2023 Audit Committee Transparency Barometer
Audit committees play a pivotal role in instilling trust in capital markets through their oversight of the financial reporting and audit process. In order for investors, regulators and other stakeholders to have that trust, they must be able to understand who the audit committees are and what they do to earn that trust. Disclosures in public proxy statements are a significant tool that audit committees have at their disposal.
Overview
The Center for Audit Quality (CAQ) and Ideagen Audit Analytics have released the 10th annual Audit Committee Transparency Barometer Report. The report analyzes audit committee disclosures of companies in the Standard & Poor’s (S&P) Composite 1500 (S&P 1500), which is composed of the S&P 500 large-cap companies (S&P 500), the S&P MidCap 400 (S&P MidCap), and the S&P SmallCap 600 (S&P SmallCap).
The report highlights the importance of audit committee disclosures in promoting audit quality, auditor independence, and meeting investor expectations. This year, the report data highlights the following:
- Increased transparency to benefit investors and other stakeholders. It suggests that audit committees should enhance disclosures on audit fees, including their responsibility for fee negotiations and considerations of auditor tenure and engagement partner selection.
- Disclosures on cybersecurity risk oversight and ESG have increased by up to 50% in the past year; however, there’s still room for improvement.
Furthermore, the report recommends that audit committees should provide more information on how they approach their oversight responsibilities. Additionally, emerging areas of risk require expanded skill sets from audit committee members. As such, the report notes changes in the audit committee’s composition, in terms of members’ expertise and responsibilities.
10 Years of Examining Audit Committee Disclosures
The report has observed an increase in disclosure rates for most of the questions and topics tracked in audit committee disclosures. This is largely attributed to the current economic landscape which has been plagued with uncertainty, geopolitical crises, and evolving work methods. Due to this, audit committees are communicating their actions through tailored disclosures in the proxy statement. These disclosures are essential for investors and stakeholders to understand how the audit committee is overseeing risks and challenges and to instill confidence within the financial reporting ecosystem.
The 2023 Barometer continues to reflect positive long-term disclosure trends with the opportunity to enhance disclosures on certain topics. Below are the results for 2023:
| Disclosure Question | S&P 500 | S&P MidCap | S&P SmallCap | |
| Q1 | Is there disclosure related to a discussion of Audit Committee considerations in appointing or (re)appointing the external auditor? | 49% | 36% | 26% |
| Q2 | Is there disclosure of the length of time the auditor has been engaged? | 73% | 60% | 55% |
| Q2.1 | Is there disclosure related to a discussion about how the Audit Committee considers length of auditor tenure? | 11% | 6% | 3% |
| Q3 | Is there a disclosure related to a discussion of audit fees and its connection to audit quality? | 6% | 3% | 1% |
| Q4 | Is there disclosure related to a discussion of how non-audit services may impact independence? | 85% | 82% | 75% |
| Q5 | Is there a statement that the Audit Committee is responsible for fee negotiations? | 17% | 7% | 6% |
| Q6 | Is there an explanation provided for a change in fees paid to the external auditor? | 25% | 25% | 28% |
| Q7 | Is it stated that the evaluation of the external auditor is at least an annual event? | 38% | 24% | 19% |
| Q8 | Is it explicitly stated that the Audit Committee is involved in selection of the audit engagement partner? | 53% | 24% | 12% |
| Q8.1 | 1 Is there disclosure related to a discussion of how the Audit Committee is involved in the selection of the audit engagement partner? | 16% | 9% | 5% |
| Q9 | Is it disclosed that the board of directors has a cybersecurity expert? | 51% | 36% | 28% |
| Q10 | Is it disclosed that the Audit Committee is responsible for cybersecurity risk oversight? | 59% | 50% | 40% |
| Q11 | Is it disclosed that the board of directors has an ESG or sustainability expert? | 54% | 41% | 29% |
| Q12 | 2 Is it disclosed that the Audit Committee is responsible for ESG oversight? | 29% | 17% | 12% |
Audit Committee’s Responsibilities
The CAQ indicates that institutional investors want to know more about core matters such as the audit committee's oversight of audit strategy, communications regarding significant risks identified, and awareness of matters such as material violations of laws and regulations.
It is also recognized that the core role of the audit committee continues to evolve. As new responsibilities for emerging risks take shape – such as those related to integration of ESG factors into business strategy and reporting, cybersecurity, and technology – there are opportunities for boards, and particularly the audit committee, to disclose how responsibilities for such risks are being allocated among board committees and highlight the specialized knowledge of committee members to support this oversight.
Cybersecurity and ESG Factors
One of the significant takeaways from the report is that disclosures of cybersecurity risk and ESG oversight have increased. This is due to increasing pressure from investors, regulators and other stakeholders for reporting and disclosure of ESG factors that have material financial impacts on companies. Audit committees need to remain abreast on evolving regulations - both domestically by the SEC (e.g., recently released cybersecurity rules and pending climate change proposed rules) and internationally (e.g., recent ISSB baseline sustainability standards, CSRD in the EU, etc.).
