Audit committee newsletter: PwC

Everything you need to walk into your next audit committee meeting with confidence

With the end of Q3 approaching our guide can help you streamline meeting prep, prioritize agenda items, and plan for the future.

Topic 1 Accounting for US tax reform

What the audit committee needs to know

On July 4, President Trump signed the One Big Beautiful Bill Act (“Act”). The new tax law includes a broad range of provisions affecting businesses, including extending and modifying certain key Tax Cuts & Jobs Act (TCJA) provisions (both domestic and international), expanding certain Inflation Reduction Act incentives while accelerating the phase-out of others, and modifying the endowment excise tax for higher education institutions.

The Act is likely to have financial reporting implications for most companies with US operations. However, given the timing of enactment (after the June 30 period-end date) and the variety of effective dates for key provisions, only certain of those financial reporting implications will affect current-year financial statements.

Under US GAAP, changes in tax law are accounted for in the period of enactment. For US federal purposes, the enactment date for US GAAP is the date the president signs the bill into law. All tax effects of a change in tax law on existing current or deferred tax balances, including changes in valuation allowances, are recorded discretely as a component of the income tax provision related to continuing operations in the period of enactment.

US federal tax reform may also have state and local tax effects. Companies will need to evaluate how a state conforms to the US tax code to determine the state tax effect and relevant tax accounting.

This document is not intended to be a comprehensive summary of all corporate tax provisions included in the new tax legislation. Refer to this Tax insight from PwC’s tax specialists on the final legislation. Also, monitor our US Tax services page to stay up to date on the latest developments and PwC’s insights.

Why is it relevant to the audit committee?

The compliance and strategic implications of the new tax law cannot be underestimated. Audit committee members should understand how new tax laws translate into financial accounting and reporting requirements. Certain provisions were extended or modified, and several of the provisions being modified are retroactive to an earlier date in 2025. Significant provisions of the new tax law include:

100% bonus depreciation – The new tax law permanently allows (but does not require) companies to expense 100% of the cost of qualified property in the year it is initially placed in service. This provision will apply to qualified property placed in service after January 19, 2025.
Expensing of US-based research – The new tax law permanently suspends the current Section 174 requirement to capitalize and amortize US research & development (R&D) expenditures paid or incurred. For tax years beginning after December 31, 2024, companies can elect to expense R&D expenditures incurred in the US, capitalize and amortize them over the life of the research (minimum of 60months) or capitalize and amortize them over 10 years. In addition, companies can elect to accelerate the deductions for unamortized US R&D expenditures that were capitalized after December 31, 2021 and before January 1, 2025 over a one- or two-year period.
Interest expense limitation – Deductions for net interest expense are limited to 30% of adjusted taxable income (ATI). The new tax law permanently changes the calculation of ATI to be based on a calculation similar to EBITDA (including depletion) for years beginning after December 21, 2024. For many companies, the change to an EBITDA-based ATI may increase ATI, enabling them to deduct more interest expense, thereby reducing or eliminating future interest carryforward deferred tax assets.
Extensions and modifications of TCJA International tax laws – The new tax law makes additional changes to international tax provisions, including substantive changes to existing Global Intangible Low-Taxed Income (GILTI), foreign-derived intangible income (FDII), and base erosion and anti-abuse tax (BEAT) provisions. These changes could impact the effective tax rate and are effective for tax years beginning after December 31, 2025.
IRA energy credits – The Act modified, terminated and accelerated the phase out of a wide range of credits and restricted access to certain credits for “prohibited foreign entities.” While some changes are effective in 2025, many take effect for periods after December 31, 2025.
“Endowment” excise tax – TCJA enacted an excise tax of 1.4% on certain investment income of private colleges and universities that have at least 500 tuition-paying students and applicable assets of at least $500,000 per student. The new tax law modifies the scope by increasing the number of tuition-paying students from 500 to 3,000. It also requires that investment income include student loan interest income and federally-subsidized royalty income, both of which were previously exempt from tax. The Act also created a tiered rate structure based upon the net investment income for the tax year with the applicable rates ranging from 1.4% to 8%.

