Deloitte and the Center for Audit Quality released the fourth edition of their "Audit Committee Practices Report," which was based on a recent survey of 237 primarily (89%) US public (86%) and private company audit committee members across industries (27% financial services). Nearly three-quarters of public companies represented by respondents had at least $2 billion or more in market cap.
Among the key takeaways:
Cybersecurity
- Nearly two-thirds of respondents (62%) overall said that their audit committee oversees cybersecurity, while 23% allocate primary oversight to the full board. Among financial services respondents, 41% of audit committees have primary oversight of cybersecurity, while 24% allocate primary responsibility to their board risk committee.
- Nearly three quarters of companies (71% overall compared to 72% for financial services companies) represented by respondents include cybersecurity on their agendas quarterly.
Enterprise Risk Management—Primary oversight for ERM is commonly allocated to the audit committee (52%), followed by the board (28%), risk committee (19%), or other (1%), with nearly half of companies including ERM on the audit committee meeting agenda on a quarterly basis.
Meeting Effectiveness—Improving the quality of presentations during meetings was identified by 40% of respondents as among the top three most impactful strategies to enhance effectiveness:
The report suggests companies consider these tactics to improve the quality of presentations:
- Advise presenters to begin their presentation where the pre-reads end.
- Encourage presenters to limit the number of slides presented during meetings.
- Discourage presenters from flipping slides.
- Encourage management to highlight key changes from the prior period, significant judgments, and close calls when presenting financial information.
Meeting Attendance—The vast majority of companies (82%) permit attendance by non-committee members to audit committee meetings. Of those companies, 46% expect non-committee members to actively participate in the meetings, while 49% perceive them as non-participating observers. Another 10% have no established practice on the attendance of non-committee members at audit committee meetings, while 8% of companies don’t allow non-committee members to attend.
Meeting Materials—Most companies (81%) make the audit committee meeting materials available to non-committee members; 10% do not; 6% don’t have an established practice; and 3% were unsure.