With the arrival of 2021, audit firms, consultants, and others will be offering suggestions on issues that audit committees should focus on during the new year. Consulting firm Protiviti has published Setting the 2021 Audit Committee Agenda, which outlines eight major issues, and two additional topics, for audit committees to consider as they formulate their 2021 agendas. A summary appears below.
1. Consider shifts in the risk landscape to establish an appropriate business context. Have the implications of changes in the nature and severity of risks been considered by the committee in discharging its various responsibilities?
Protiviti notes that internal and external risk assessments “enable the committee to put into proper context the representations and assertions received from management, newly reportable critical audit matters, and audit scope changes raised by the external auditor and internal control concerns, errors and irregularities and other findings presented by internal audit.”
2. Work with the CFO to review the finance function's resiliency. How effective and efficient was the financial reporting process during and since the lockdown with people working from home? What did we learn? How has the function improved its resiliency going forward?
Protiviti suggests several questions audit committees should consider in evaluating the finance function, including whether employees have the technology and tools they need and whether there any priorities, like improving supply chain resiliency, that need to be addressed in 2021.
3. Encourage the CFO to function as a strategic partner in addressing cyber-security, privacy and other key priorities. Is finance sufficiently resourced to focus on such matters as evolving cyber threats, more advanced data analytics, internal customer expectations, financial planning and analysis, regulatory challenges, and internal controls as a strategic partner with the rest of the organization?
The audit committee should support the CFO’s efforts to address the increasing demands his or her office faces and to obtain adequate resources. Protiviti notes that this may be an appropriate discussion to have with the CFO in an executive session.
4. Work with the CAE [Chief Audit Executive] to formulate appropriate imperatives for internal audit to ensure the function's continued relevance. Is the CAE effective in achieving appropriate risk coverage, agile responses to new and emerging risks, and efficient delivery of value-added insights regarding risk culture, risk management capabilities and the internal control environment?
In Protiviti’s view, there is an opportunity “for internal audit to enhance its value proposition by becoming a problem-solver, rather than a mere problem-finder.” This requires “next-generation capabilities” so that internal audit can “keep pace with the company's overall digital transformation and embrace change, improve continuously and maintain its relevance, paving the way to efficiency, adaptability, increased engagement and deeper, more valuable insights.”
5. Address accounting and reporting implications of operational adjustments during the pandemic and recession. Have discontinued operations and divestitures, termination benefits, and the impact of contract modifications been reported properly? If the company received government assistance, is it being accounted for appropriately?
“The company's decisions to adjust operations during the pandemic have accounting and reporting implications. The audit committee should address such matters with management and the external auditor.”
6. Assess COVID-19-related impacts on financial reporting assertions. Are the pandemic's effects on estimation processes underlying asset impairments, valuation, net realizable value, loss contingencies and other accounting and disclosure matters understood and addressed?
Audit committees should inquire of management and the external auditor regarding significant accounting estimates and their financial statement implications. (See PCAOB Issues Guidance for Audit Committees on New Estimates and Use of Specialists Standards, in this Update.) Protiviti also reminds audit committees that financial reporting can be affected by information that becomes available after the balance sheet date but before issuance of the financial statements. “If significant subsequent events occur, companies are required to disclose their nature and either an estimate of the financial statement impact or a declaration that an impact assessment cannot be made.”
7. Evaluate the pandemic's near-term and longer-term impacts on the internal control environment. How are recent and expected changes in the workplace and current plans for reopening physical locations affecting the company's internal control over financial reporting, cyber-threat landscape, and exposure to compliance and fraud risk?
The audit committee is “the board's advocate for strong internal control over financial reporting.” Audit committees should be alert to the impact on controls of pandemic-related changes in operations. Some of the questions that Protiviti suggests audit committees consider include: “With respect to internal controls, have there been any significant changes? Has the flux in internal processes during the lockdown and with the planned re-entry affected the integrity of the company's internal control structure and execution of key internal controls over financial transactions and reporting? Have there been significant personnel changes from attrition, downsizing, the virus or reassignments? If so, have the changes affected the performance of any key controls? Are there any segregation-of-duties issues? Are the changes and the pandemic's effects material enough to warrant disclosure?”
8. Consider the nature of critical audit matters raised by the independent auditor. In the event the external auditor reports critical audit matters, has the committee evaluated them in consultation with the auditor and management?
As discussed in prior Updates, auditors are now required to include in their audit report discussion of critical audit matters (CAMs) – issues that were discussed with the audit committee and that relate to material accounts or disclosures and involve especially challenging, subjective, or complex auditor judgments. Protiviti recommends that audit committees discuss CAMs with the auditor and management to gain an understanding of the underlying issues. “If there are significant judgmental issues on which management and the auditor do not agree, or if management is applying aggressive accounting principles, there may be an opportunity for the committee to inquire of management as to whether the company's accounting and reporting processes can be streamlined and improved.”
Other Matters
Protiviti’s also highlights two additional matters that audit committees should include on their agendas.
Keep an Eye on ESG Developments
Protiviti notes that “observable market forces continue to elevate the importance of ESG-related matters” and predicts that it is “a matter of when, not if, the market can expect more rulemaking and standard-setting on ESG-related impacts.” Among other things, Protiviti cites the new SEC human capital disclosure requirements (see SASB Can Help Companies Comply with the SEC’s Human Capital Disclosure Requirement in this Update). “The audit committee should review these new disclosures in light of developments occurring at the company.”
Self-Assess Committee Effectiveness
Audit committees should periodically assess their performance, including the committee composition, charter and agenda focus in view of the current challenges the company faces. Protiviti lists 12 specific topics that it recommends be covered in an audit committee performance assessment.
Comment: Although each company's circumstances and challenges vary, lists of this nature can serve as useful checks as audit committees develop their plans for the coming year. Protiviti’s reminders concerning the possible impact of the pandemic on risk, disclosures, and controls are particularly timely. Also, the highlighting of the need to be on the alert for potential ESG developments that may affect the audit committee’s work seems very appropriate, given the growing investor interest in this area, and is likely to be echoed in other firms’ audit committee agenda recommendations.