxy statement and increased audit quality.” Not to mention the interest of investors and other stakeholders in better disclosure. The bottom line, according to the CAQ, is that the level of voluntary transparency has continued to increase steadily in most core areas of audit committee responsibility, such as oversight of the external auditor, as well as in evolving areas, such as cybersecurity risk and ESG. But it could still stand some improvement. In light of the “current environment of economic uncertainty, geopolitical crises, and new ways of working,” the CAQ encourages audit committees to jettison boilerplate and “tell their story through tailored disclosures in the proxy statement…. For audit committees to enhance their disclosures, they should provide further discussion not just of what they do in their oversight of the external auditor but also how they do it.” In the Barometer, the CAQ offers some specific ideas on just how audit committees can improve their disclosure and enhance its utility.
According to the CAQ, investors and other stakeholders use disclosures about the audit committee “to understand how the audit committee is exercising oversight to navigate the challenges of this current environment.” In addition, research has shown that institutional investors are interested in more information about “audit strategy, discussions between the auditor and audit committee regarding significant risks identified in the auditor’s risk assessment procedures, and the audit committee’s awareness of certain matters relevant to the audit, such as material violations of laws regulations.” This proxy season will provide an “opportunity for audit committees to revisit their disclosures to ensure that they are up to date and tailored to the specific events and circumstances that the audit committee currently faces.”
Among the key findings in the current Barometer:
Selection of outside auditor; auditor tenure. The CAQ found an increase from 13% in 2014 to 49% in 2023 in the percentage of S&P 500 companies that included in their proxy statements enhanced discussions of their audit committees’ considerations in recommending the appointment of their audit firms. In addition, the CAQ found an increase from 47% in 2014 to 73% in 2023 in the percentage of S&P 500 companies that disclosed audit firm tenure. Nevertheless, while more committees have provided top line information, many fewer have discussed how the information is used. For example, while 73% disclosed the length of the auditor’s tenure, only 11% included discussion of how the audit committee considered the length of the auditor’s tenure. Similarly, while 53% stated that the audit committee is involved in selection of the audit engagement partner, up from 13% in 2014, only 16% included discussion of how the audit committee is involved in the selection of the audit engagement partner. The CAQ emphasizes that both auditor tenure and the lead audit partner impact audit quality. As a result, the CAQ advocates that the disclosure include an explanation of how the audit committee considered both positive and negative factors associated with the auditor’s tenure, as well as the committee’s “process and key considerations in selecting a new audit engagement partner (as applicable, based on mandatory audit partner rotation requirements). Disclosing how the audit committee carefully considered such matters provides useful information to stakeholders and demonstrates the audit committee’s commitment to promoting audit quality.” Below are the CAQ’s suggested questions for audit committees to consider when crafting disclosures on these topics:
- “ Q1. Is there disclosure related to a discussion of Audit Committee considerations in appointing or (re)appointing the external auditor?
- What factors does the audit committee consider when determining to appoint or reappoint the external auditor?
- Does the audit committee consider periodically putting the audit out for bid?
- Do the audit firm’s size, geographic reach, and industry expertise continue to meet the company’s needs?
- How did the audit committee consider the audit firm’s performance on prior engagements?”
- “Q2. Is there disclosure of the length of time the auditor has been engaged?
- Q2.1. Is there disclosure related to a discussion about how the Audit Committee considers length of auditor tenure?
- Does the audit committee have concerns regarding auditor tenure as it relates to auditor independence?
- Have the benefits been disclosed?
- Have the risks and/or mitigants been disclosed?”
- “Q8. Is it explicitly stated that the Audit Committee is involved in selection of the audit engagement partner?
- Q8.1. Is there disclosure related to a discussion of how the Audit Committee is involved in the selection of the audit engagement partner?
- Do disclosures state whether the full audit committee or the chair will interview all potential candidates or only the final candidate?
- If the final candidate, was that candidate vetted by management or recommended by the audit firm?
- When was the engagement partner last selected, and when will the engagement partner rotate off the engagement?
- Why was a new engagement partner selected? Because of the five-year rotation requirement or some other reason?”
Annual evaluation; fee negotiations; non-audit services. The rate of disclosure regarding other topics related to selection of the external auditors also increased. For example, the percent of companies including a statement that the evaluation of the external auditor is at least an annual event increased from 4% in 2014 to 38% in 2023. The prevalence of a statement that the audit committee is responsible for fee negotiations increased from 8% to 17%. The number of companies disclosing how non-audit services may impact independence was high, increasing slightly from 83% to 85%. Below are the CAQ’s suggested questions to consider regarding these topics:
- “Q7. Is it stated that the evaluation of the external auditor is at least an annual event?
- Is it disclosed whether the audit committee evaluates the external auditor and, if yes, how often?
- Are the rigor, substance, and frequency of the evaluation process disclosed?”
- “Q5. Is there a statement that the Audit Committee is responsible for fee negotiations?
- Are disclosures clear that the audit committee is responsible for and actively engaged in fee negotiations?”
- “Q4. Is there disclosure related to a discussion of how non-audit services may impact independence?
- How did the audit committee consider and evaluate non-audit services provided by the external auditor to determine if they affect independence?
- Are the non-audit services provided by the external auditor quantified clearly as part of the audit committee report?
- What are the audit committee’s pre-approval policies?”
