Tag: Center for Audit Quality
Center for Audit Quality comes to the rescue for audit committees tasked with AI oversight
In this 2023 article in Fortune, a survey of 2,800 managers and executives conducted by management consulting firm Aon showed that business leaders “weren’t very concerned about AI….Not only is AI not the top risk that they cited for their companies, it didn’t even make the top 20. AI ranked as the 49th biggest threat for businesses.” Has “the threat of AI been overhyped,” Aon asked, or could it be that the “survey participants might be getting it wrong”? If they were, it wasn’t for long. Fast forward less than a year, and another Fortune article, citing a report from research firm Arize AI, revealed that 281 of the Fortune 500 companies cited AI as a risk, representing “56.2% of the companies and a 473.5% increase from the prior year, when just 49 companies flagged AI risks. ‘If annual reports of the Fortune 500 make one thing clear, it’s that the impact of generative AI is being felt across a wide array of industries—even those not yet embracing the technology,’ the report said.” This widespread recognition of the potential risks of genAI will likely compel companies to focus their attention on risk oversight, and that will almost certainly entail oversight by the audit committee. To assist audit committees in that process, the Center for Audit Quality has released a new resource—an excellent new report, Audit Committee Oversight in the Age of Generative AI.
CAQ’s 2024 audit committee practices report discusses priorities and practices
The Center for Audit Quality has released its 2024 “Audit Committee Practices Report: Common Threads Across Audit Committees.” The report highlights the top five audit committee priorities identified by committee members in a survey from CAQ and discusses practices to improve effectiveness and other observations. Interspersed throughout the report are recommendations and advice from the CAQ. What was identified by respondents as the “most important topic, risk, or issue” for their audit committees in the next 12 months? Not financial reporting or financial audits—core responsibilities for the audit committee—as you might expect. Nope, it was cybersecurity. According to the CAQ report, the scope of audit committee responsibilities “continues to expand beyond the traditional remit of financial reporting and internal controls, internal and external audit, and ethics and compliance programs. Topics like cybersecurity, artificial intelligence (AI), and climate are now regularly showing up on many audit committee agendas, especially when it’s a matter of complying with regulatory disclosure requirements.” Audit committee members and their advisors may want to check out the report.
The CAQ has some ideas for improving audit committee disclosure
The Center for Audit Quality, working with Ideagen Audit Analytics, has just released a new edition of its annual Audit Committee Transparency Barometer, which, over the past ten years, has measured the robustness of audit committee disclosures in proxy statements among companies in the S&P Composite 1500. Why is that important? According to the CAQ, “numerous studies have identified a positive correlation between increased communication of audit committee oversight through disclosures in the proxy statement and increased audit quality.” Not to mention the interest of investors and other stakeholders in better disclosure. The bottom line, according to the CAQ, is that the level of voluntary transparency has continued to increase steadily in most core areas of audit committee responsibility, such as oversight of the external auditor, as well as in evolving areas, such as cybersecurity risk and ESG. But it could still stand some improvement. In light of the “current environment of economic uncertainty, geopolitical crises, and new ways of working,” the CAQ encourages audit committees to jettison boilerplate and “tell their story through tailored disclosures in the proxy statement…. For audit committees to enhance their disclosures, they should provide further discussion not just of what they do in their oversight of the external auditor but also how they do it.” In the Barometer, the CAQ offers some specific ideas on just how audit committees can improve their disclosure and enhance its utility.
IAASB proposes new assurance standard for climate disclosures
A 2021 article in the WSJ about carbon emissions identified “[o]ne problem facing regulators and companies: Some of the most important and widely used data is hard to both measure and verify.” According to an academic cited in the article, the “measurement, target-setting, and management of Scope 3 is a mess.” As a result—and as the term “greenwashing” brings to mind—investors and other stakeholders are frequently apprehensive about the reliability of corporate disclosures regarding sustainability. One approach to address this concern is to obtain assurance to verify the data. However, the WSJ suggested that, based on data regarding verification of climate information provided on a voluntary basis, audits are a challenge. For one reason, verification of ESG data “is generally less rigorous than the external audits required for financial reporting.” Moreover, there is “no set standard for how climate data should be verified, or by whom.” That may be about to change—internationally, that is. Will the U.S. follow suit?
