Prioritizing a heavy audit committee agenda is never easy, and 2020 will be particularly challenging as the audit committee operates against a backdrop of global volatility and economic uncertainty, in a world where investors and stakeholders are becoming increasingly powerful and informed.
Drawing on insights from our conversations with audit committees and board directors in general, we highlight the issues that audit committees and boards should keep in mind as they approach and execute their 2020 agendas.
This number one priority from last year holds true for 2020. Nearly half of the 1.300 directors responding to our 2019 Global Audit Committee Pulse Survey said it is increasingly difficult to oversee the major risks on the audit committee’s agenda in addition to its core oversight responsibilities over financial reporting and controls, and internal and external auditors.
Aside from the raft of new agenda items, the risks that many audit committees have had on their plates for some time – those around financial planning, cyber security, IT, supply chain, operations, compliance, etc. – continue to become more complex.
Reassess whether the committee has the expertise and time to oversee the risks it has been assigned. Do cyber risk and data governance require greater attention from the full board or perhaps a dedicated committee that might tap into relevant skills from outside the board? Keeping the audit committee’s agenda focused will require discipline and vigilance in 2020.
Nearly all listed companies provide some form of environmental, social, and governance (‘ESG’) or sustainability reporting, but there are growing concerns by a range of stakeholders – investors, employees, customers, regulators, and activists – regarding the quality, comparability, reliability, and usefulness of such information.
ESG reporting has been of growing importance to institutional investors for many years, with investors demanding more information and seeking engagement with companies on core ESG issues and their impact on companies. While employee and consumer activism regarding ESG issues is in its early stages, it is growing exponentially, particularly among millennials.
The proliferation of climate and sustainability related regulations and frameworks create a complex matrix of behavior and reporting requirements for companies to consider, because the overwhelming voice is for more disclosure.
Given the increasing stakeholder demands for more transparent, higher quality ESG reporting – as well as understandable concerns about the lack of comparability of ESG data – the audit committee can serve as a catalyst, recommending that the board encourages management to reassess the scope and quality of the company’s ESG reports and disclosures. This may be a significant undertaking and would likely include complex and time consuming activities such as gathering complete and accurate data, benchmarking against peers, consideration of the methodologies and standards of various firms that rate companies on ESG practices, understanding the expectations of investors and other stakeholders and reviewing various ESG reporting frameworks for possible use by the company.
Does the current board have the right mix of skills to deliver on this? Should the audit committee consider acting as a formal oversight body for the activity? Consider the need for the company secretarial team to be part of these discussions to help ensure that the necessary infrastructure – controls and procedural – is in place.
Is the board clear on the company’s regulatory responsibilities? Hundreds of new requirements are released every year across the world and in today’s global market staying on top of your responsibilities is a significant task. Ensure that the support for ownership of the process sits comfortably in the business. Engage directly with the company secretarial team in order to ensure that they have a handle on what is required. Can they provide a clear picture of the situation today? Do they have visibility over the pipeline of regulations? Do they have the resources to stay on top of it?
The reputational costs of an ethics or compliance failure are higher than ever.
Fundamental to an effective compliance program is the right tone at the top and culture throughout the organization, which supports the company’s strategy, including its commitment to its stated values, ethics, and legal/regulatory compliance. This is particularly true in a complex business environment, as companies move quickly to innovate and capitalize on opportunities in new markets, leverage new technologies and data, and engage with more vendors and third parties across longer and increasingly complex supply chains.
Coupled with the challenging global regulatory environment – the array of new data privacy, environmental, anti money laundering and terrorism, and consumer protection regulations, as well as the new Belgian Company Law and 2020 Corporate Governance Code (the ‘Code’) – compliance risks and vulnerabilities will require vigilance.
The responsibility for directors to assess and monitor culture comes to the forefront in the new Code – the need for a sharp focus on behaviors (not just results) and yellow flags, in the tone at the top as well as the culture throughout the organization. Does the company’s culture make it safe for people to do the right thing, and speak up when they see behavior to the contrary?
Help ensure that the company’s regulatory compliance and monitoring programs are up to date, cover all vendors in the global supply chain, and clearly communicate the company’s expectations for high ethical standards. Focus on the effectiveness of the company’s whistle-blower reporting channels and investigation processes through a #MeToo lens. Does the audit committee see all whistle-blower complaints? If not, what is the process to filter complaints that are ultimately reported to the audit committee? As a result of the radical transparency enabled by social media, the company’s culture and values, commitment to integrity and legal compliance, and its brand reputation are on full display.
In times of uncertainty, whether created by political events, general economic conditions or operational challenges, investors look for greater transparency in corporate reports to inform their decision-making. Carefully consider the detail provided in those areas of the annual report which are exposed to heightened levels of risk; for example, how ESG considerations have been approached, the impact of geopolitical risks and all areas of material estimation uncertainty.
With new and complex reporting standards taking effect year-over-year and intensified scrutiny from regulators, the bar for financial reporting excellence continues to be pushed upwards. Which new standards affecting 2019 annual financial statements should you watch out for? What’s driving the regulator’s enforcement agenda? Is the finance team prepared for the first time adoption of IFRS 16: Leases – impacting all lessees and lessors, and how they account for their existing and new leases – and IFRIC 23: Uncertainty over Income Tax Treatments: recognition of uncertain tax provisions – requiring a hawk-eye view on how uncertain tax positions are recognized and disclosed.
Stand back and think about all other awkward areas where there might be some reluctance to be open. And keep at least a weather eye on what your key investors and regulators are thinking. They are becoming more equipped and vocal about how they want to see certain aspects in corporate reporting – at a general presentation level and also more granularly on areas such as impairment and accounting for financial instruments – but this may not be communicated directly to the audit committee or the CFO. Be conscious of what your peer companies are reporting and be prepared to be challenged on anything which appears inconsistent.
Audit quality is enhanced by a fully engaged audit committee that sets the tone and clear expectations for the external auditor and monitors auditor performance rigorously through frequent, quality communications and a robust performance assessment.
Probe the audit firm on its quality control systems that are intended to drive sustainable, improved audit quality – including the firm’s implementation and use of new technologies.
In discussions with the external auditor regarding the firm’s internal quality control system, consider the results of the regulator and any internal inspections and efforts to address deficiencies. Remember that audit quality is a team effort, requiring the commitment and engagement of everyone involved in the process – the auditor, audit committee, and management.
Major technology changes impacting finance functions present important opportunities for them to reinvent themselves and add greater value to the business. As audit committees monitor and help guide progress in this area, we suggest three areas of focus.
Recognizing that as much as 60 to 80 percent of the finance function’s work involves data gathering, what are the organization’s plans to leverage robotics and cloud technologies to automate as many manual activities as possible, reduce costs, and improve efficiencies?
How will finance use data analytics and artificial intelligence to develop sharper predictive insights and better deployment of capital? The finance function is well-positioned to guide the company’s data and analytics agenda and to consider the implications of new transaction-related technologies, from blockchain to crypto-currencies. As historical analysis becomes fully automated, the organization’s analytics capabilities should evolve to include predictive analytics, an important opportunity to add real value.
And as the finance function combines strong analytics and strategic capabilities with traditional financial reporting, accounting, and auditing skills, its talent and skill-set requirements must change accordingly. Is the finance team attracting, developing, and retaining the talent and skills necessary to match its evolving needs? In this environment, it is essential that the audit committee devote adequate time to understand the finance function’s transformation strategy.
In recent years, a number of highly publicized corporate crises have damaged company reputations, due in part to failure to manage key risks such as tone at the top and culture, legal/ regulatory compliance, incentive structures, cybersecurity and data privacy, ESG risks, and global supply chain and outsourcing risks.
The audit committee should work with the head of internal audit (and chief risk officer) to help identify the risks that pose the greatest threat to the company’s reputation, strategy, and operations and to help ensure that internal audit is focused on these key risks and related controls. Is the audit plan riskbased and flexible – and does it adjust to changing business and risk conditions? What has changed in the operating environment? What are the risks posed by the company’s digital transformation and by the company’s extended organization – sourcing, outsourcing, sales and distribution channels? Are we sensitive to early warning signs regarding safety, product quality, and compliance? What role should internal audit play in auditing the culture of the company? Set clear expectations and help ensure that internal audit has the resources, skills, and expertise to succeed – and help the chief audit executive think through the impact of digital technologies on internal audit.