Now in its eighth year of publication, the Audit Committee Transparency Barometer, released by the Center for Audit Quality (CAQ) on November 10, 2021, continues to provide investors with unique insight into the disclosures made by audit committees in proxy statements each year since 2014.
Compiled and published in partnership with Audit Analytics, the Barometer measures year-over-year comparison of disclosures for S&P 500, S&P MidCap, and S&P SmallCap companies in certain key areas of audit committee responsibilities, including audit committee duties and composition, auditor evaluation/oversight, audit firm and lead partner selection, auditor compensation, and cybersecurity.
It begins by highlighting areas that have the highest rates of disclosure – that is, those appearing in at least 50% of S&P 500 proxy statements. These disclosures provide insights into auditor independence, auditor tenure, audit firm evaluation, and audit partner selection. Each of these areas is significant in the system of corporate governance.
Many non-audit services that audit firms perform for clients do not impair auditor independence. However, there are still some that may, over time, undermine an auditor’s professional skepticism while performing an independent audit. For this reason, a review of non-audit services can provide insights to stakeholders – specifically, insights regarding prohibitions on auditors from the independence rules set by the SEC and PCAOB. This disclosure has remained consistent across all S&P 1500 indices for the past four years. In 2021, more than 80% of S&P 500 companies included a discussion of how non-audit services may impact independence.
The requirement to disclose auditor tenure in the auditor’s report became effective for audits during fiscal years ending on or after December 15, 2017. While audit committees are not required to disclose this information, many do. In 2021, 70% of S&P 500 companies provided auditor tenure disclosure in their proxy statements.
Audit Firm Evaluation
Audit firm evaluation allows the audit committee to evaluate the adequacy and effectiveness, among other things, of the external auditor. In 2021, just over half of the S&P 500 provided disclosure regarding the criteria discussed when evaluating the audit firm.
Audit Partner Selection
Lastly, audit partner selection provides two things: an opportunity to state involvement in the selection of the audit engagement partner and a chance to explain in-depth just how the audit committee is involved. From 2017 to 2021, S&P 500 saw upward trends in audit partner selection disclosures.
MetLife Inc‘s 2021 proxy statement provides an example of several key areas mentioned above – including the length of time the auditor has served, the selection and rotation of lead engagement partners, and different factors considered in the appointment of the auditor.
Shown below are examples of areas with moderate rates of disclosure; that is, those areas appearing in 26%-49% of S&P 500 proxy statements. These disclosures highlight engagement partner rotation, whether the evaluation of the external auditor occurs annually, and whether the audit committee discusses considerations when appointing the external auditor.
In addition to high and moderate rates of disclosure, there are lower rates of disclosure. These lower rates are those found in 0%-18% of proxy statements in the S&P 500. There are five disclosures included in these lower rates: the audit committee’s responsibility for fee negotiations; an explanation for a change in audit fees; audit fees in connection with audit quality; how the audit committee considers auditor compensation; and significant areas addressed with the auditor. These areas provide an opportunity for audit committees to provide increased disclosure.
Cybersecurity has become increasingly important for public companies, as both business and commerce have become dependent on technology. Cyber threats can range from social engineering schemes to sophisticated software threats. Each of these threats can put customer data, financial accounts, and even proprietary information at risk to third-party access.
Emphasizing the importance of cybersecurity is the dramatic increase of Board involvement from 2017 to 2021 across S&P 500, S&P MidCap and S&P SmallCap companies. These disclosures provide various insights, including if the board has a cybersecurity expert, which board committee the cybersecurity expert serves, and if the audit committee is responsible for cybersecurity risk oversight.
With the awareness of cybersecurity increasing, these disclosures provide new areas to address. Worth noting, and further emphasizing the importance, there were 117 cyber breaches disclosed in 2020; this is a 300% increase in breaches since 2011.
Many public companies delegate the responsibility of cybersecurity oversight to the audit committee. Recently, audit committees have continued to increase their disclosure of how they oversee cybersecurity risk. We predict a continuous upward trend in cybersecurity disclosures as stakeholders’ interest in cybersecurity risk increases.
The 2021 Audit Committee Transparency Barometer continues to demonstrate growth in the quality of proxy statements across the S&P 1500. Since 2020, trends in disclosures have increased and continue to provide stakeholders and other investors with reassurance that audit committee efforts remain transparent and accurate.
For additional information on the 2020 Audit Committee Transparency Barometer, or to learn more about the database of audit committee disclosures provided by Audit Analytics, please contact us.
Interested in our content? Be sure to subscribe to receive our email notifications.