Audit Committees Prioritize Cybersecurity, Enterprise Risk Management in New Survey

Two-thirds of audit committee members see opportunities to improve effectiveness, according to Deloitte, Center for Audit Quality Survey.

The “Audit Committee Practices Report: Common Threads Across Audit Committees,” a joint effort between Deloitte’s Center for Board Effectiveness and the Center for Audit Quality (CAQ), identified cybersecurity as the top priority in the next 12 months.

A total of 266 respondents participated in this year’s survey, most of whom are from US public companies (74%), and of which 81% have more than $700 million in market cap.

Respondents cited enterprise risk management (ERM) as the No. 2 priority, demonstrating a broader, more holistic view of risk. Meanwhile, trending topics like artificial intelligence (AI) governance and environmental, social and governance (ESG) reporting are receiving comparably less attention.

Latest Hrtech Insights: MDM Software in 2024: Addressing Challenges of the Near Future in Corporate Devices

“We are seeing the role of the audit committee continue to evolve and adapt as demands on oversight responsibilities change with the business environment and investor expectations,” said Vanessa Teitelbaum, senior director, Professional Practice at CAQ. “Audit committees are zeroed in on one of their core responsibilities: overseeing enterprise risk programs at large. While their agenda continues to grow and expand, key areas like cybersecurity and ERM remain a central focus.”

In addition to cybersecurity and ERM, finance and internal audit talent (a new entry in this year’s survey), compliance with laws and regulations, and finance transformation rounded out the top five priorities. Although the majority of respondents view internal audit as an effective function — one that adds demonstrable value — nearly 80% believe there is an opportunity for internal audit to add even more value. Audit committees are also increasingly prioritizing compliance with laws and regulations, with more than one-third citing it as a top-three priority, a significant increase from last year.

Cybersecurity remains No. 1 priority for audit committees, followed by ERM

Cybersecurity topped the list of committee priorities by nearly 20 percentage points over ERM. Notably, 58% of respondents said the audit committee has primary oversight over cybersecurity, with 25% indicating the full board has oversight responsibility. Sixty-nine percent of respondents highlighted cybersecurity as a top concern in the next 12 months, with 3-in-10 ranking it No. 1.

The heightened focus on cybersecurity is likely due to greater disclosure requirements from regulatory agencies. The U.S. Securities and Exchange Commission (SEC), for example, is requiring new disclosures on cybersecurity risks and incidents, as well as management and strategy, including an explanation of oversight processes.

When considering what additional expertise would enhance the audit committee’s effectiveness, cybersecurity was highlighted as the top area (44%). This is particularly notable given that almost half (48%) of respondents said they have some level of cybersecurity expertise on the committee.

The evolving risk landscape and emerging risks have put an increased spotlight on ERM. Nearly half of respondents indicated that ERM will be a top focus area in the next 12 months. More than three quarters (85%) of respondents reported some level of ERM expertise on the audit committee, positioning it to effectively oversee management’s risk programs.

Opportunities for audit committees to increase effectiveness

With a growing agenda and evolving responsibilities, audit committee members see an opportunity for continuous learning and improvement and have perspectives on how they could enhance their effectiveness. Only one-third of respondents say the committee is effective as is, while the rest feel there is at least one strategy that could boost general effectiveness. Those respondents highlighted three key areas for improvement:

  • Increased discussion and/or engagement from members during meetings — highlighted by 29% of respondents.
  • Improved quality of pre-read materials — highlighted by 28% of respondents.
  • Improved quality of presentations during meetings — highlighted by 26% of respondents.

“The effectiveness of an audit committee can be distinguished by how it executes its responsibilities,” said Krista Parsons, Audit & Assurance managing director, Audit Committee Program leader, and Governance Services leader at Deloitte’s Center for Board Effectiveness. “Key to this is including the right topics on the agenda, obtaining information that enhances comprehension of these issues, and fostering candid and transparent discussions. These are among the actions that audit committee members can take to be prepared for the issues facing them today and in the future.”

Read More About Hrtech : Untraditional Ways to Discover Tech Talent and Promising Software Projects

 [To share your insights with us, please write to ]