Given the significance and complexity of the new tax law, audit committees should consider how best to engage with management to assess the company’s preparedness. Companies may have increased compliance obligations, and the audit committee will want to confirm management is prepared to account for the impacts of changes appropriately.

What questions should the audit committee ask?

What provisions of the new legislation will have the most impact on the company’s business operations, cash taxes and/or effective tax rate?
What is management’s process for monitoring and modeling the new tax legislation and related interpretations, and their potential impacts on the company?
What are the key assumptions used in management’s current tax forecasts and how have they been impacted by the final legislation?
What is management’s process for assessing resource needs, including specialist knowledge and adequacy of the technology to support the finance and tax teams’ data and reporting needs?
What is internal audit’s process for evaluating the company’s internal controls over tax reporting to confirm they are designed to accommodate the tax law changes?
How is the external auditor evaluating management’s approach to interim tax accounting in response to the new tax law changes?

Accounting for 2025 US tax reform

Topic 2 Sustainability reporting update

What the audit committee needs to know

California sustainability regulations

While California’s climate disclosure laws (referred to as Senate Bills 253 and 261) remain in litigation, the deadlines for reporting are approaching. SB 253 reporting on scope 1 and scope 2 greenhouse gas (GHG) emissions begins in 2026 on 2025 information and on scope 3 emissions in 2027 on 2026 information. SB 261 requires posting a climate-related financial risk report to the company’s website by January 1, 2026. As a reminder, SB 253 applies to US entities with annual revenue over $1 billion that do business in California. SB 261 applies to US entities with annual revenue over $500 million that do business in California.

The California Air Resources Board (CARB) is the state agency tasked with implementing and enforcing SB 253 and enforcing SB 261. Currently, CARB is focused on public outreach and held a public workshop on August 21 to advance rulemaking. Draft regulations addressing both SB 253 and SB 261 are expected to be released October 17 for a 45-day comment period, with the final proposed regulations to be presented to the Board in mid-December. CARB has also proposed that the initial GHG report on prior year scope 1 and scope 2 GHG emissions be due by June 30, 2026.

European Commission provides new relief to entities currently reporting under the EU requirements

On July 11, the European Commission adopted the “quick fix” delegated act which provides transition relief to entities currently reporting under the Corporate Sustainability Reporting Directive (CSRD). The delegated act extends the year 1 transition relief in European Sustainability Reporting Standards (ESRS) to 2026 and 2027 to these “wave 1” reporters.

Revised European Sustainability Reporting Standards (ESRS) published

On July 31, EFRAG published exposure drafts requesting comments on revised ESRS. The revised ESRS is one component of the European Commission’s February 2025 “Omnibus” package intended to simplify EU reporting rules related to the European Green Deal. The proposed revisions are intended to reduce the burden of sustainability reporting by reducing the number of mandatory datapoints, clarifying unclear provisions, simplifying the structure and presentation of the standards, and enhancing interoperability with global reporting standards. The exposure drafts are open for public comment until September 29.

Why is it relevant to the audit committee?

While there remain significant domestic and international developments for sustainability-related reporting requirements, impacted companies (particularly multinationals) should continue monitoring developments and gearing up for potential disclosures. California climate laws may trigger the first mandatory sustainability reporting requirements for many — if not most — of the entities in their scope. Entities potentially in scope of the California laws should start to prepare for their reporting obligations now. More broadly, companies subject to sustainability reporting requirements should be developing processes and controls and having technology in place to produce quality reporting. Understanding management’s processes and controls relating to the scope and quality of disclosures is an important aspect of the audit committee’s oversight role.

What questions should the audit committee ask?

