top of page
  • Writer's pictureDaniel Goelzer

As Transparency Inches Forward, Audit Committees are Disclosing More About Cyber Risk Oversight

On October 12, the Center for Audit Quality and research firm Audit Analytics released 2020 Audit Committee Transparency Barometer (2020 Transparency Barometer), their annual assessment of S&P Composite 1500 proxy statement disclosures related to the work of the audit committee. (The S&P Composite 1500 consists of the S&P 500 index of large-cap companies, the S&P MidCap 400, and the S&P SmallCap 600.) Audit committee disclosure has increased significantly since the first Transparency Barometer in 2014, although the growth in these disclosures has leveled off in recent years. See, e.g., Voluntary Audit Committee Disclosures Continue to Increase – But Only Slightly, September 2020 Update and Audit Committee Transparency Plateaus, November-December 2019 Update. The 2020 Transparency Barometer is consistent with these trends.

The 2020 Transparency Barometer highlights three areas in which audit committee disclosure has changed:

  • Cybersecurity. Disclosure related to audit committee oversight of cybersecurity has increased sharply during the last five years. In 2020, 39 percent of the S&P 500 disclosed that the audit committee is responsible for cybersecurity; 28 percent S&P MidCaps and 18 percent S&P SmallCaps made such a statement. In contrast, only eleven percent of the S&P 500 (and five percent of Mid-Caps and four percent of SmallCaps) did so in 2016. In 2020, 28 percent, 20 percent, and eight percent, respectively, disclosed that the board had a cybersecurity expert. In almost all cases, that disclosure indicated that the cybersecurity expert was on the audit committee.

  • Auditor compensation. Disclosure related to oversight of auditor compensation is “stagnant.”

o Only four percent of the S&P 500 included a discussion of audit fees and their relationship to audit quality; two percent of the S&P MidCap 400 and one percent of the S&P SmallCap 600 discussed this issue. Such disclosures have declined significantly in the past seven years. In 2014, the comparable percentages were 13 percent, four percent, and one percent. Similarly, in 2020 three percent of the S&P 500 provided a discussion of how the audit committee considers auditor compensation, and only one percent of the other S&P tiers discussed that issue.

o Eighteen percent of the S&P 500, seven percent of the S&P Mid-Caps, and four percent of the S&P SmallCaps stated that the audit committee is responsible for fee negotiations with the auditor. The frequency of such disclosure has essentially been flat for the past five years.

o Nineteen percent of the S&P 500 included an explanation for a change in audit fees, while 14 percent S&P Mid-Cap 400 and 21 percent S&P SmallCap 600 provided a fee change explanation. In 2014, such disclosure was more common -- 28 percent for the S&P 500, 30 percent for Mid-Cap companies, and 24 percent for SmallCaps.

Other 2020 Transparency Barometer findings include:

  • Audit firm selection/ratification. Forty-three percent of S&P 500 proxy statements disclosed consider-ations that were the basis for the audit committee's appointment of the audit firm, up slightly from 42 percent in 2019. Thirty percent of MidCap 400 companies discussed appointment considerations (flat from last year), and 23 percent of SmallCap 600 companies made such a disclosure (compared to 22 percent last year).

  • Length of engagement. The share of S&P 500 companies that disclose the audit firm’s tenure fell from 71 percent in 2019 to 69 percent in 2020. For MidCap and SmallCap companies, the 2020 percentages were 56 percent and 54 percent, respectively; this was a two percent increase over 2018 for MidCaps and a one percent drop for SmallCaps. (Company disclosure of tenure is redundant, since it is now a mandatory disclosure item in the auditor’s report. See SEC Approves New Auditor’s Reporting Model and Shifts the Discussion to Implementation, November-December 2017 Update.)

  • Audit firm evaluation/supervision. Half of S&P 500 companies disclosed criteria the audit committee considered in evaluating the audit firm (compared to 50 percent in 2019 and 51 percent in 2020). Thirty-seven percent of MidCa companies and 36 percent of SmallCap companies discussed the audit committee’s evaluation criteria, a decrease of two percent and an increase of three percent, respectively.

  • Annual audit firm evaluation. In 2020, 31 percent of the S&P 500 disclosed that the audit committee performed an evaluation of the external auditor, a two percent increase over 2019. For MidCaps, this disclosure was made by 19 percent, the same as in 2019. Sixteen percent of SmallCaps made the annual evaluation disclosure, compared to 14 percent last year.

  • Engagement partner selection. In both 2020 and 2019, half of the S&P 500 disclosed that the audit committee is involved in engagement partner selection. For S&P MidCap companies, 23 percent disclosed that the audit committee played a role in engagement partner selection (up from 22 percent in 2019), while twelve percent of SmallCaps made such a disclosure, up from ten percent last year.

Comment: Audit committees should be aware of the types of voluntary disclosures concerning committee responsibilities and activities that their peers are making and consider expanding their disclosures to match. The kinds of disclosures the 2020 Transparency Barometer identifies as common among S&P Composite 1500 companies are generally not controversial and would rarely involve disclosing confidential information or exposing the audit committee to increased litigation risk. As in prior years, the report includes examples from audit committee reports or proxy statement discussions of each type of disclosure tracked. These examples provide good models for companies that are considering strengthening their disclosures.

27 views0 comments

Recent Posts

See All


bottom of page