Top five priorities for audit committees in 2022
As we look to 2022, governance oversight advances, enterprise risks multiply, demands for increased transparency in reporting continue, and the effects of the COVID-19 pandemic linger.
To prepare for the year ahead, audit committees should expect an expanding array of responsibilities and actively seek education that will contribute to audit quality and the integrity of financial reporting. Below are five key areas that should be top of mind for audit committees in the coming year.
1. Evolving roles and increasing responsibilities
Audit committees have the critical role of overseeing management’s financial reporting and ensuring compliance with rules and regulations. They often have responsibilities beyond these requirements which should be reflected in governance charters. It is imperative the full board continually evaluates the allocation of responsibilities among the committees of the board, and aims for a balance in efficiency without losing communication, productivity, and impact.
Audit committees are often expected to keep the board informed on specific risk elements within the Enterprise Risk Management (ERM) framework, which further impact reporting and disclosure. As enterprise risks increase in number, scope, and extend beyond traditional audit and financial risks to include business risks such as cybersecurity, ESG/sustainability, M&A and other matters, responsibilities of the audit committee should be carefully evaluated to ensure risk oversight is aligned with the appropriate resources, available capacity, and experience. Certain areas may require specified knowledge and/or expertise beyond what may currently exist within the board. In these instances, the audit committee should have the ability to, and consider the value of, bringing in specialists to educate and/or work with the directors to help inform their decision-making. These specialists may be found within the company, within the auditing firm or via other third-party advisers.
Regardless of where expertise is derived, the board must ensure the appropriate skill level of their advisers and determine that the board is capable of objectively and knowledgeably evaluating recommendations made to it.
Communication and collaboration are critical components in risk oversight. Ultimately, the full board is responsible for the entity’s governance. In accepting the responsibilities outlined in its charter to “dig deep” on issues, the audit committee should collaborate with other board committees as necessary and ultimately, communicate their findings and recommendations to the full board. Further, the audit committee should expect, and be expected to provide, consistent communication to and from management, internal and external auditors, and other available resources to effectively discuss the impact of risks and how they should be conveyed to stakeholders. As risks evolve, collaboration grows more crucial. Clear lines of communication and responsibilities between the audit committee, management and the auditors may encourage other departments to proactively involve the audit committee in various decisions impacting both audit risk and ERM.
2. Topical Financial Reporting Implications
At the core of the audit committee’s responsibilities is oversight of the company’s financial reporting. Continued economic uncertainty requires careful evaluation regarding financial reporting implications for businesses. Accounting estimates, including forecasts and fair value estimates, require a high degree of professional judgment and evaluation.
While it is management’s responsibility to develop the assumptions and data methods supporting accounting estimates, it is up to the audit committee to understand and challenge management, including potential management bias in the development of estimates.
Disruption from the pandemic, together with evolving guidance from professional organisations over the past several years, provide the impetus for audit committees to have a keener understanding of how to identify and challenge any potential bias from management as it relates to accounting estimates.
Directors are encouraged to ask:
- Which areas are affected by accounting estimates and fair value measurements?
- Have we considered all the evidence that led to this accounting decision?
- Do the choices management is making hold up against increased scrutiny and industry peer data?
- Does the management team have the experience and track record to accurately project these forecasts?
- Would the use of a specialist, adviser, or service organisation help?
The audit committee’s ability to sceptically consider and independently verify management’s approach to financial reporting, and engage with auditors on the work performed, is a critical component of audit quality and a basis for the integrity of financial reporting.
Audit committees must also contend with complex accounting standards including accounting for leases under NZ IFRS 16, accounting for revenue under NZ IFRS 15, and expected credit loss under NZ IFRS 9 which significantly changes the impairment model for most financial assets from an incurred loss model to an expected loss model and provides targeted improvements on evaluating impairment among other updates.
3. Ongoing Pandemic Impacts
The COVID-19 pandemic continues to challenge companies with persistent supply chain, labour and fraud issues. In the coming year, the audit committee will need to continue collaboration with the full board, various committees, and management to ensure a full understanding of risks and the appropriate mitigation of such risks affecting their business.
In the 2021 Manufacturing CFO Outlook Survey by BDO in the USA, middle market manufacturers identified the number one factor most critical to the manufacturing industry’s recovery as supply chain stability. The report also found that success is no longer just about moving products quickly, or even cheaply. It’s about the sum of the whole, with supply chain factors such as technology, geo-political location, distance, and back-up supply options contributing to overall success.
