For the fourth straight year, cybersecurity is the No. 1 priority for audit committees at public companies, outside of financial reporting and internal controls, according to survey findings released on Feb. 12 by the Deloitte Center for Board Effectiveness and the Center for Audit Quality.
“We developed this survey four years ago to understand audit committee priorities and challenges and to obtain information on questions audit committees and governance professionals regularly ask us. Each year, we repeat some questions to understand how audit committees are evolving and identify emerging trends,” Deloitte and the CAQ say in the report. “We also include new questions that reflect the current environment in which audit committees are operating.”
Of the 237 respondents who participated in this year’s survey—primarily on boards of U.S. public companies with $2 billion or more in market cap—93% ranked cybersecurity as one of their top three priorities, with 50% ranking it as the leading priority for the audit committee, according to the new report, “Audit Committee Practices Report: Common Threads Across Audit Committees.” In addition, 71% report cybersecurity is on their agenda on a quarterly basis.
This is a clear indication that complex and evolving risk will continue to be a focus for audit committees in years to come, the report says.
“Cybersecurity remains atop audit committees’ agendas because the stakes have never been higher,” Vanessa Teitelbaum, CAQ’s senior director of professional practice, said in a statement. “With the increasing sophistication of cyber threats and the potential for significant financial, operational, and reputational harm, it’s critical for audit committees to stay ahead. Their continued focus and evolving expertise are essential to protecting organizations in this heightened risk environment.”
On a broader scale, enterprise risk management—critical to achieving organizational objectives and safeguarding the company’s reputation and stakeholder relationships—is ranked as the second-highest priority for audit committees. Finance and internal talent remain the third-highest priority for audit committees.
When presented with various strategies to enhance audit committee effectiveness, more than two-thirds of respondents (69%) felt meetings might be improved by implementing one or more of the following strategies:
- Forty percent of respondents want to improve the quality of presentations during meetings. This jumped from third last year to the top area of improvement this year.
- Thirty-four percent of respondents want more engagement and discussion from committee members during meetings.
- While most respondents feel that they have enough time to cover agenda items, some (12%) suggested they could use more time.
“As I work with audit committees, enhancing meeting effectiveness remains a top priority. In the face of new and evolving risks, the ability to better prioritize agendas, access comprehensive and timely information, and engage in open and candid discussions are critical factors that will drive efficiency and overall effectiveness,” said Krista Parsons, Deloitte & Touche audit and assurance managing director and leader of the Government Services and Audit Committee Program for the Deloitte Center for Board Effectiveness.
The survey also found an increased emphasis on understanding the impact and usage of AI technologies throughout the organization by the C-suite and board. The number of respondents who identified AI governance as a priority grew year over year, jumping to 35% from 20% last year. A growing portion of audit committees are taking on primary oversight of AI governance (up to 20% from 14% last year). Still, oversight mostly falls with the full board (58%), the report says.
Additionally, survey results suggest that work has been done to develop governance structures for AI oversight, with fewer respondents (6%) acknowledging they “don’t know” where AI oversight falls within their organization this year versus last year (17%).
“Amid ongoing conversations around how organizations govern AI, the question of who should be responsible for primary oversight continues to evolve,” the report says.
Thanks for reading CPA Practice Advisor!
Subscribe Already registered? Log In
Need more information? Read the FAQs