How is management monitoring and evaluating the impacts of national and international sustainability reporting developments that may impact the company?
What is management’s process for determining how European sustainability proposals will impact the company?
How is management preparing for overlapping national and international sustainability standards, and are there clear roadmaps for implementation and compliance?
How is sustainability-related risk being incorporated into enterprise risk management and financial disclosures?
What is management’s process for confirming that internal controls and governance processes are in place to support the accuracy and reliability of sustainability data?
What is management’s process for understanding the specific audit risks associated with sustainability reporting?
How has management considered what the company’s peers are doing to prepare for new sustainability reporting requirements?
What is management’s process for communicating the potential impacts of regulatory changes relating to sustainability reporting to its key stakeholders?

A deep dive into the draft Amended ESRS

EFRAG’s next step toward revised ESRS

New reliefs for ESRS ‘wave 1’ reporters

A primer on climate reporting in California

The audit committee has specific responsibilities under the EU’s CSRD

The audit committee’s role in sustainability/ESG oversight

Topic 3 Risk management in a VUCA world

What the audit committee needs to know

Today, the risk landscape is anything but static. Companies are navigating a VUCA world — characterized by Volatility, Uncertainty, Complexity and Ambiguity. From disruptive technologies like generative AI to shifting geopolitical alliances, cybersecurity threats, supply chain instability and regulatory overhauls, the nature and velocity of risks are changing rapidly. Companies must be nimble and responsive to constant change. Key challenges and negative outcomes of operating in a VUCA world can include:

Delayed or derailed investments – Uncertainty about geopolitical or regulatory landscapes may cause companies to postpone innovation or expansion initiatives.
Ineffective resource allocation – Companies may over-prepare for unlikely risks or under-invest in critical capabilities because scenarios are hard to predict or quantify.
Control failures – Transformative changes in systems, data or workforce structure may introduce gaps in internal controls and increase the likelihood of compliance breaches.
Greater uncertainty in earnings guidance – Volatile inputs (e.g., commodity prices, interest rates) reduce the accuracy of forecasts and margin expectations.
Reputational risk erosion – Missteps in handling AI ethics, crisis response or stakeholder engagement may trigger reputational fallout.
Analysis paralysis – Leaders may delay decisions or become overly cautious.

Why is it relevant to the audit committee?

The audit committee plays a vital role in overseeing risks that affect financial reporting, internal control, compliance and operational integrity. In a VUCA world, understanding the company’s risk management process, including enterprise risk management (ERM), is among the audit committee’s most important responsibilities. In the current environment, the audit committee will want to gain a deep understanding of the company’s risk landscape to be prepared to oversee risks that may be right around the corner.

The audit committee must engage deeply with management on how its ERM anticipates, prepares for and responds to a broad set of risks. This means asking whether the company’s ERM framework is dynamic, forward-looking and decision-useful; confirming alignment with strategic risks; and verifying that financial implications are accurately reported and disclosed.

What questions should the audit committee ask?

What is management’s process for identifying the top emerging risks facing the business in the near term, and how are they being monitored?
How does management’s ERM process capture interdependent risks (e.g., cyber + AI, geopolitical + supply chain)?
How is risk appetite being defined, communicated and reassessed in light of market volatility?
How does management confirm it is prepared to respond to a sudden, high-impact event (e.g., cyber breach, climate disruption, regulatory investigation)?
How does the internal audit plan incorporate high-velocity and emerging risk areas (e.g., AI, third-party resilience)?
How have macroeconomic and geopolitical risks influenced the risk of material misstatement?
How has the external auditor modified procedures to address rising complexity and ambiguity in financial reporting environments?

Director’s guide to ERM fundamentals

Oversight in the AI era: understanding the audit committee’s role

PwC’s Compliance and Risk Management Solutions

Topic 4 Cybersecurity and data privacy oversight

What the audit committee needs to know

Cybersecurity and data privacy remain top-of-mind risks for many companies. Cybersecurity is no longer just an IT issue — it’s a business resilience and financial reporting issue. A cyber incident can have immediate and material implications for financial results, internal controls and investor confidence. Moreover, the SEC’s 2023 rulemaking on cybersecurity governance underscores the expectation that companies be prepared to disclose a material cybersecurity incident.