Some of the key responses by globally competitive firms has been to reassess their decision making and implementation of supply chain management (SCM) initiatives. These include:
- Management vision with proactive, visible support and initiatives
- Adequate information systems including facilitation of information links between and within firms
- Quality/compliance programs interwoven into all operational activities
- Active problem solving and engagement among members of the supply chain
- Reporting capabilities for performance measurement of supply chain activities and results
- Information resets designed and implemented to update SCM skill sets.
While it has brought about many benefits, the pandemic era shift to remote work has also led to an uptick in fraud and further third-party risk. Newly launched, decentralised systems in which largely uninformed, physically distant employees were tasked with ensuring the security of data left many companies vulnerable to cyber-attacks. But fraud can be an inside job as well and remains a priority for regulators and boards alike.
Audit committees should continue collaborative efforts in this area as well, for example partnering with management and IT to oversee cybersecurity improvements, internal controls, and other initiatives to mitigate fraud and third-party risks. With the board, they should remind the organisation to be alert for fraud and set a strong tone from the top that risk behaviours will not be tolerated.
Outside of the shift to remote work, the business community has been hit by broader workforce issues, including shortages of highly skilled workers, driven by New Zealand’s border entry rules. As the economy recovers, companies will dedicate more resources to attracting and retaining talent. Audit committees will likely need to be dialled into the workings of the nomination, governances and compensation committees within their organisations, as many of the issues that represent financial reporting risk may come under the expanding purview of other committees of the board. These considerations are applicable not only to an organisation’s broader employee base but also to the board as they recruit directors with experience in existing and emerging risk areas.
4. Digital Investment While Countering Cybersecurity
Lagging in digital transformation is a major concern for boards. In our 2020 Cyber Security Report 85 per cent of all organisations made investments to enhance cyber security controls despite already having remote working measures in place. In 2022, we anticipate board members will continue to make similar investments and broaden their own digital skillsets to successfully govern in this new environment, while also considering the expertise within the board to support corporate-wide digitisation efforts.
Access to data, automation of operations and real-time information provides increasingly competitive advantages. An expanded digital skillset will help board members protect their companies from both the risk of obsolescence and inefficiency as well as from the current onslaught of cyber threats, including increasingly common ransomware attacks. In October 2021, Fortune.com reported that “Year to date, there have been 1,291 breaches, compared to 1,108 in 2020”, demonstrating the continuation of an upward trend in attacks. Regular board briefings by the Chief Information Security Officer or similar position should provide key communications about:
- Advanced threat levels
- Detection and prevention capabilities
- Scenario planning
- Continual penetration testing
- Education for all employees throughout the organisation.
From a financial reporting audit perspective, cyber risk remains a focus. If a cyber incident has occurred during the audit period, the regulators will scrutinise how the auditor considered the incident in their risk assessment process and if any material risk was overlooked.
Managing cybersecurity requires a layered, risk-based approach and boards need to take an active role in keeping their organisations prepared. If assigned by the board, the audit committee must make cybersecurity a recurring item on its agenda and ensure the entity is receiving good information about the status of its cyber threat detection, prevention and mitigation programs and is regularly testing its cyber incident response plan. The audit committee should also ensure that appropriate resources are being allocated to cybersecurity initiatives.
Digital literacy will also help the audit committee leverage and evaluate external auditors’ use of the wealth of technology designed to streamline the audit process. As tech-based audits become more commonplace, the audit committee should take every step necessary to question efficiency and efficacy, build confidence in its ability to evaluate a tech-based audit and consider the digital nature of the audit in their oversight and evaluation of the external auditor.
5. Increased ESG/Sustainability focus
Environmental, social, and governance (ESG) issues are increasingly important for boards as organisations face mounting pressure to demonstrate a greater commitment to long-term, sustainable value creation which incorporates the wider demands of people and the planet. Climate change, modern slavery, employee health and wellbeing, community engagement and diversity and inclusion are but a few of a company’s ESG factors coming under increasing scrutiny by shareholders, regulators, capital providers, employees, customers and the broader community.
The demand for ESG reporting by various stakeholders has been steadily growing and shows no signs of slowing down in 2022. Sustainability and transparency are increasingly associated with successful financial performance and value creation and have long-term investor appeal.
A well-executed ESG strategy can generate value in a myriad of ways, including:
- Access to new avenues or reduced cost of capital
- Improved productivity and reduced operating costs
- Access to new markets
- Improved stakeholder engagement
- Access to and retention of high-quality talent.
Notwithstanding the economic and social aspects of ESG performance, current reporting requirements and guidance are limited, but emerging. In the absence of a unified global ESG reporting standard, companies who reported on ESG often chose to draw metrics from a variety of frameworks when determining voluntary ESG disclosures.
At times this has resulted in ‘greenwashing’ where an entity might ‘cherry pick’ and disclose only information that casts its activities in a positive light. This fragmentation led to calls for the formation of a ‘standard setter’ to build on work already done, and begin issuing a single set of consistent sustainability standards that would act as a ‘global baseline’. Formed in November 2021, the International Sustainability Standards Board (ISSB) will issue IFRS Sustainability Disclosure Standards. Their work commenced with two prototype standards: One on climate and the other on general disclosure requirements.
While certain jurisdictions (such as New Zealand – read more here) will develop their own sustainability reporting standards, many will partially converge with IFRS Sustainability Disclosure Standards. The ISSB is seeking to build upon what has already been done by other standard setters. It will consolidate and merge with two existing organisations:
- The Climate Disclosure Standards Board (CDSB)
- The Value Reporting Foundation (VRF) which houses the Integrated Reporting Framework and Sustainability Accounting Standards Board (SASB) standards.
While many more entities are providing ESG disclosures – both quantitatively and qualitatively - very few are fully integrated with published financial statements.
If the IFRS Sustainability Disclosure Standards starts to develop stronger currency in global corporate reporting circles, we anticipate the growing convergence between financial reporting under IFRS financial disclosure standards and ESG reporting under IFRS sustainability disclosure standards.
With the growing focus on ESG performance it is also likely that boards will come under increasing pressure to provide adequate assurance over published ESG data. At the moment, however, very few organisations that report on ESG performance have engaged audit specialists to assist. BDO anticipates that more time, attention, and effort by a broader variety of stakeholders will demand more robust reporting on ESG performance, and correspondingly robust validation by skilled and credentialed professionals will be required for material decision making.
How Audit Committees Can Prepare for the Year Ahead
Governance responsibilities continue to evolve and increase in importance and accountability. Audit committees should ensure they are prepared with an understanding of their expanded roles and responsibilities, and that they have adequate resources to execute those increasingly complex areas. At its core, the audit committee is responsible for the oversight of financial reporting, external and internal auditors, compliance, ethics, and controls. Increasingly, the committee is charged with additional responsibilities such as ERM and all that encompasses, digital transformation, cybersecurity and ESG.
The audit committee can prepare for the coming year by ensuring clear communication and collaboration with management, the full board, and other committees along with its advisers. Continuous education on emerging topics of interest and an eye on trends serves to keep directors knowledgeable and relevant. Keeping the company’s vision and strategy in mind is key as the audit committee helps leadership mitigate risk and identify new opportunities in the coming year.
These are just some of the many issues that audit committees are facing as they exercise their oversight responsibilities. We encourage audit committees to maintain continuous and considered communications with their auditor and be diligent in their continued education including remaining abreast of industry trends.
Managing audit priorities and processes can be challenging. For more information or assistance with your internal audit controls and business systems please contact your local BDO representative.
Please note this article has been derived from content initially developed by BDO in the US. The original article can be found here.
This publication has been carefully prepared, but is general commentary only. This publication is not legal or financial advice and should not be relied upon as such. The information in this publication is subject to change at any time and therefore we give no assurance or warranty that the information is current when read. The publication cannot be relied upon to cover any specific situation and you should not act, or refrain from acting, upon the information contained therein without obtaining specific professional advice. Please contact the BDO member firms in New Zealand to discuss these matters in the context of your particular circumstances.
BDO New Zealand and each BDO member firm in New Zealand, their partners and/or directors, employees and agents do not give any warranty as to the accuracy, reliability or completeness of information contained in this article nor do they accept or assume any liability or duty of care for any loss arising from any action taken or not taken by anyone in reliance on the information in this publication or for any decision based on it, except in so far as any liability under statute cannot be excluded. Read full Disclaimer.