Oh, the dog days of summer are coming to an end…no? No dog days for you? No, not really here either. Well, we can all agree that August is coming to an end and for many that marks the “end” of summer with school back (or nearly back) in session. We know we are a broken record to emphasize the busy pace of things in Washington, DC, but the past few months are no exception. Read on to stay informed on recent developments for audit committee members.
We welcome input; please let us know what you think. Subscribe here so that you never miss an update from the CAQ.
What Audit Committees and Investors Want
When it comes to evaluating audit firm and audit engagement performance, what do audit committee members and investors want? We sought to answer this question through two surveys of nearly 250 audit committee members and 100 investors.
Understanding the information needs of a broad range of investors and audit committee members when it comes to evaluating audit firms and audit engagement performance is important to establishing good public policy that addresses stakeholder needs.
Our key findings include:
- More research is necessary to establish whether evidence supports the need for and benefits of proposed metrics.
- Audit committees and many investors already have the information they need.
- Any reporting should be voluntary.
- Any changes to the PCAOB’s standards should promote auditor-audit committee discussion.
- A majority of investors and audit committee members are of the view that the PCAOB’s auditing standards and rules have kept pace with change and require only targeted updating.
The findings from these surveys provide evidence as to the validity of the concerns raised by the CAQ and other commenters as to whether the PCAOB’s recent proposals will achieve the intended objective for investors and audit committees. These concerns include (1) the potential that publicly disclosed mandated metrics will have unintended consequences (and should therefore be voluntary) and (2) the stated benefits in each proposal’s economic analysis do not provide sufficient basis to justify their respective costs. As noted, there was disparity in what investors say would be helpful compared with what they are likely to seek out and audit committees say the information available to them to fulfill their external auditor oversight responsibilities meets most to all their needs. Accordingly, there should be further study and evaluation, including potential pilot testing, prior to adopting any final standard as the PCAOB’s stated value is not sufficiently supported by the expectations or needs of intended beneficiaries.
We provided the detailed results of both surveys to the PCAOB in our supplemental comment letter. You can find investor survey results here and audit committee survey results here.
New CAQ Resource for Audit Committees: Oversight of GenAI
The rise of genAI is raising important questions about when and how to invest in appropriate technologies that may have an impact on the finance organization and the speed of transformation.
As genAI’s use in financial reporting processes and ICFR evolves, audit committees have an important role to play. Understanding the technology, being aware of how its use gives rise to new considerations in financial reporting processes and ICFR, and asking the right questions of management and the external auditor will be essential for audit committees to effectively exercise their oversight responsibilities.
Our new resource, Audit Committee Oversight in the Age of Generative AI, provides an overview of genAI technologies and includes example questions for audit committees to ask management and the auditor.
Examples include:
- Does the company have the requisite expertise to select, develop, deploy, and monitor genAI technologies?
- Who (individual or group) in the company is responsible for oversight of the use of genAI?
- Does the company have a process to track and monitor the use of genAI throughout the company, including use by third-party service providers?
- What is the experience of the audit engagement partner and other senior engagement team members with genAI technologies?
- Does the company’s use of genAI technologies have a significant impact on the planned audit scope?
- Not surprisingly, genAI has caught the eye of the PCAOB who published in July 2024, Spotlight: Staff Update on Outreach Activities Related to the Integration of Generative Artificial Intelligence in Audits and Financial Reporting. The PCAOB provides observations from staff outreach (not all inclusive):
- Global network firms are further along in developing and deploying genAI-enabled tools than non-affiliated firms are.
- Data privacy and data security continue to be areas of focus for firms.
- Firms and preparers expect genAI to augment, but not replace, humans in auditing or in financial reporting.
- The auditability of both the underlying source data (whether from public sources or confidential company information) and genAI-created content is important when genAI-enabled tools are used.
- The use of genAI by preparers could amplify certain existing information technology risks (e.g., risks related to the segregation of duties), or create new risks.
