AI governance rose on the list of issues committees are considering
NEW YORK, Feb. 12, 2025 — As digital threats continue to mount across industries, cybersecurity remains the top priority for audit committees at public companies, outside of financial reporting and internal controls, according to survey findings released in the “Audit Committee Practices Report: Common Threads Across Audit Committees,” a joint effort between Deloitte’s Center for Board Effectiveness and the Center for Audit Quality (CAQ).
On a broader scale, enterprise risk management (ERM), critical to achieving organizational objectives and safeguarding the company’s reputation and stakeholder relationships, is ranked as the second highest priority for audit committees. Finance and internal talent remain the third-highest priority for audit committees.
The report also shows how artificial intelligence (AI) governance is growing in importance as an audit committee consideration, reflective of the rapid adoption of transformative digital technologies that have ushered in a new era of business risk.
A total of 237 respondents participated in this year’s survey, primarily on boards of U.S. (89%) public (86%) companies with $2 billion or more in market cap (72%). Directors on boards of financial services companies made up 27% of the respondents.
Cybersecurity is the chief priority for audit committees
The survey found that 93% of respondents ranked cybersecurity as one of their top three priorities, with 50% ranking it as the leading priority for the audit committee. Further, 71% report cybersecurity is on their agenda on a quarterly basis. Cybersecurity has consistently been ranked as the top priority of audit committees in each of the four years the survey has been conducted, a clear indication that complex and evolving risk will continue to be a focus for audit committees in years to come.
“Cybersecurity remains atop audit committees’ agendas because the stakes have never been higher,” said Vanessa Teitelbaum, senior director, Professional Practice, Center for Audit Quality. “With the increasing sophistication of cyber threats and the potential for significant financial, operational, and reputational harm, it’s critical for audit committees to stay ahead. Their continued focus and evolving expertise are essential to protecting organizations in this heightened risk environment.”
Audit committee effectiveness remains a priority
In the current economic and geopolitical environment, the corporate reporting landscape is constantly evolving. When presented with various strategies to enhance audit committee effectiveness, more than two-thirds of respondents (69%) felt meetings might be improved by implementing one or more of the following strategies:
- Forty percent of respondents want to improve the quality of presentations during meetings. This jumped from third last year to the top area of improvement this year.
- Thirty-four percent of respondents want more engagement and discussion from committee members during meetings.
- While most respondents feel that they have enough time to cover agenda items, some (12%) suggested they could use more time.
“As I work with audit committees, enhancing meeting effectiveness remains a top priority. In the face of new and evolving risks, the ability to better prioritize agendas, access comprehensive and timely information, and engage in open and candid discussions are critical factors that will drive efficiency and overall effectiveness,” said Krista Parsons, Audit & Assurance managing director and Governance and Audit Committee Program leader, Center for Board Effectiveness.
Enhanced focus on AI governance
The survey also found an increased emphasis on understanding the impact and usage of AI technologies throughout the organization by the C-suite and board. The number of respondents who identified AI governance as a priority grew year over year, jumping to 35% from 20% last year. A growing portion of audit committees are taking on primary oversight of AI governance (up to 20% from 14% last year). Still, oversight mostly falls with the full board (58%).
Additionally, survey results suggest that work has been done to develop governance structures for AI oversight, with fewer respondents (6%) acknowledging they “don’t know” where AI oversight falls within their organization this year versus last year (17%). Amid ongoing conversations around how organizations govern AI, the question of who should be responsible for primary oversight continues to evolve.
About the Survey
The fourth edition of the “Audit Committee Practices Report,” like prior editions, is based on a survey of audit committee members. A total of 237 respondents participated in this year’s survey, primarily on boards of U.S. (89%) public (86%) companies with $2 billion or more in market cap (72%). Those on boards of financial services companies made up 27% of respondents.
About the Center for Audit Quality
The CAQ champions the public interest in the capital markets by:
- Elevating the quality, credibility and transparency of public company audits.
- Advancing critical issues affecting public company audits.
- Driving innovation in assurance.
- Providing a collaborative forum for capital market stakeholders to address evolving needs and challenges.
As the voice of the public company audit profession, we work to instill trust in corporate reporting and the integrity of the auditing process, ultimately empowering investors, companies, and society as a whole.
About Deloitte’s Center for Board Effectiveness
Deloitte’s Center for Board Effectiveness helps directors deliver value to the organizations they serve through a portfolio of high-quality, innovative experiences throughout their tenure as board members. Whether an individual is aspiring to board participation or has extensive board experience, the Center’s programs enable them to contribute effectively and provide focus in the areas of governance and audit, strategy, risk, innovation, compensation and succession.
About Deloitte
Deloitte provides industry-leading audit, consulting, tax and advisory services to many of the world’s most admired brands, including nearly 90% of the Fortune 500® and more than 8,500 U.S.-based private companies. At Deloitte, we strive to live our purpose of making an impact that matters by creating trust and confidence in a more equitable society. We leverage our unique blend of business acumen, command of technology, and strategic technology alliances to advise our clients across industries as they build their future. Deloitte is proud to be part of the largest global professional services network serving our clients in the markets that are most important to them. Bringing more than 175 years of service, our network of member firms spans more than 150 countries and territories. Learn how Deloitte’s approximately 460,000 people worldwide connect for impact at www.deloitte.com.
###
Contact
Kerry Lee
Public Relations
Deloitte Services LP
+1 916 298 8031
kerlee@deloitte.com
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the “Deloitte” name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms.