Audit committees have a critical oversight responsibility and committee members must stay up to date about changing regulations, reporting guidelines and dynamic expectations. Our quarterly audit committee special edition offers potential topics for inclusion in your upcoming audit committee meeting.
Each quarter we provide highlights of trending financial reporting topics, emerging regulatory and standard setting matters, and updates on current governance topics. We also provide useful links that direct you to more information.
As you perform your oversight responsibilities and plan your next audit committee meeting agenda, check in each quarter for our updated summary.
What the audit committee needs to know
As the mid-point of 2024 approaches, top comment letter themes have remained consistent over the past few years with non-GAAP measures and management’s discussion and analysis (MD&A) leading as the most frequent areas of comment. SEC staff comments related to non-GAAP financial measures have questioned how registrants describe the non-GAAP measure (for example, as a measure of performance or liquidity) and the appropriateness of adjustments made to calculate the measure, depending on how it is described. The staff also continues to issue comments about specific non-GAAP adjustments, such as adjustments that do not have a corresponding tax impact, restructuring charges and litigation charges.
MD&A continues to be a close second in terms of volume of comments. One area of focus is the impact of the current macroeconomic environment. For example, in the financial services sector, the staff have issued comments specifically related to MD&A disclosures about commercial real estate and the discussion of interest rate impacts in quantitative and qualitative market risk disclosures. The staff has publicly stated that these disclosures may also be relevant to registrants outside of the financial services sector.
Staff comments related to business combinations, segment reporting and revenue recognition round out the top five areas. And while not a top trending comment area, we observed some comments related to cybersecurity incident reporting. Generally, the comments related to asking for more detail regarding how the cybersecurity incident has had (or could have) a material impact on the registrant’s financial condition or ongoing results of operations.
Why is it relevant to the audit committee?
The audit committee will want to stay abreast of the areas of SEC comments, which may help the committee refine its oversight efforts and support the company’s financial reporting transparency. The audit committee will want to confirm that management is adequately addressing regulatory expectations and staying ahead of potential issues.
What questions should the audit committee ask?
Where to go for more information:
PwC: SEC comment letter trends landing page
PwC: To GAAP or to non-GAAP
SEC: Non-GAAP financial measures: Compliance & Disclosure Interpretations
What the audit committee needs to know
Last quarter, we reported on the SEC’s release of its final climate disclosure rule. Since then, as anticipated, legal challenges have been filed against the SEC by multiple parties. As a result, the SEC stayed its climate disclosure rule in April to “facilitate the orderly judicial resolution” of pending legal challenges. However, given ongoing interest from investors, and the overlapping nature of many of the sustainability reporting requirements worldwide, companies are encouraged to develop systems, processes and controls to position them to produce high-quality data in support of any non-SEC sustainability reporting responsibilities. Doing so will also position registrants for compliance with the SEC rules should the stay be lifted, and the rules become effective.
On January 1, California bill AB 1305 became effective, requiring information about certain emissions claims and the sale and use of carbon offsets to be posted to a company’s website. In February, a bill (AB 2331) was introduced that, if signed into California law, would amend AB 1305 to clarify that certain renewable energy certificates and low-carbon fuel standard credits are not in scope. The same bill proposes to amend AB 1305 to require initial reporting on January 1, 2025. In May, the bill was approved in the State Assembly and awaits consideration in the State Senate.
In April, the European Council approved a delay of the adoption of certain sector-specific and non-EU European Sustainability Reporting Standards (ESRS) by two years until June 2026. It does not impact the timing of when companies are required to file their initial CSRD reporting using the sector agnostic standards that became law in December 2023.
In May, the IFRS Foundation and EFRAG published guidance to illustrate the alignment between the IFRS Sustainability Disclosure Standards and the EU ESRS.
Why is it relevant to the audit committee?
Given the evolving regulatory and standard-setting environments and impending related reporting requirements, companies that are impacted should be gearing up for disclosures. This means developing processes and controls and having technology in place to produce quality reporting. It may also involve having internal audit allocate time in its audit plan to weigh in on the design and operating effectiveness of new processes and controls. Understanding management’s processes and controls in place relating to the scope and quality of disclosures is an important aspect of the audit committee’s oversight role.
What questions should the audit committee ask?
Where to go for more information:
PwC: The audit committee has specific responsibilities under the EU’s CSRD
PwC: Navigating the ESG landscape
What the audit committee needs to know
Enforcement actions are an important tool used by the SEC to advance its mission of protecting investors and promoting market integrity. In its fiscal year ended September 30, 2023, the SEC actively pursued close to 800 enforcement actions against individuals and corporations for violations of securities laws, which is a 12% increase over the past two years. The drivers of the violations spanned a range of topics including improper accounting, misleading disclosures and earnings manipulation. The SEC also continued its focus on emerging issues such as cybersecurity, crypto assets and ESG.
