Blogs

KMPG's "2025 Audit Committee Survey Insights" reveals the results of a global survey of more than 600 audit committee members and chairs, in addition to US-specific findings based on a survey of 85 US audit committee members and chairs of predominantly (85%) publicly traded companies across industries conducted from February to May 2025.

Among the key takeaways for US companies relate to the audit committee’s oversight responsibilities:

Significant oversight responsibilities—In addition to financial reporting and related control risks, roughly three-quarters of audit committees have significant oversight responsibilities for cybersecurity and IT, management’s ERM processes, and legal/regulatory compliance, while just over half have significant oversight responsibilities for data governance (e.g., privacy, protection, ethics, AI, algorithm bias).

Scope of cyber/data privacy/tech responsibilities—The table below shows the scope of the audit committee’s oversight responsibility for each of the listed areas:

*Data ethics in this context means how the company manages tensions between its use of customer data in a legally permissible way with customer expectations to protect their personal privacy

Risk oversight gaps—Of the various enterprise risks under the purview of multiple board committees that audit committees are most concerned about in terms of potential oversight gaps, respondents identified cybersecurity / data privacy / AI (49%), geopolitical risks (36%), and supply chain and the need to reassess risks and oversight responsibilities (each at 28%).

Gen AI risks—Risks associated with the company’s use of GenAI that are generating significant discussion in audit committee meetings include increased cybersecurity risk, including risks posed by hackers’ use of GenAI (41%) and cybersecurity – including ransomware and IP risk (35%).

Interactions with management—Respondents most commonly identified the CFO and GC (81% and 67%, respectively) as those (in addition to the board) with whom they are spending significantly more time in light of the evolving risk & disclosure environment, followed by the external auditor (56%) and chief audit executive (54%).

“The Audit Committee Chair of the Future” from Deloitte US reveals insights from interviews with S&P 500 audit committee chairs on how they navigate risk, foster transparency, and drive effective oversight in the rapidly evolving environment.

In addition to other audit committee meeting structure, practice, and process perspectives that are particularly noteworthy for the corporate secretary’s office, committee chairs suggested they could explore the following changes to help manage the increasing volume and complexity of materials:

• Consider having management provide video pre-reads for certain areas such as business results or new product launches.
• Mandate one-page executive summaries for each report that clearly state the report’s purpose—informational, for discussion, or for approval—and provide a high-level overview.
• Establish clear guidance on the distinction between pre-read versus presentation materials.
• Set timelines for distributing materials—to allow sufficient time for committee members to review.
• Preview materials with management in advance—sometimes in draft form—to anticipate committee questions and enhance the quality of materials provided to the full committee.

Additional measures or tools, such as engaging outside advisors and using AI, were also raised as potential solutions to help streamline meeting materials.