Audit committees have a critical oversight responsibility and committee members must stay up to date about changing regulations, reporting guidelines and dynamic expectations. Our quarterly audit committee special edition offers potential topics for inclusion in your upcoming audit committee meeting.
Each quarter we provide highlights of trending financial reporting topics as well as helpful links guiding you to more information.
As you perform your oversight responsibilities and plan your next audit committee meeting agenda, check in each quarter for our updated summary.
This quarter brought notable developments in global sustainability reporting, with two major milestones reached: adoption of the final sustainability reporting standards in Europe and issuance of the first two standards from the International Sustainability Standards Board (ISSB).
Corporate Sustainability Reporting Directive (CSRD)
In July, the European Commission adopted the final European Sustainability Reporting Standards (ESRS), which detail the reporting requirements under the CSRD, covering environmental, social and governance topics. The 12 final standards will now face scrutiny from the European Parliament and Council of the European Union (for two months with a possible two-month extension) before going into effect. The ESRS will become law shortly after the scrutiny period ends when they are published in the Official Journal of the European Union.
Meanwhile, the European Financial Reporting Advisory Group (EFRAG) continues its work on several items. In August and September, EFRAG discussed its progress on developing implementation guidance, specifically related to the double materiality and value chain assessments, which will be released for public comment in the coming weeks. In addition, EFRAG is working with the Global Reporting Initiative (GRI) and the ISSB to prepare mapping tables depicting the final ESRS’ interoperability with the GRI standards and the IFRS Sustainability Disclosure Standards.
Since the CSRD went into effect in January 2023, EU Member States have begun the process of transposing it into their own national laws. Several countries have held public consultations to seek stakeholder input, and drafts of the legislation have been made available or will be released in the coming months (with final transposition required by July 2024). The extent of any changes that may occur during the transposition process is still unclear. Companies should monitor developments in those EU Member States where they have subsidiaries.
International Sustainability Standards Board (ISSB)
In June, the ISSB issued its first two IFRS Sustainability Disclosure Standards, covering general requirements and climate. The standards are effective for periods beginning on or after January 1, 2024, which could mean reporting as early as 2025. However, the ISSB provided transition relief, requiring only climate-related disclosures in the first year of reporting. Thus, companies will be required to provide disclosures only to the extent they relate to climate risks and opportunities.
Individual jurisdictions will determine whether application of the IFRS Sustainability Disclosure Standards is required or permitted as a basis for sustainability reporting, akin to the process for adopting IFRS Accounting Standards for financial reporting. In July, the International Organization of Securities Commissions (IOSCO) announced that it will endorse the IFRS Sustainability Disclosure Standards. IOSCO has now called on its 130 member jurisdictions, regulating more than 95% of the world's financial markets, to consider ways in which they might adopt, apply or otherwise be informed by the ISSB™ standards in their jurisdictions.
US companies can be subject to European sustainability reporting requirements in multiple ways. For example, the CSRD will impact US companies’ EU subsidiaries and US companies that are subsidiaries of parents headquartered in the EU. The first set of companies in scope will be required to make disclosures in 2025 on 2024 information.
Each jurisdiction will individually decide whether and when to adopt IFRS Sustainability Disclosure Standards, which may impact multinationals operating in those jurisdictions.
The audit committee will want to stay apprised of global rules and standards as they evolve and understand the company’s policies, processes, internal controls and governance for the preparation and disclosure of required information.
PwC: Final European Sustainability Reporting Standards have been adopted
PwC: Worldwide impact of CSRD - are you ready?
PwC: IFRS Sustainability Disclosure Standards – Guidance, insights, and where to begin
PwC: Navigating the ESG landscape
In the third quarter, the FASB made final decisions on three major projects. Final standards are expected to be issued on all three before the end of the year.
Segment reporting
The new segment reporting standard will add required disclosures of significant expenses for each reportable segment, as well as certain other disclosures to help investors understand how the chief operating decision-maker evaluates segment expenses and operating results. The new standard will also allow disclosure of multiple measures of segment profitability if a company uses those measures to allocate resources and assess performance.
The guidance will be effective for calendar-year-end public companies in the 2024 annual period and in 2025 for interim periods, with early adoption permitted.
Income tax disclosures
The new income tax standard will require significant additional disclosures, focused on the disclosure of income taxes paid and the rate reconciliation table. At its August 30 meeting, the FASB affirmed many of its previous decisions as reflected in the exposure draft issued earlier this year. Notable changes from the proposal include removing the requirement to disclose a disaggregation of income taxes paid in interim periods and permitting companies to present an aggregate total of changes in unrecognized tax benefits for all jurisdictions within the rate reconciliation table. While the FASB clarified its intent that items within the rate reconciliation should be presented on a gross basis, it decided to allow companies to present certain items within the cross-border tax-effects category net of their foreign tax credits.