Regulatory scrutiny is also intensifying globally, with new privacy laws being enacted and existing frameworks, such as the EU’s General Data Protection Regulation (GDPR) and state-level regulations in the US, being enforced. Further, given the increasing use of artificial intelligence and third-party technology providers, companies must confirm they are assessing risks associated with emerging technology, vendor ecosystems and supply chain vulnerabilities. These developments make now the right time for audit committees to step back and evaluate how well the company’s strategy, controls and disclosures position it to address rapidly evolving cyber and privacy risks.

Why is it relevant to the audit committee?

From an oversight standpoint, audit committees with cybersecurity oversight responsibility should be sure their fall agendas include an update from management on the company’s overall cybersecurity strategy, recent threat intelligence, the status of key controls and testing, and any refinements to incident response plans. Equally important is understanding how lessons from recent high-profile breaches across industries may be learning points.

For audit committees, there are three dimensions of relevance:

Financial reporting – Cyber incidents may lead to financial misstatements, require significant disclosures, or impact key estimates and assumptions.
Controls and compliance – Effective cybersecurity controls are now integral to risk assessment and to regulatory compliance.
Reputation and trust – Breaches often erode market confidence, and investors increasingly expect boards and responsible committees to have visibility into how management safeguards data.

Audit committees that treat cybersecurity as a standing agenda item — and go beyond technical updates to probe governance, accountability, evolving threats and culture — are better positioned to fulfill their oversight responsibilities and support enterprise resilience.

What questions should the audit committee ask?

What is management’s process for confirming that cybersecurity and data privacy strategies align with business objectives and the company’s risk appetite?
What is management’s process for managing risks associated with third-party vendors, cloud providers, and the use of AI and emerging technologies?
How does management confirm that disclosures and reporting processes meet SEC and other regulatory expectations, including global expectations?
What investments have been prioritized to strengthen the company’s cybersecurity defenses?
What lessons learned from recent industry breaches have been implemented to support cyber resilience, and how have controls and incident response plans been enhanced?
What is internal audit’s process for evaluating the design and effectiveness of cybersecurity and data privacy controls?
How is internal audit coordinating with IT security and external assurance providers to avoid blind spots?
How does the external auditor consider cybersecurity and data privacy risks in its assessment of internal controls and financial reporting?
What insights has the external auditor gained from working with other companies regarding leading practices or common pitfalls?

Oversight in the AI era: understanding the audit committee’s role

Overseeing cyber risk: the board’s role

Overseeing technology: nine questions the board should ask the CIO or CTO

Cybersecurity disclosures and the role of internal audit

Topic 5 Regulatory compliance oversight in a rapidly evolving environment

What the audit committee needs to know

The regulatory compliance landscape continues to shift rapidly — both in scope and complexity. Companies are facing heightened expectations from US regulators, new international mandates (e.g., EU Corporate Sustainability Reporting Directive) and a growing push for corporate accountability on topics ranging from climate disclosures to anti-corruption to cybersecurity. The ability to monitor changes and comply with rules represents the minimum threshold for companies to build trust and operate in a global market that increasingly expects transparency and the highest standards from its leaders and employees.

Importantly, enforcement trends show that regulators are not just interested in whether companies have compliance programs; they want to know whether those programs are effective, risk-based and responsive to changing expectations. Compliance programs are increasingly tied to financial reporting, operational risk and reputational impact and are being scrutinized more closely by external auditors, investors and other stakeholders.

_{Source: PwC, Global Compliance Survey 2025.}

Why is it relevant to the audit committee?

While regulatory compliance oversight may be shared with other committees (e.g., risk), the audit committee plays a vital role in confirming that the compliance function supports reliable reporting, internal control effectiveness and ERM. Areas of potential renewed scrutiny for the audit committee include:

SEC and DOJ enforcement focus on internal controls, third-party risk and corporate accountability, especially related to corruption, fraud and cyber breaches
Expanding climate-related disclosure requirements relating to data collection and assurance
Coordinated compliance across jurisdictions relating to global reporting regimes for sustainability disclosures
Increased scrutiny of internal reporting and whistleblower programs
Understanding the external auditor’s role in evaluating how compliance risks, such as fraud and corruption, may impact audit scope and controls testing

As regulatory requirements become more interconnected with financial and nonfinancial disclosures, audit committees should ask probing questions and maintain a clear line of sight into the compliance infrastructure. As Q3 ends, audit committees should confirm they are receiving meaningful updates on regulatory changes, understanding how compliance obligations may affect the financial statements and assessing the governance of the compliance function.

What questions should the audit committee ask?

What is the audit committee’s process to confirm it understands the company’s most significant compliance risks and how they are evolving?
What is management’s process to confirm that the compliance function is coordinated with the finance, legal and sustainability reporting teams to support accuracy and completeness of disclosures?
How has internal audit considered the risks associated with the design and effectiveness of the company’s compliance program in determining its annual audit plan?
What is internal audit’s process for evaluating the systems and processes used to generate externally reported compliance-related data?
How has the external auditor considered compliance risks and how they may affect the audit plan?
From the external auditor’s perspective, are there any industry-specific trends or regulatory enforcement areas that the company should be monitoring?

Audit committee oversight checklist

PwC’s Global Compliance Survey 2025

Strengthening governance in the second line: Internal audit’s role in compliance, operations, and Responsible AI (webcast)

Get your Audit Committee activities in shape before regulators come knocking

Topic 6 External auditor oversight: getting to know the audit team

What the audit committee needs to know

As companies enter the final stretch of 2025, audit committees should be sharpening their focus on the year-end audit. This is the time to confirm the status of the external auditor’s plan; that the committee understands any significant risks identified to date; and that management, internal audit, and the external audit team are aligned on timing and deliverables.

But effective oversight goes beyond reviewing plans and progress. An important, and sometimes overlooked, responsibility is confirming the audit committee assesses the quality of the external audit team — not just the lead engagement partner and director. Year-end audits often rely on managers and other staff who are closest to the work, and their skills, judgment and integrity are critical to audit quality. Audit committees that create opportunities to meet and evaluate these team members are better positioned to confirm the “right team” is in place.

Practical steps might include asking the audit partner to introduce key team members during meetings, requesting updates directly from managers, or inviting audit staff to share their perspectives on audit risks or challenges. These interactions provide valuable insight into whether the team has the right mix of experience, depth of industry knowledge, and commitment to independence and quality.

Why is it relevant to the audit committee?

Audit committees play a vital role in audit quality, and that role extends beyond reviewing the audit plan or discussing issues with the partner. Audit quality depends heavily on the engagement team assigned. While the engagement partner sets the tone, the day-to-day execution often rests with other members of the team. Creating intentional opportunities to engage with the broader external audit team provides the committee with richer insight, helps validate that the “right team” is in place, and ultimately enhances the integrity and effectiveness of the audit process.

In today’s environment, skills and experience matter more than ever, and building a strong working relationship with the external audit team is imperative. Among other things, the audit committee will want to confirm the audit team understands the industry, leverages technology effectively, has the capacity to meet the engagement timeline, and importantly, exhibits the behavior and professionalism that reinforces trust in their independence and integrity. Regular interaction with team members beyond the partner and director becomes imperative.

What questions should the audit committee ask?

Who are the key members of the audit team who will be leading day-to-day work on the year-end audit?
What is management’s assessment of the mix of skills and experience of the external audit team and their commitment to audit quality?
What is the external auditor’s process for evaluating whether the audit team has the right mix of skills and experience to effectively carry out the audit?
What is the external auditor’s process for confirming the continuity and knowledge transfer within the team, particularly if staffing changes occur mid-audit?
How is technology being used in the audit, and who on the team is leading those efforts?
How is management supporting the audit team’s ability to do its work efficiently and with integrity?
How is internal audit’s work being leveraged by the external auditor?