- You can also listen to our podcast – Episode 8 of Capital Markets Pulse – with the CAQ’s Julie Bell Lindsay and EY’s Richard Jackson for more information. Julie and Richard discuss the promise of generative AI, and what the implementation of this technology by public companies means for governance as well as risks for accountants.
PCAOB Posts 2023 Annual Inspection Report
The PCAOB this month released the results of inspections of all 2023 annually inspected firms, including the six U.S. global network firms. The data shows that deficiencies went up – but also shows positive signs when it comes to audit quality. The PCAOB said that while they identified more deficiencies in this round of inspections, the types of deficiencies identified represent more isolated incidents than in the past. Restatements resulting from inspections remain incredibly low – just three of 405 audits (0.74%) inspected in 2023 compared with two of 386 audits (0.52%) inspected in 2022.
The PCAOB’s inspections are one part of a strong reporting and oversight ecosystem and have a two-fold purpose: To help public company auditors improve the quality of their audits and to protect investors. In this blog, my colleague Dennis McGowan shares five guiding principles to keep in mind when reviewing inspection reports. And our CEO, Julie Bell Lindsay, explains why audit quality is trending in the right direction in this piece for Forbes.
ERM for Audit Committees
In our 3rd annual Audit Committee Practices Report, a collaboration with Deloitte, almost half (48%) of respondents indicated that Enterprise Risk Management – ERM – will be a top-three priority in the next 12 months. Interestingly, respondents were evenly split in terms of ranking ERM’s priority order—with 16% each ranking it as 1, 2, or 3. Compared to previous editions of the survey, ERM has consistently ranked among the top priorities.
When asked who was responsible for oversight of ERM within their organizations, 47% of respondents indicated the audit committee, 35% the board, and 15% the risk committee. Financial services companies are less likely to assign audit committees primary oversight responsibility for enterprise risk (23%) than companies in other industries (54%). Instead, 43% of financial services respondents delegated this responsibility to the risk committee. More than three-quarters (85%) of respondents report some level of enterprise risk experience/expertise on the committee. This could be an indication of a high level of confidence in their committees’ ability to oversee this area, as relatively few of those who stated a need for additional expertise prioritized ERM (20%).
We identified the following key insights for audit committees related to ERM:
- To monitor the emergence of new risks, audit committees can adapt their models, starting by considering high-impact, low-likelihood risks alongside high-impact, high-likelihood risks. Such an approach is becoming ever more valuable given that events once deemed black swans—pandemics, large natural disasters and climate disasters, and global conflict—have become more prevalent.
- Audit committee responsibility for ERM oversight may well have increased this year, owing to the introduction of new disclosure requirements in a variety of areas. That said, ERM oversight is not restricted to the audit committee—there is ample opportunity for the board to receive periodic updates, evaluate risk appetite, and identify new or emerging risks.
- The audit committee has a role to play in advising management in identifying and monitoring material risks and seeing that they are brought to the attention of the full board and/or appropriate committee. Directors should encourage management to assess risks on a continuous basis, instead of relying on the outdated approach of conducting a risk assessment on an annual basis and setting it aside until the next year.
To dive deeper into ERM, we recently hosted a webinar with experts Brian Schwartz, Partner & US Enterprise Risk Management Solutions Leader from PwC, and David Herzog, Audit Committee Chair of MetLife, Inc. (and member of the CAQ’s Audit Committee Council). If you missed it, check out the replay here and learn more about the importance of a company’s risk appetite statement, the relationship between ERM and Executive Compensation Risk, how to identify risks on three levels (including discussion of where reputation risk fits in? #spoileralert – it doesn’t; it’s an output not a risk per se) and much more.
ICYMI: CAQ Public Policy Technical Alert (PPTA), June / July 2024
Each month, the PPTA highlights and examines the regulatory, standard-setting, legislative, and broader financial reporting developments impacting the public company audit profession. The CAQ’s June and July 2024 Alerts included these featured articles.