Currently, 59% of S&P 500, 50% of S&P MidCap and 40% of S&P SmallCap companies report that the audit committee is responsible for cybersecurity oversight. Additionally, 51% of S&P 500, 36% of S&P MidCap and 28% of S&P SmallCap companies report that the board has a cybersecurity expert. The new SEC Cybersecurity Disclosure rule related to governance includes a requirement to disclose a description of the board’s oversight of risks from cybersecurity threats, and, if applicable, identification of any board committee or subcommittee responsible for such oversight “and describe the processes by which the board or such committee is informed about such risks”. This is intended to provide investors with more transparency and comparability related to cybersecurity governance oversight.
Not only does the audit committee need to understand these evolving regulations, but they need to have the expertise to ensure management appropriately adopts and implements them. Compliance with these additional reporting requirements will involve data collection and computations “outside” of the standard financial reporting system and will require audit committee oversight of management’s development of internal controls as well as consideration around the phase ins for obtaining assurance over ESG reporting.
For more information on ESG, BDO’s ESG Center of Excellence provides continual thought leadership, webinars and podcasts to keep our clients knowledgeable on this rapidly developing landscape. To learn more about how BDO can help you manage cybersecurity risks, visit BDO Digital’s Cyber Resilience insights page.
Technology Use
Management’s Use of Technology
Technology can drive efficiencies in in-house processes; however, the audit committee needs to be fully attuned to how the company is using technology for their everyday tasks. The use of technology requires investments in policies, procedures, internal controls, and cybersecurity protections. Whether using data analytics, RPAs, machine learning or Generative AI capabilities, directors need to consider what safety measures have been established by management to monitor the integrity of the data. See BDO’s publication 10 AI Considerations for the Board for more.
Auditor’s Use of Technology in the Audit
Technology is bringing innovation to the audit as well. However, just like company’s management teams, audit firms need to safeguard themselves by having policies and procedures in place to ensure data is secure and not being altered. BDO in the Boardroom recently issued a podcast mini-series on technology and the audit to keep our clients knowledgeable about this rapidly developing landscape. Audit committees need to ask their auditors about their use of technology throughout the audit. These conversations are essential to ensure trust and promote audit quality.
Auditor Fees and Selection
Another key takeaway from the report calls for audit committees to provide more robust disclosures on auditor fees and selection. Stakeholders want to know how audit committees are considering the appropriateness of the audit fee, including the connection between audit fees and audit quality. While fee structure is important, the audit committee’s top priority in selecting or retaining an auditor should always be audit quality. Explaining the audit committees fee considerations (e.g. benchmarks and changes to the audit fee year over year) provides stakeholders with insight into both the committees considerations around audit quality (e.g. risk identification and audit complexity) and the evaluation of the external auditor. If the fee is low, it may indicate that not enough time was spent on the engagement, which in turn makes stakeholders fearful of the quality of the audit. Although, if audit fees are too high, it could indicate inefficiencies, which could trigger concern for some stakeholders. By disclosing the process by which the audit committee considers the annual audit fees and selection of the auditor, stakeholders may better understand specific considerations contributing to the appointment and/or retention of the auditor.
Audit Committee Composition
The audit committee’s role has expanded beyond oversight of financial reporting and oversight of the external auditor. As noted above, often their role now includes emerging risks like cybersecurity and ESG. Just like investors have called for more disclosures around ESG and cybersecurity, they also want to understand whether directors are fit for purpose in these areas. As such, boards are focusing more on the audit committee’s composition as well as the allocation of oversight responsibilities among committees, which may include a review of individual director time commitments.
Boards should be doing a constant assessment of director skill sets and should consider incorporating a skills matrix to ensure that they have experience in aspects that are crucial to the company’s business strategy. This tool allows directors to see and assess gaps and determine the best way to fill those gaps by incorporating the desired skill set into the selection of their next director. Boards should always be planning refreshment of their members; although, appointments are not always something that may happen in the near term. There are additional ways to bring expertise and experience to the board in terms of placing emphasis on continuing education, leveraging trust advisors and consultants, etc.
Next Steps
Audit committees play a crucial role in protecting investors by overseeing external auditors and addressing emerging risks. Their actions set the tone for the expected quality of financial reporting and promote investor trust. Strong financial and governance disclosures are essential in providing investors with information about how audit committees fulfill their responsibilities and build trust.
We further encourage audit committees to maintain continuous and thoughtful communications with their auditor to remain abreast of specific facts, circumstances and developments that may impact the execution of the audit and overall quality of the audit and resulting financial statements.
We invite you to explore additional resources of interest and educational programming via the BDO Center for Corporate Governance and BDO Center for Accounting Standards & Reporting Matters.
SHARE