The SEC has also been increasingly focused on the implications of advancements in AI and machine learning, including potential violations of securities laws. Recent remarks by commissioners and senior SEC staff highlight their growing concern that these advancements could pose emerging risks as the technologies may lead to noncompliance with the securities laws.
“So looking ahead, where do we see potential risk? …[T]here’s certainly one brewing around AI.”
Gurbir S. Grewal, Director of the Division of Enforcement, SEC
April 15, 2024
Why is it relevant to the audit committee?
The audit committee may find it helpful to consider lessons learned from past and expected SEC enforcement actions in its oversight of the company’s control environment, risk management processes, compliance programs, financial reporting and the external auditor. Reviewing enforcement actions could also aid the audit committee in improving its governance practices (e.g., frequency and depth of reporting from management).
What questions should the audit committee ask?
Where to go for more information:
PwC: Trends in SEC enforcement actions
PwC: Audit committee oversight checklist
What the audit committee needs to know
In April, the IASB issued IFRS 18, Presentation and Disclosure in Financial Statements, introducing new requirements to improve comparability of the financial performance of similar entities, with a focus on updates to the statement of profit or loss. The standard includes three major areas of change:
1. Defined structure of the statement of profit or loss
2. Related disclosures
3. Aggregation and disaggregation
The new standard will be effective beginning in 2027 for calendar year-end IFRS reporters and requires retrospective application.
Why is it relevant to the audit committee?
While the standard is applicable to companies that report under IFRS, audit committees of US multinationals may want to get up to speed on the changes as they could impact subsidiaries reporting under IFRS. Additionally, developments in international reporting can influence the perspectives of stakeholders and standard setters in the US. Audit committees may want to monitor how stakeholder views may be evolving. Audit committees may also want to consider how the requirements might be used as a basis for enhancing existing disclosures.
What questions should the audit committee ask?
Where to go for more information:
PwC: IFRS 18 is here: redefining financial performance reporting
PwC: Hello IFRS 18 (Podcast)
The audit committee may consider discussing the above topics with management to understand how they are being addressed. For an in-depth discussion and more insights on these topics, see PwC’s The quarter close – Second quarter 2024.
What the audit committee needs to know
The audit committee’s responsibilities and agenda continue to expand as companies implement new technologies and business models, respond to the impacts of a challenging geopolitical landscape, implement new regulations and standards, and provide increased reporting to stakeholders. In managing its expanding responsibilities, the audit committee should confirm that it is fully engaged in its “core” oversight responsibilities, such as oversight of internal audit. A mid-year "check in” can provide an opportunity to reassess the current year plan and evolving priorities and to make any necessary adjustments. Key audit committee considerations could include:
Why is it relevant to the audit committee?
The audit committee’s role in overseeing internal audit is a cornerstone of its governance responsibilities. As technology, regulatory and other risks continue to expand, internal audit should be a third line of defense in risk management and monitoring. Helping maximize the value of the internal audit function is a critical factor in the audit committee’s effective oversight.
What questions should the audit committee ask?
Where to go for more information:
PwC: Audit committee effectiveness: practical tips for the chair
PwC: Audit committee oversight checklist
What the audit committee needs to know
In its ongoing responsibility to evaluate and monitor risks, now is a good time for the audit committee to review the company’s risk management process, including ERM, discuss emerging risks and confirm that management has appropriate processes in place to manage risks effectively. As the risk landscape continues to shift, companies are grappling with risks associated with new technologies and digital transformation initiatives, including AI/GenAI, cybersecurity and data privacy, operational and financial risks, sustainability risks, and third-party and supply chain risks, among others.
However, according to PwC’s Board effectiveness: A survey of the C-suite, executives believe boards may not be spending sufficient time on transformative areas of risk. It is essential for the audit committee to keep its focus on high priority risk matters to support effective risk oversight tailored to the company’s specific circumstances.
Why is it relevant to the audit committee?
While the board has primary oversight responsibility of risk, many boards delegate oversight of management’s process to the audit committee, in addition to delegating oversight of many of the risks. This means the audit committee has a role in overseeing many of the key, emerging risks facing companies. Given the dynamic and often unpredictable nature of today’s business environment, it is essential that the audit committee keeps its focus on risk oversight as a top priority.