Audit fees. Two topics on which the CAQ found a decrease in the rate of disclosure were a discussion of audit fees and their connection to audit quality (from 13% in 2014 to 6% in 2023) and an explanation for a change in fees paid to the external auditor (from 28% in 2014 to 25% in 2023). Of course, audit quality must be the Committee’s top priority when selecting, retaining and evaluating the independent auditor, the CAQ advises. And audit fees “can be an indicator of audit quality because abnormally low fees may indicate that not enough time or resources are spent on the audit engagement, which could contribute to low audit quality. On the other hand, abnormally high audit fees could indicate inefficiencies, which may also be a red flag for stakeholders.” The CAQ advises that audit committees “should provide more robust disclosures about how the audit committee considers the appropriateness of the audit fee, including key factors affecting changes to the audit fee year over year. Describing the audit committee’s views on the audit fee’s appropriateness can help stakeholders understand what contributes to the audit fee and can provide stakeholders further insights into how the audit committee considers audit quality throughout its engagement with the external auditor.” To illustrate, the CAQ suggests that changes in the audit fees could be attributable to efficiencies achieved through new technologies or to changes in the scope of the audit as a result of a major transaction during the year. Below are the CAQ’s suggested questions to consider when crafting disclosures on these topics:
- “Q3. Is there a disclosure related to a discussion of audit fees and its connection to audit quality?
- How has the audit committee considered audit quality when negotiating fees with the external auditor?
- How are hours (scope) and rate/price considered?
- How does the audit committee drive efficiencies but ensure audit quality?”
- “Q6. Is there an explanation provided for a change in fees paid to the external auditor? + Do disclosures explain why audit fees changed year over year?
- Did a transaction require significant additional work by the audit team?
- Were efficiencies achieved? Although stakeholders may be concerned that audit fees are too high and the audit is not efficient, audit fees that are too low could also be a concern that audit quality is compromised.”
Expanded responsibilities. The CAQ observes that, in some respects, the responsibilities of the audit committee have been substantially revamped since the CAQ commenced the Transparency Barometer. That is, while the focus of the audit committee used to be limited primarily to oversight of financial reporting and related controls and oversight of the external auditor, it has now been expanded, for many companies, to include emerging risks, such as cybersecurity and ESG, or at least, components of ESG. (For some companies, certain components of ESG more naturally fit within the remit of the comp committee or the governance committee.) In 2023, among S&P 500 companies, the CAQ found disclosures about the audit committee’s oversight of cybersecurity risk increased from 11% in 2016 to 54% in 2022 to 59% in 2023, with the rate of disclosure that the board had a cybersecurity expert increasing from 7% in 2016 to 39% in 2022 to 51% in 2023. With regard to ESG oversight, the percent of companies in the S&P 500 that disclosed that the audit committee had oversight responsibility for ESG increased from 18% in 2022 to 29% in 2023. In addition, the percentage of companies in the S&P 500 disclosing that the board had a sustainability or ESG expert increased from 39% in 2022 to 54% in 2023. The CAQ observes that stakeholders may find it useful to understand how the board determines expertise and allocates responsibility to board committees for these topics. In that regard, the CAQ advises audit committees to take advantage of the disclosure opportunity to explain the “allocation of responsibilities among the board committees and the specialized knowledge of committee members.” The CAQ’s suggested questions for the audit committee to consider related to cybersecurity and sustainability are below:
- “Q9. Is it disclosed that the board of directors has a cybersecurity expert?
- How has the Board assessed its need for cybersecurity expertise?
- Does a specific director have cybersecurity expertise?
- Does the Board meet with specialists related to cybersecurity?”
- “Q10. Is it disclosed that the Audit Committee is responsible for cybersecurity risk oversight?”
- “Q11. Is it disclosed that the board of directors has an ESG or sustainability expert?
- How has the Board assessed its need for ESG or sustainability expertise?
- Does a specific director have ESG or sustainability expertise?
- Does the Board meet with specialists related to ESG or sustainability?
- If multiple committees address different elements of ESG, what are the committees’ responsibilities, and how do they collaborate?”
- “Q12. Is it disclosed that the Audit Committee is responsible for ESG oversight?”
These new responsibilities have also led to changes in the composition of audit committees and their areas of expertise. The CAQ advises that, given these expanded responsibilities, “it is increasingly important for boards to monitor the skill set and composition of committee members to ensure that audit committee members have appropriate expertise to exercise their oversight. Beyond disclosing the expertise of certain committee members, audit committees may also consider disclosing how all members of the committee stay abreast of emerging areas.” In the CAQ’s 2022 Audit Committee: The Kitchen Sink of the Board, over half of audit committee members interviewed said that they viewed their “continuing education to be a critical part of their ability to manage evolving responsibilities, and they often strategically select continuing education that focuses on emerging risk areas, such as cybersecurity, ESG, and risk management.” The CAQ advises that describing the audit committee’s interest in continuing education “demonstrates the audit committee’s commitment to the oversight role. The same study also found that investors want to understand the roles and responsibilities assigned to the audit committee, why audit committee members are appropriate for the specific company, examples of continuing education for audit committee members, how audit committees address key risks, and details that reflect broader audit committee responsibilities.”
The CAQ concludes with plaudits for audit committees with regard to the vital role they play in investor protection, setting the tone at the top for the quality of financial reporting and their efforts to increase disclosures over the past ten years. The CAQ encourages “audit committees to consider how their disclosures can be enhanced to provide further transparency for investors regarding the critical oversight work that audit committees perform. to investors. Robust disclosures provide important information to investors about how the audit committee fulfills its responsibility to investors and promotes trust.”
Along with the various questions above, the Transparency Barometer includes in the appendices a number of examples of “best practice” disclosure that are certainly worth a look.