SEC Appoints Erica Y. Williams to a Second Term as PCAOB Chairperson
The SEC announced the appointment of Erica Y. Williams to a second term as Chairperson of the PCAOB beginning on October 25, 2024, and running through October 24, 2029. Prior to joining the PCAOB in January 2022, Erica Y. Williams was a litigation partner with Kirkland & Ellis LLP. She previously spent more than a decade in various roles at the SEC, including as Deputy Chief of Staff to three former SEC Chairs and Assistant Chief Litigation Counsel in the SEC’s Division of Enforcement trial unit.
Selective Disclosure of Information Regarding Cybersecurity Incidents
The SEC posted a statement by Erik Gerding, Director, Division of Corporation Finance, ‘Selective Disclosure of Information Regarding Cybersecurity Incidents.’ Gerding reiterates the scope of Regulation FD. Last year, the Commission adopted rules requiring public companies to disclose material cybersecurity incidents under Item 1.05 of Form 8-K. Since then, staff in the Division of Corporation Finance have heard assertions that those rules may preclude a company from sharing additional information about a material cybersecurity incident with others, including their commercial counterparties.
PCAOB Seeks Nominations for Advisory Groups
The PCAOB announced that it is seeking nominations for members of its Investor Advisory Group (IAG) and Standards and Emerging Issues Advisory Group (SEIAG). Appointments are expected to be announced by the end of the year. Appointed members would serve from January 1, 2025, to December 31, 2026. The deadline for submissions is September 6, 2024.
Fighting Fraud: A Shared Responsibility
The CAQ in a blog post explored what Occupational Fraud 2024: A Report to the Nations, released in March 2024 by the Association of Certified Fraud Examiners (ACFE) means for stakeholders with a responsibility for fighting fraud. This year’s ACFE report confirms that external auditors do identify fraud. It also confirms that companies with active and holistic programs to detect instances of fraud can minimize the duration and losses of fraud. All stakeholders can benefit from understanding the findings in the ACFE’s report and what it means for their role in fighting fraud.
IASB Proposes Illustrative Examples to Improve Reporting of Climate-Related and Other Uncertainties in Financial Statements
The IASB published a consultation document, proposing eight examples to illustrate how companies apply IFRS Accounting Standards when reporting the effects of climate-related and other uncertainties in their financial statements. The IASB’s proposed examples aim to:
- improve transparency of information in financial statements; and
- strengthen the connection between financial statements and other parts of a company’s reporting, such as sustainability disclosures.
The eight illustrative examples focus on areas such as materiality judgements, disclosures about assumptions and estimation uncertainties, and disaggregation of information. The comment period is open until November 28, 2024. The IASB will consider stakeholder feedback and decide whether to proceed with the proposed illustrative examples to accompany IFRS Accounting Standards.
Inspiration from Paris 2024
It’s hard not to be inspired by the Olympics after two amazing weeks of athletic feats. What were your favorite moments? There are too many to count to be sure. While the medal count was often in the news (Go Team USA!), the human stories and achievements went far beyond the hardware. We mere mortals marvel at the heights reached by Swedish pole vaulter Mondo Duplantis (over 20 feet!!) and Simone Biles on floor (nearly 12 feet!!). They defy gravity. Or the speed and grace of track stars (the photo finish of Noah Lyles in the 100 meters! The amazing come from behind victory of Quincy Hall in the 400 meters! The domination of the US women in the 4×400 meter relay!) One relatable Olympic moment came from Irish swimmer Daniel Wiffen who won gold in the Men’s 800-meter freestyle event. After competing and finishing 18th in the 10K Open Water Swim (yes, 6.2 miles of swimming…) he said with a smile, “It was probably one of the worst things I’ve ever done… I wanted to do it because my friends were doing it.” Been there. Congratulations to all the Olympians!
Questions and comments about Audit Committee Insights can be addressed to Vanessa Teitelbaum, Senior Director, Professional Practice (vteitelbaum@thecaq.org).
This newsletter is intended as general information and should not be relied upon as being definitive or all-inclusive. The CAQ encourages readers to refer to applicable rules, standards, guidance, and other resources in their entirety. All entities should carefully evaluate which requirements apply to their respective organizations.