Overseeing the external auditors

Audit committee oversight checklist

Topic 7 Crisis management and business continuity planning: A growing priority for audit committees

What the audit committee needs to know

As companies navigate continued geopolitical volatility, cyber threats, climate-driven disruptions and increasing regulatory scrutiny, among others, crisis preparedness and business continuity have moved to the forefront of management priorities and boardroom agendas. The events of the past year — including ransomware attacks, geopolitical events, extreme weather and supply chain interruptions — underscore the reality that crises are no longer rare “black swan” events. They are an expected part of doing business.

Business continuity planning is no longer just about IT recovery or emergency evacuation procedures. It now encompasses sustaining operations across all critical business processes — finance, operations, supply chain, data infrastructure and third- party services — during and after disruptive events.

Why is it relevant to the audit committee?

When it comes to crisis management and business continuity, several areas under the audit committee’s responsibility are directly or indirectly impacted. Audit committees play a vital role in overseeing risk management, financial reporting integrity and internal control systems — all of which can be put under pressure during a crisis.

Potential implications of a crisis on areas under the audit committee’s responsibility could include:

Significant financial reporting issues — such as impairments, loss contingencies, going concern questions — and delays in reporting
Control environment gaps
Exposure of gaps in risk identification, assessment and response readiness
Heightened fraud risk due to reduced oversight during emergency conditions
Operational losses and impairments that require disclosure or valuation adjustments
Reputational damage that impacts investor and other stakeholder confidence

Now may be a good time for audit committees to refamiliarize themselves with management’s crisis response plan, especially as it relates to implications for the areas under its oversight responsibility.

What questions should the audit committee ask?

What is management’s process for identifying the most critical risks that could disrupt operations or impact financial reporting? How are they prioritized in the crisis response plans?
What is management’s process for coordinating with third-party service providers and vendors on continuity planning?
How does the crisis response structure align with the company’s organizational risk appetite and insurance coverage?
How has internal audit assessed the design and effectiveness of crisis management and business continuity plans?
How does the external auditor evaluate the company’s resilience-related risks, particularly those impacting financial reporting or going concern assessments?
How would a significant disruption (e.g., cyberattack or operational outage) affect the external auditor’s approach?

Being prepared for the next crisis: the board’s role

Topic 8 Updating your understanding of processes and controls

What the audit committee needs to know

Strong processes and controls are the foundation of reliable operations, accurate financial reporting and regulatory compliance. They may not only safeguard assets but also drive efficiency and consistency across an organization. When well designed, processes help systems work together seamlessly, minimize errors and manage risks proactively.

Recently, several developments have made the spotlight on processes and controls even sharper:

Technology changes – Companies are adopting new enterprise systems, automation tools and AI-enabled applications, creating both opportunities for efficiency and risks around interoperability, data quality and control gaps.
Regulatory scrutiny – Expectations on internal controls continue to evolve, especially as some regulators push for greater transparency in financial reporting reliability and resilience.
Workforce pressures – Shifts in staffing, hybrid work models and outsourcing can disrupt process consistency, increasing the importance of monitoring and exception management.
Operational complexity – As companies scale, the volume of transactions (e.g., journal entries, reconciliations, adjustments) grows, making it critical to track and benchmark activity levels for potential red flags.

In this environment, companies that regularly refresh their understanding of how processes operate — and whether controls are still effective — are better positioned to avoid surprises, reduce inefficiencies and maintain stakeholder trust.

Why is it relevant to the audit committee?

For audit committees, processes and controls directly underpin the committee’s ability to oversee the integrity of financial reporting and compliance. Confirming that the control environment is robust and effective is at the core of the committee’s mandate.

Heading toward year end, this becomes particularly relevant. Weaknesses in processes — such as excessive manual journal entries, delayed reconciliations or reliance on nonintegrated systems — may escalate into control deficiencies, reporting errors or audit challenges. Audit committees benefit from understanding how management evaluates and reports on processes, rather than relying solely on end results.

By updating your understanding now, the audit committee can identify where systems may not be keeping pace with the business, assess the quality of management’s reporting on processes and controls, and determine whether the committee is comfortable with the way different systems interact to produce reliable information. Probing these areas signals to management that the committee expects rigor not only in compliance but also in operational efficiency and transparency.

What questions should the audit committee ask?

How have key processes and controls changed over the past year, and do they still align with the company’s strategy and risks?
What is management’s process for confirming the interoperability of systems and the consistency of data flows?
What KPIs (e.g., reconciliations completed per month, volume of low-dollar journal entries) are being tracked, and what do they reveal about process health?
How does management identify opportunities to streamline or automate processes without weakening control effectiveness?
What is internal audit’s process for identifying recurring control deficiencies or areas where processes are overly manual or fragmented?
How does internal audit evaluate controls over system changes and interoperability?
What is the external auditor’s view on how the company’s processes and controls compare with leading practices and peers in the industry?
What areas do the external auditor encourage management or the audit committee to focus greater attention on before year-end?

Financial reporting oversight

Audit committee oversight checklist

Topic 9 Preparing for new year-end disclosures

What the audit committee needs to know

As Q3 2025 draws to a close, companies should be preparing for new guidance coming from two significant accounting standards: (1) income tax disclosures and (2) crypto asset accounting and disclosures. Both represent a shift toward greater transparency, and both require careful coordination across tax, finance, technology and governance functions to support readiness.

Income tax disclosures

Effective for fiscal years beginning after December 15, 2024 (and interim periods within those years), companies need to provide clearer insight into the geographic distribution of taxes and drivers of their effective tax rate.

For year-end reporting, additional annual disclosures will be required, including:

Income taxes paid disaggregated by major jurisdictions (not typically provided in interim periods)
More granular tabular reconciliations of the statutory to effective tax rate, including categories such as foreign tax effects, state and local income taxes, and tax credits
Narrative explanations of significant reconciling items
Expanded disclosure of unrecognized tax benefits

For interim reporting periods, companies must present enhanced effective tax rate reconciliations and some interim jurisdictional data.

Crypto assets

Effective for fiscal years beginning after December 15, 2024 (including interim periods), the standard requires companies to measure certain crypto assets at fair value with changes reflected in net income.

For year-end reporting, annual disclosures expand to include:

Rollforwards of crypto asset balances (beginning to ending balances, with additions, disposals and remeasurements)
Detailed disclosures of restrictions on crypto assets (such as lockups, collateral pledges or custody arrangements)
Concentration disclosures when holdings in a single crypto asset (e.g., Bitcoin) or with a single custodian are material

For interim reporting periods, companies disclose fair value measurements and changes in net income plus certain qualitative information about holdings and restrictions.

Why is it relevant to the audit committee?

As part of its financial reporting oversight, the audit committee will want to understand how management is considering the potential impacts of the new standards and disclosures. This would include understanding whether there are underlying systems and processes in place to report disaggregated information completely and accurately. Additionally, the audit committee will want to understand management’s overall crypto strategy, the business and financial reporting risks, and management’s plan for monitoring, measuring and mitigating those risks.

What questions should the audit committee ask?

What new processes and controls have been implemented to capture the additional data required for tax and crypto disclosures?
What is management’s process for confirming systems and processes can produce jurisdiction-level tax data and rollforward disclosures for crypto assets consistently?
What new controls are in place to validate the accuracy of fair value measurements and cross-border tax reporting?
How has management assessed disclosure policies for crypto exposures, including immaterial but potentially sensitive holdings?
How have investor relations and communications teams considered how new disclosures may affect external messaging?