It should continue to ask questions of management, itself and other stakeholders. This means the audit committee should confirm that it has a comprehensive understanding of the organization’s risk landscape, that appropriate measures are being taken by management to manage and mitigate risks effectively, that the audit committee has the appropriate skill sets among its members (or access to external specialists and resources) and that it is receiving effective reporting from management. The audit committee should also confirm the scope of its oversight responsibilities for monitoring risks with the board, including which key risks it oversees on behalf of the board—keeping in mind that risk oversight among committees can be reallocated given changes in committees’ capacity/competencies or other factors.
What questions should the audit committee ask?
Where to go for more information:
PwC: Board effectiveness: A survey of the C-suite
PwC: Director’s guide to ERM fundamentals
PwC: Risk oversight and the board: Navigating the evolving terrain
PwC: Overseeing cyber risk: the board’s role
What the audit committee needs to know
On May 16, PCAOB board member Christina Ho provided remarks during a webcast hosted by PwC and the Center for Audit Quality (CAQ). Titled Tech, talent and the Audit Committee’s evolving role, the webcast was the inaugural event of a PwC/CAQ collaboration aimed at helping audit committee members stay ahead of their ever-evolving responsibilities. Ms. Ho provided her perspectives on how technology and talent impact audit quality.
Ms. Ho encouraged audit committee members to engage with the PCAOB during its rulemaking process, challenge management and the external auditor on how technology such as AI could be leveraged to prepare financial statements and enhance audit quality, and to use their platforms to speak with young people about the auditing profession. She emphasized that AI could enhance audit quality through consistent and effective execution of routine and repetitive tasks, proactive application relating to fraud detection and through continuous risk assessment. She also emphasized that appropriate talent is essential for companies to produce quality information and is needed by external auditors so that audit quality remains high.
Why is it relevant to the audit committee?
Given its oversight responsibilities related to the company’s financial reporting and internal controls, the audit committee should understand AI’s benefits, risks and broader implications for the company. The audit committee should also understand who has the responsibility for AI governance within the company as part of an overall AI governance model. The audit committee should also stay informed about how the company is using (or plans to use) AI in areas under its oversight responsibility, such as in financial reporting and related controls, internal audit, finance transformation, and the compliance and ethics program.
While talent management oversight is typically a topic for the full board, with input from other committees, the audit committee should understand management’s plans for talent management disclosures. This would include (1) an understanding of processes and internal controls that might be put in place to produce accurate, complete and reliable information, (2) how external reporting might be impacted and (3) the talent risks in areas that fall under its purview (e.g., finance, accounting, tax, internal audit, compliance and IT, among others).
What questions should the audit committee ask?
Where to go for more information:
PwC: Tech, talent and the Audit Committee's evolving role (webcast replay)
PwC: The power of AI and generative AI: what boards should know
PwC: Talent management: an evolving board imperative
What the audit committee needs to know
Many audit committees remain challenged with overseeing an ever-expanding list of responsibilities, including risks associated with evolving regulations and standards, the impacts of geopolitical and economic shifts, processes and controls relating to significant business and finance transformations, and a host of other matters. However, amid the expanded workload, it is important for the audit committee to allocate enough focus and depth to key oversight areas. And while it may be receiving periodic updates on many matters, now is a good time for the audit committee to receive deep dives from management on key areas of oversight (especially those that may not be on the agenda as frequently), including:
Financial reporting and accounting – Detailed review of financial statements, including significant accounting policies, judgments and estimates, and any changes expected in the short term
Internal controls and risk management – Deep dive into key areas of risk (e.g., cyber, operational, compliance)
Tax matters – Review of the company’s tax strategy; updates on significant tax matters, including changes in tax laws and their implications
Regulatory and compliance matters – Updates on compliance with regulatory requirements, including any new or pending regulations and status of any ongoing regulatory investigations
Fraud risk and ethics compliance – Review of whistleblower reports and investigations; evaluation of the effectiveness of ethics and compliance programs
Litigation and legal matters - Updates on significant legal risks and proceedings and potential liabilities
Third-party and vendor management – Review of the risks associated with key third-party relationships and vendor management practices
Why is it relevant to the audit committee?
Deep dives from management can provide detailed insights and promote understanding that help the audit committee fulfill its oversight responsibilities more effectively. Allocating time in the audit committee’s agenda for such discussion can confirm that management is addressing critical matters appropriately and keeps key matters in focus for the audit committee as they may evolve.
What questions should the audit committee ask?
Where to go for more information:
PwC: Audit committee oversight checklist
PwC: Financial reporting oversight
PwC: How your board can oversee third-party risk
PwC: Finance transformation: four areas of focus for the audit committee
PwC: Get your Audit Committee activities in shape before regulators come knocking
PwC: Audit committee dashboard reporting
Every audit committee meeting agenda should include these important items or, at least, they should be discussed at scheduled intervals: