On November 30, the Center for Audit Quality (CAQ) and research firm Audit Analytics (AA) released 2022 Audit Committee Transparency Barometer (Barometer), the ninth edition of their annual assessment of S&P Composite 1500 proxy statement disclosures concerning the work of the audit committee. According to the accompanying press release, the 2022 report reflects “a long-term positive trend of increased transparency in several areas by audit committee members.” Among other things, the Barometer finds that cybersecurity disclosures continue to increase and that 54 percent of the S&P 500 audit committees reported having responsibility for cyber risk oversight. In addition, as a corollary to the growth in sustainability or ESG reporting (see Sustainability Reporting Reaches an All-Time High, But Investors Have Qualms About the Content (Audit Update blog post), the report finds that 18 percent of S&P 500 audit committees disclosed having responsibility for ESG oversight.
Along with the Barometer, the CAQ released Audit Committee: The Kitchen Sink of the Board (Kitchen Sink). This publication, developed by the CAQ and academic researchers at the University of Tennessee Knoxville’s Neel Corporate Governance Center and the Pamplin College of Business at Virginia Tech, “offers leading practices for audit committees, including how boards can effectively allocate oversight responsibilities to the audit committee, how audit committee members can keep up with an ever-evolving workload, and how audit committees can improve their disclosures related to their oversight responsibilities.”
2022 Transparency Barometer
In general, the findings of the 2022 Barometer are consistent with last year. (For a summary of last year’s Barometer, see Slight Increases, Some Stagnation: CAQ and EY Report Cards on Audit Committee Transparency, November-December 2021 Update.) Of the various topics surveyed, the highest rates of proxy disclosure related to non-audit services. Eighty-four percent of the S&P 500 discussed how non-audit services may impact auditor independence. Eighty-two percent of the S&P MidCap and 76 percent of the SmallCap companies made such disclosures. This topic also topped last year’s list, and the disclosure percentages are essentially unchanged. (The Barometer breaks down S&P 1500 disclosures between the S&P 500 large-cap companies, the S&P MidCap 400, and the S&P SmallCap 600.)
Areas in which there were relatively low levels of disclosure included audit committee responsibility for audit fee negotiations, explanation of a change in audit fees, and discussion of how the audit committee considers auditor compensation and its connection to audit quality. For example, only 23 percent of the S&P 500 and S&P MidCap 400 provided an explanation for a change in audit fees; disclosure of reasons for fee changes was slightly more frequent among smaller companies – 26 percent of the SmallCap 600 discussed such changes. The least popular disclosure tracked by the Barometer was discussion of the connection between audit fees and audit quality. Only six percent of the S&P 500 discussed this topic; two percent of the MidCaps and SmallCaps did so. Although very low, these figures reflect an increase over 2021, when none of the S&P 1500 companies made such a disclosure.
Other highlights of the 2022 Barometer include:
Auditor tenure. Auditor tenure is a common audit committee disclosure. Seventy-one percent of the S&P 500 disclose the length of time the auditor has been engaged, as do 59 percent of the S&P Midcaps and 55 percent of SmallCaps. In contrast, very few audit committees (nine percent for S&P 500, five percent of MidCaps and two percent of SmallCaps) disclose how the audit committee factors in length of auditor tenure when deciding whether to re-appoint the external auditor. Since 2018, auditor tenure has been a required disclosure in the auditor’s report, and audit committee tenure disclosure could therefore be viewed as redundant. As the Barometer points out, stakeholders would likely prefer to learn from the audit committee how it thinks about audit firm tenure in relationship to auditor independence and audit quality.
Engagement partner selection. Half (51 percent) of the S&P 500 disclose that the audit committee is involved in engagement partner selection, while 24 percent of MidCaps and twelve percent of SmallCaps make such a statement. These percentages are essentially unchanged from last year. The Barometer states that, according to an academic study, the audit partner selection process is positively associated with audit quality and suggests that audit committees explain their role in selecting the engagement partner.
Cybersecurity. As noted above, disclosure related to audit committee responsibility for oversight of cybersecurity risk has increased during the last several years. In 2022, 54 percent of the S&P 500 disclosed that the audit committee is responsible for cybersecurity (compared to 46 percent last year); 41 percent of S&P MidCaps (34 percent last year) and 32 percent of S&P SmallCaps (24 percent last year) made such a statement. In 2016, only eleven percent of the S&P 500 (and five percent of Mid-Caps and four percent of SmallCaps) discussed audit committee responsibility for cybersecurity risk oversight. The Barometer also reports that 39 percent of the S&P 500 disclosed having a cybersecurity expert on the board, as did 26 percent of the MidCap 400 and 18 percent of the SmallCap 600.
ESG. Eighteen percent of S&P 500 audit committees disclose having responsibility for ESG oversight, as do ten percent of MidCaps and seven percent of SmallCaps. While the audit committee may be involved in ESG disclosure, substantive responsibility for ESG strategy and oversight is often assigned to another committee or to the full board.
An appendix to the Barometer includes examples of effective disclosure from specific audit committee reports or other proxy statement discussions for each type of disclosure tracked in the annual analysis. Another appendix contains a pro forma description of an audit committee and its responsibilities, along with a model audit committee report. A final appendix, “Questions to Consider When Preparing Audit Committee Disclosures”, lists twelve questions to aid in drafting disclosure concerning the work of the audit committee. These questions mirror the issues addressed in the Barometer report.
Audit Committee: The Kitchen Sink of the Board
To assist companies and audit committees in managing their responsibilities and improving their disclosures, the CAQ simultaneously issued the Kitchen Sink study. The authors describe the purposed of this publication as follows:
“Audit committees are an essential component to the health of our financial reporting ecosystem and capital markets. It’s vital that they have the tools and resources they need, including peer insights and leading practices, to play an effective role in oversight and, ultimately, investor protection. This report provides a step-by-step guide for audit committee members to provide ideas for managing this evolving workload and enhancing their disclosures.”
Kitchen Sink is based on interviews with audit committee members, investors, and those involved in preparing disclosures. The report addresses three topics:
How Can Boards Effectively Allocate Oversight Responsibilities to the Audit Committee? Among other things, the report finds that “[p]erpetually assigning emerging risks to the AC (i.e., the ‘kitchen sink’ approach) can lead to suboptimal oversight due to overworked ACs and a ‘check the box’ mentality” and that “[t]raditional AC skill sets relate to financial reporting and internal controls.”
How Can Audit Committee Members Keep Up With An Ever-Evolving Workload? Suggestions on this topic include “Regularly evaluate whether AC refreshment is needed to keep up with the necessary skill sets to properly oversee evolving risks” and “Carefully manage the AC agenda by mapping out risks to allow for deep dives on a rotation of topics throughout the year.”
How Can Audit Committees Improve Their Disclosures Related To Audit Committee Oversight Responsibilities? Kitchen Sink recommends and describes a four-step approach:
Define Your Goals. “[I]nvestors communicated two consistent themes that indicate disclosures can provide value: (1) be transparent about audit committees’ duties and actions and (2) provide confidence that the audit committee is fulfilling its fiduciary duty.”
Actively Seek Out Disclosure Examples. “AC participants recognize that they do not necessarily desire to be at the front of the pack with their disclosures, but they also do not want to fall far behind. * * * [I]t is important for audit committees to refer to peer disclosures to understand what stakeholders are seeing from peer organizations.”
Advocate For Your Disclosures. “One troubling aspect gleaned from our interviews was the number of AC participants who believed that enhanced disclosures would introduce litigation risk, either for them personally or for the full board of directors. In contrast, our interviews with general counsels revealed less concern about litigation risk. * * * If a GC is not willing to work with the AC, then that is perhaps a sign of a larger issue about management culture that suggests that they are not willing to be transparent with shareholders.”
Regularly Revisit Disclosures. “Perhaps the most consistent thing we heard from all interview participants is the concern that governance disclosures face a high risk of becoming rote and stale. When this occurs, the disclosures are no longer useful to investors and become solely a compliance exercise. * * * [G]iven the ever-evolving set of business risks that companies face each year, it is unlikely that governance operated exactly the same as the prior year.”
The authors of Kitchen Sink have also prepared an academic paper based on their research which provides additional insight into their views on the shortcomings of current audit committee reporting. See Academic Study Finds that Audit Committee Disclosures Don’t Meet Investor Needs (Audit Update blog post).
Comment: The 2022 Barometer report discusses the benefits of audit committee transparency, including “a positive correlation between transparent disclosure and high audit quality,” providing investors with information about the audit committee’s oversight of the auditor and financial reporting broadly, and promoting trust. To capture these benefits, audit committees should, as Kitchen Sink suggests, be aware of the types of voluntary disclosures their peers are making. The kinds of voluntary disclosures the Barometer identifies as common among S&P 1500 companies are generally not controversial and would rarely involve disclosing confidential information or exposing the audit committee to increased litigation risk.
Audit committees should also consider taking their disclosure to the next level by providing, not just a description of what they do, but insight into how they do it. As the Barometer states, “Providing detailed disclosures about how the audit committee executes its oversight responsibility, instead of relying on boilerplate language, provides investors with useful information into the processes, considerations, and decisions made by the audit committee to support audit quality.”