SEC’s Investor Advisory Committee discusses audit committee overload and disclosure
In May, SEC Chief Accountant Paul Munter, quoted here, cautioned his conference audience about the potential for audit committee overload. “More demands are being put on audit committees, sometimes on topics outside their core responsibility,” he said. “Audit committees need to be continually vigilant that they have enough time to focus on their core mission—protecting investors—and don’t let other topics cloud that out.” While the AC’s primary responsibilities are generally thought to be oversight of financial reporting, including the audit of a company’s financial statements and internal control over financial reporting, these days, the AC often becomes the default committee of choice for oversight of other emerging risks, such as cybersecurity and even ESG. With ACs now perhaps the “kitchen sink of the board,” are its members stretched too thin to carry out fundamental responsibilities? Are members being asked to operate outside of their core skillsets? What is the impact? These concerns appear to have prompted the panel at last week’s meeting of the SEC’s Investor Advisory Committee discussing AC workload and transparency.
How reliable is your company’s carbon footprint?
Just how reliable are those carbon footprints that many large companies have been publishing in their sustainability reports? Even putting aside concerns about greenwashing, what about those nebulous Scope 3 GHG emissions? As we all know, the SEC is now is the midst of developing a proposal for mandatory climate-related disclosure. (See, e.g., this PubCo post and this PubCo post.) The WSJ reports that “[o]ne problem facing regulators and companies: Some of the most important and widely used data is hard to both measure and verify.” According to an academic cited in the article, the “measurement, target-setting, and management of Scope 3 is a mess….There is a wide range of uncertainty in Scope 3 emissions measurement…to the point that numbers can be absurdly off.”
Help is here for audit committees—CAQ offers updated auditor assessment tool
To fulfill their oversight responsibilities, audit committees typically evaluate the outside auditor at least annually to determine, in part, whether the auditor should be engaged for the subsequent fiscal year. The Center for Audit Quality has just published a new updated External Auditor Assessment Tool, which is “designed to assist audit committees in carrying out their responsibilities of appointing, overseeing, and determining compensation for the external auditor.” Beyond oversight, the CAQ observes that a “[r]obust, two-way dialogue that includes providing constructive feedback to the external auditor may improve audit quality and enhance the relationship between the audit committee and the external auditor.” Like many other helpful CAQ tools, this tool provides a number of sample questions to help audit committees satisfy their oversight obligations with regard to the outside auditor. (The discussion below includes only a sampling of the CAQ’s questions provided in the Assessment Tool.) The CAQ also provides a sample form that can be used to solicit input about the outside auditor from company personnel who have had substantial contact with the auditor.
CAQ discusses lessons learned from “dry runs” on critical audit matters and related questions for audit committees
As you may recall, auditors of large accelerated filers will be required to report on CAMs—critical audit matters—in their auditor’s reports for fiscal years ending on or after June 30, 2019 and in auditor’s reports for all other companies (except EGCs) to which the requirements apply for fiscal years ending on or after December 15, 2020. (See this PubCo post.) As SEC Commissioner Kara Stein observed in her statement on approval of the new rule, the new “standard marks the first significant change to the auditor’s report in more than 70 years.” Because the selection of and disclosure regarding CAMs will certainly present a challenge for both auditors and audit committees, auditors have been taking steps to prepare for the coming change, including conducting “dry runs” to get a better handle on how the new CAM disclosures will look and how the process will affect financial reporting. To provide some lessons learned from these early dry runs and enhance the understanding of audit committees, auditors and other participants in the process, the Center for Audit Quality has published Critical Audit Matters: Lessons Learned, Questions to Consider, and an Illustrative Example.
CAQ releases 2018 audit committee transparency barometer
The Center for Audit Quality, working with Audit Analytics, has just released a new edition of its annual Audit Committee Transparency Barometer, which, over the past five years, has measured the robustness of audit committee disclosures in proxy statements among companies in the S&P Composite 1500. The bottom line, according to the CAQ, is that the level of voluntary transparency has continued to steadily increase in most areas. The report includes several useful examples of the types of disclosure discussed.
Center for Audit Quality issues tool for board oversight of cybersecurity risk
The Center for Audit Quality has just issued Cybersecurity Risk Management Oversight: A Tool for Board Members. The tool offers questions that directors can ask of management and the auditors as part of their oversight of cybersecurity risks and disclosures. The questions are designed to initiate dialogue to clarify the role of the auditor in connection with cybersecurity risk assessment in the context of the audit of the financial statements and internal control over financial reporting (ICFR), and to help the board understand how the company is managing its cybersecurity risks.
You must be logged in to post a comment.