The Center for Audit Quality (CAQ) and Ideagen Audit Analytics (IAA) have released the Audit Committee Transparency Barometer 2025 (Barometer 2025), the twelfth edition of the CAQ’s annual analysis of audit committee disclosures. The press release announcing Barometer 2025 reports that “while skills matrix disclosure continues at high rates and disclosure of cybersecurity expertise on boards has grown, most disclosure areas have stagnated or declined.”  Key findings of the 2025 report include:

• Ninety percent of S&P 500 companies disclosed the board of directors’ skills matrix, an increase from 85 percent in 2024. S&P MidCaps and S&P SmallCaps also increased this disclosure. 

• Sixty-five percent of S&P 500 boards disclosed they have a cybersecurity expert, a five percent increase from 2024.

• “Stagnation and decline” of audit committee disclosures occurred across several measures. For S&P 500 companies, disclosure of the annual evaluation of the external auditor decreased from 39 percent to 38 percent; disclosure of considerations in appointing or re-appointing the external auditor was flat at 50 percent; and disclosure of factors contributing to the selection of the audit partner decreased from 17 percent to 16 percent.

The Transparency Barometer tracks S&P 1500 audit committee disclosures on thirteen topics (two of which include subtopics) and breaks down disclosures between the S&P 500, the S&P MidCap 400, and the S&P SmallCap 600. For a discussion of last year's report, see CAQ and IAA: Companies are Saying More About Their Board’s Cyber and ESG Expertise, November 2024 Update.  Highlights of Barometer 2025 are discussed below.

Frequent Disclosures

In 2025, the five most frequently disclosed topics (ranked according to their S&P 500 disclosures) were:

• Disclosure that the board of directors has a skills matrix.  The report states that a skills matrix is “a helpful tool in evaluating the overall competency of the board to ensure the board is equipped with the skills needed to exercise effective oversight.” As noted in the press release, 90 percent of S&P 500 companies disclosed a skills matrix, up from 85 percent last year.  Eighty percent of S&P MidCap companies disclosed a matrix, up from 75 percent in 2024, and 70 percent of S&P SmallCaps disclosed a matrix, an eight percent increase from 62 percent.

• Discussion of how non-audit services may impact independence. Eighty-five percent of the S&P 500, 82 percent of S&P MidCaps, and 75 percent of S&P SmallCap companies discussed the relationship between non-audit services and auditor independence. In 2024, the frequency of this disclosure was almost the same (S&P 500: 85 percent, S&P Midcaps: 80 percent, and S&P SmallCaps: 74 percent).

• Disclosure of the length of time the auditor has been engaged. Seventy-five percent of the S&P 500, 61 percent of the MidCap 400, and 56 percent of the SmallCap 600 disclosed auditor tenure. This reflects a slight increase over 2024 when 73 percent of the S&P 500, 61 percent of the MidCap 400, and 57 percent of the SmallCap 600 disclosed tenure.

• Disclosure that the board of directors has a cybersecurity expert. Technology and cybersecurity continue to be a focus of board and audit committee oversight.  Sixty-five percent of S&P 500 companies indicated that their board had a cybersecurity expert, a five percent increase. Forty-six percent of the S&P MidCap and 44 percent of SmallCaps disclosed such expertise in 2025, increases of 5 percent and seven percent, respectively.  Barometer 2025 observes that “this disclosure was one of few where we see an increase.”

• Disclosure that the audit committee is responsible for cybersecurity risk oversight. Sixty-four percent of the S&P 500, 55 percent of the S&P MidCap 400, and 53 percent of the SmallCap 600 disclosed that the audit committee had cybersecurity risk oversight responsibility. In 2024, 64 percent of the S&P 500, 53 percent of the S&P MidCap 400, and 50 percent of the SmallCap 600 made this disclosure. Audit committee cybersecurity responsibility disclosure has risen sharply in the past eight years. In 2016, only eleven percent of the S&P 500 (and five percent of Mid-Caps and four percent of SmallCaps) discussed audit committee oversight of cybersecurity risk.

Infrequent Disclosures

Of the 13 topics that the CAQ and IAA track, those least frequently disclosed were:

• Disclosure related to a discussion of audit fees and their connection to audit quality.  Only seven percent of the S&P 500 and three percent of S&P MidCaps discussed the relationship between audit fees and audit quality.  No SmallCap companies addressed this issue.

• Disclosure related to a discussion about how the audit committee considers the length of auditor tenure.  While auditor tenure was the second most frequent disclosure, discussion of how the audit committee views tenure was second from the bottom in disclosure frequency.  Fourteen percent of S&P 500 companies discussed the audit committee’s view of the length of auditor tenure, as did five percent of MidCaps and four percent of the SmallCaps. 

Oversight of the External Auditor – Plateaued or Declining

As discussed above, two auditor oversight topics were among the most frequently disclosed (how non-audit services impact independence and auditor tenure), and two were the least frequently disclosed (the relationship between audit fees and audit quality and how the audit committee considers auditor tenure).  Barometer 2025 also analyzes trends in three other areas related to auditor oversight:

• Disclosure that the evaluation of the external auditor is at least an annual event.  S&P 500 disclosure rates for the annual external auditor evaluation decreased for the first time since the Barometer's inception, falling from 39 percent in 2024 to 38 percent in 2025.  For MidCaps, this disclosure rose one percent to 23 percent in 2025, and for SmallCaps it rose two percent to 22 percent.

• Disclosure related to a discussion of audit committee considerations in appointing or re-appointing the external auditor.  The disclosure rate for the discussion of factors the audit committee considers when appointing or re-appointing the external auditor was stagnant at 50 percent for companies in the S&P 500.  For S&P MidCap companies, this disclosure fell one percent from 35 percent in 2024 to 34 percent in 2025.  For S&P SmallCaps, it rose from 29 percent to 30 percent, up one percentage point from 2024.

• Disclosure that the audit committee participates in the selection of the engagement partner and of how the audit committee is involved. Fifty-three percent of S&P 500 companies explicitly state the audit committee’s involvement in selecting the audit partner, but only 16 percent discuss factors contributing to the selection, a one percent decrease from 2024. The CAQ states: “The engagement partner plays a key role in setting the tone for the engagement team. Increased disclosure of audit committees’ involvement in, and process for, selecting the engagement partner provides stakeholders with confidence that the audit committee has sufficient oversight of the selection of the engagement partner and determine who is best suited to lead the engagement team to execute the audit effectively through change and disruption.”

Regarding 2025 auditor oversight disclosures generally, the report states that the CAQ and IAA “see an opportunity for audit committees to provide greater transparency into how evolving risks impact the audit committees’ considerations in determining how external auditors are evaluated, appointed/(re)appointed, and how audit partners are selected.”  They further note that “[i]ncreasing disclosures of these areas will provide stakeholders with greater insight into how the audit committee oversees the external auditor, and how that oversight continues to evolve and adapt in response to change and disruption.”

Disclosure Examples and Audit Committee Questions

As in prior years, an appendix to Barometer 2025 presents examples of effective disclosures from specific audit committee reports for each of the 13 disclosure topics tracked in the annual analysis. Another appendix contains a detailed pro forma description of an audit committee and its responsibilities, along with a model audit committee report. A final appendix, “Questions to Consider When Preparing Audit Committee Disclosures,” lists questions to aid in drafting disclosures concerning the work of the audit committee. These questions are arranged under the thirteen disclosure topics tracked in the Barometer.

Audit Committee Takeaways

Audit committees can use the  Barometer 2025 to benchmark their company’s disclosures.  Further, committees should consider expanding their audit committee reports, particularly in auditor oversight areas that the report flags as declining or in need of improvement.  The Questions to Consider appendix may be useful to committees in evaluating and enhancing their disclosures. 

Disclosure of a directors’ skills matrix, which has become popular, may well be useful to investors.  But the audit committee’s core responsibility is financial reporting and auditor oversight.  Transparency concerning that work should be the paramount goal.  As Barometer 2025 states: “Audit committees have an opportunity to re-evaluate their disclosures in light of the period of disruption that we are facing, to provide greater transparency to investors and other stakeholders about how the audit committee is fulfilling its oversight responsibilities. These disclosures ultimately enhance trust and instill confidence in the audit committee’s leadership.”