The new guidance will be applied prospectively (with retrospective application permitted) and will be effective for calendar-year-end public business entities in the 2025 annual period and in 2026 for interim periods, with early adoption permitted. All other entities will have an additional year to adopt the new guidance.
Accounting for and disclosure of crypto assets
The new standard on crypto assets will provide accounting and disclosure guidance for crypto assets that meet the definition of an intangible asset and certain other criteria, including that the asset does not provide the holder with enforceable rights to, or claims on, underlying goods, services or other assets. In-scope assets will be subsequently measured at fair value, with changes recorded in the income statement. The standard will require separate presentation of (1) in-scope crypto assets from other intangible assets and (2) changes in the fair value of those crypto assets. Disclosure of significant crypto asset holdings and an annual reconciliation of the beginning and ending balances of crypto assets will also be required.
Companies will apply the new guidance by making a cumulative-effect adjustment to the opening balance of retained earnings as of the beginning of the annual period the guidance is adopted. The guidance will be effective for all calendar-year-end companies in 2025, including interim periods, with early adoption permitted.
The audit committee should be aware of accounting standards developments and their potential impacts on the company’s financial reporting. As part of its oversight role, the audit committee should understand management’s processes for monitoring, evaluating and implementing new accounting standards.
FASB: Project update - Segment Reporting
FASB: Project update - Improvements to Income Tax Disclosures
FASB: Project update - Accounting for and Disclosure of Crypto Assets
PwC: Crypto assets guide
In 2022, the SEC adopted rules directing US securities exchanges to establish standards to require listed issuers to develop and implement a written policy providing for the recovery of incentive-based compensation received by current and former executive officers in the event of required accounting revisions and restatements. The listing standards will take effect on October 2, 2023, and companies will have until December 1, 2023 to adopt a compliant recovery policy; however, the policy must be applied to erroneously awarded compensation received on or after October 2, 2023.
For annual reports filed after adopting a recovery policy, a company is required to file its policy as an exhibit and disclose any actions taken pursuant to the policy. Additionally, a company will indicate on the cover page of Form 10-K (or Form 20-F) whether the financial statements included in the filing reflect the correction of an error and whether the error correction required an incentive-based compensation recovery analysis. The audit committee will want to understand management’s processes and controls for complying with the disclosure requirements.
PwC: SEC adopts executive incentive compensation clawback rules
In July, the FASB issued a proposal intended to improve the disclosures about a public business entity’s expenses and address requests from investors for more detailed information about the types of expenses in commonly presented income statement expense captions. The proposal would require public companies to provide disclosure in a tabular format that disaggregates income statement expense line items into specified categories of natural expenses, including: (a) employee compensation, (b) inventory and manufacturing expense, (c) depreciation and (d) intangible asset amortization. Other items not covered by these categories would be qualitatively described in the disclosure. Companies would also be required to further disaggregate inventory and manufacturing expenses based on costs incurred during the period. Lastly, the proposal would require separate disclosure of total “selling expenses” for the reporting period.
The proposed amendments would be applied on a prospective basis, with retrospective application permitted. Comments on the proposal are due October 30, and the FASB plans to host a public roundtable on December 13 to obtain additional feedback.
The audit committee will want to understand management’s processes for monitoring and scoping this standard, as the level of detail to be required by a final standard will likely be significant for many companies.
FASB: Project update: Disaggregation – Income Statement Expenses
The audit committee may want to consider discussing the above topics with management to understand how they are being addressed. For an in-depth discussion and more insights on these topics, see PwC’s The quarter close – Third quarter 2023.
The impacts of shifting economic conditions and market volatility have left many business leaders across multiple industries concerned about how well their companies are managing risk. This, coupled with other major geopolitical and global events, has increased interest in ERM programs. A company’s ERM program is intended to formalize how risks are identified, assessed, managed, monitored and reported in light of strategic priorities. We’re seeing that some ERM programs are keeping up with the pace of change, while others are either losing momentum or lacking adequate investment or attention.
Having an effective ERM program can help management make more informed decisions in the face of uncertainty — whether that’s specific to a particular company or sector or facing the entire economic landscape. Companies are having to regularly revisit their risk management strategies to keep up. This means that oversight of ERM may include a refresh of the audit committee’s understanding of management’s process and more reporting throughout the year.
Risk oversight is among the audit committee’s most important responsibilities. While the full board is ultimately responsible for overseeing risk, an increasing number of audit committees are assigned overall oversight of management’s ERM process as well as more and more specific risks. Given this, the committee may want to take a closer look at its competencies to oversee risk management, how management is reporting to it on risks and the frequency of updates it receives.
PwC: The director’s guide to ERM fundamentals
PwC: PwC’s 2023 US Risk Perspectives Survey
PwC: Risk oversight and the board: Navigating the evolving terrain
In July, the SEC adopted amendments that require timely disclosure of material cybersecurity incidents and annual disclosures related to cybersecurity risk management, strategy and governance. The new rules significantly expand registrants’ annual disclosures, providing investors and other stakeholders with more standardized information about a registrant’s processes to assess, identify and manage material cybersecurity risks.
A US domestic registrant or foreign private issuer will be required to report a material cybersecurity incident on Form 8-K within four business days after the registrant determines that the incident is material. The rules provide for a series of extensions if the US attorney general notifies the SEC in writing that immediate disclosure would pose a substantial risk to national security or public safety. The rules specify that a material incident could include a series of individual occurrences that are each determined to be immaterial.
Annual disclosures of risk management, strategy and governance
The new rules also require a registrant to provide information about their cybersecurity risk management, strategy and governance in their annual report on Form 10-K or Form 20-F. From a risk management perspective, a registrant is required to describe the processes, if any, for assessing, identifying and managing material risks from cybersecurity threats in sufficient detail for a reasonable investor to understand those processes. Annual disclosure is also required detailing management’s and the board’s oversight of cybersecurity risk. The rules also require a description of management’s role in assessing and managing the registrant’s material risks from cybersecurity threats.
Registrants must begin complying with the requirement to report a material cybersecurity incident, as defined, on December 18, 2023. All registrants are required to comply with the annual disclosure requirements for fiscal years ending on or after December 15, 2023.
Many boards delegate substantial oversight of cybersecurity to the audit committee. However, data from recent surveys suggests audit committees can do more to enhance their oversight. More than 90% of directors in PwC’s 2022 Annual Corporate Directors Survey indicated they are comfortable that their companies are staying current on cyber defenses, have identified their most valuable digital assets and done adequate testing of its resistance to attacks. However, only 65% of executives we surveyed rate their boards as having at least fair cybersecurity, data security and data privacy expertise.
With the new SEC rules, the audit committee will want to take a fresh look at its oversight responsibilities, understand management’s ability to meet the new disclosure requirements, and assess the effectiveness of the information it receives from management to monitor cyber incidents.
PwC: SEC adopts cybersecurity disclosure rules
PwC: Navigating the new SEC rules on cyber disclosures
PwC: Overseeing cyber risk: the board’s role
PwC: Boardroom readiness: Top 5 actions for cyber discussions
SEC: Fact Sheet - Public company cybersecurity disclosures - Final rules
In June, the PCAOB proposed rule changes related to an auditor’s consideration of a company’s noncompliance with laws and regulations, including fraud. The changes, if adopted, would impact the audit’s scope by significantly expanding the auditor’s objectives related to compliance beyond what a financial statement audit has traditionally addressed.
The PCAOB sought feedback about, among other matters: whether the proposed requirements are sufficiently clear; whether the expansion of the auditor’s responsibilities is practical and cost-effective to implement; the potential increased need for auditors to use specialists (and whether there are substantial costs associated with the increased need to use such specialists); and whether there are alternatives that better promote investor protection, efficiency, competition and capital formation. The comment period closed on August 7.
The PCAOB’s proposal, if finalized as drafted, would have a direct impact on the audit committee's responsibility to oversee the independent auditor’s work. While the proposal is in the deliberation stage of the standard-setting process, the audit committee may want to discuss with management, the external auditor, general counsel and/or outside counsel, and others to understand their perspectives on the proposal and its potential impacts. Given the proposal’s focus and the broad stakeholder input sought by the PCAOB, the audit committee may want to revisit its understanding of the company’s compliance functions, the factors that increase financial reporting fraud risk and how management addresses the risk.
PwC: PCAOB proposes significant expansion of auditor responsibilities
PCAOB: Spotlight: Audit Committee Resource
As Q3 comes to a close, audit committees of calendar-year-end companies should be shifting their focus toward the audit and engaging with the external auditor. This is a good time to get a status update. And given the volatile business and regulatory environments, it is important to have ongoing updates from the external auditor to understand the current status of the audit, any changes in audit scope, any challenges related to the audit team, how the auditor is approaching emerging standards and regulations, or other issues that may have been identified.
Discussions could include the results of interim audit work (including focusing on any identified internal control matters), changes in the auditor’s risk assessment, if any, and any one-off transaction/circumstance with which the company or auditor may be dealing. In addition, auditors continue to implement new technologies to enhance the audit’s efficiency and quality, so the committee will want to understand the technology strategy and how innovations may impact the audit’s efficiency and effectiveness.
Investors and other stakeholders look to the audit committee to oversee the company’s accounting and financial reporting processes as well as oversight of the external audit. As part of audit committee oversight, it is important to engage in effective two-way communication with the auditor to understand the audit scoping and risk assessment, get timely status updates and ask relevant questions throughout the audit cycle.
PwC: Overseeing the external auditors
PwC: Audit committee oversight checklist
PCAOB: Spotlight: Audit committee resource
Every audit committee meeting agenda should include these important items; at the least, they should be discussed at scheduled intervals: