Deloitte and the Center for Audit Quality released the second edition of their Audit Committee Practices Report based on an August to October 2022 survey of 164 predominantly US-based and publicly traded company audit committee chairs (64%) and members (36%). Results are reported in the aggregate, as well as by the non-financial services and financial services sectors (61% and 39% of total respondent group, respectively). The number of responses varied by question as provided in the report.
Among the key takeaways:
Committee size—A plurality of committees overall have fewer than four members; however, four members is the most common size for financial services companies.
Expertise—A plurality of committees (both non-financial services and financial services sectors) have three audit committee financial experts (ACFE). The vast majority of companies disclose all qualified ACFEs in their proxies.
More than 60% of respondents overall cited audit committee experience/expertise in the areas of compliance, operations, enterprise risk, the company’s industry, and finance/accounting. More than half of financial services companies also have technology (other than cybersecurity) experience/expertise represented on the committee.
More than 90% of respondents overall (93% non-financial services | 89% financial services) think they have the appropriate blend of experience and skills on their committee.
Composition changes—The majority of respondents overall don’t anticipate making changes to their committee composition and half don’t anticipate expanding their committee size in the next 12 months. About 25% do anticipate making composition changes or expanding the size of their committee. The balance are unsure.
The majority of respondents overall don’t anticipate replacing their current audit committee chair in the next 12 months. Nearly one-quarter of non-financial services respondents anticipate replacing the current chair with another committee member.
Refreshment policies—Most companies don’t have an audit committee chair or member rotation policy or require new directors to serve on the audit committee.
Primary oversight responsibilities—More than half of respondents overall (53%) said that their audit committee has primary oversight for cybersecurity and ethics and compliance (also 53%), and nearly half of committees (48%) assume primary responsibility for data privacy and security oversight. Non-financial services companies are much more likely than financial services companies to allocate these responsibilities to the audit committee.
Priorities—Other than financial reporting and internal controls, respondents anticipate cybersecurity, ERM, and ESG disclosure and reporting to be the top three areas of committee focus in the next 12 months (63%, 45%, and 39%, respectively).
We reported on the inaugural report here.
See “‘Scope creep’ challenging audit committees: CAQ” (CFO Dive) and additional resources on our Audit Committees and Board Practices / Governance Practices pages.
This post first appeared in the weekly Society Alert!