KPMG predicts audit committee agenda for 2020
Reinforcing audit quality and setting clear expectations for the external auditor, closely monitoring management’s progress on implementing the new credit loss standard, and maintaining or regaining control of the audit committee agenda, will be among the main topics that will show up on the agendas of audit committees of public companies this year, according to Big Four firm KPMG's Board Leadership Center.
The center based its predictions on surveys and interactions with audit committee members.
“First and foremost, the top priority is audit committees making sure that they are managing the audit committee agenda,” said John Rodi, the new leader of KPMG’s Audit Committee Institute. “Audit committees are tasked with overseeing many risks of an organization — cyberrisks, technology in general, governance, regulatory, operational — in addition to the core responsibility of an audit committee, which is to oversee financial reporting and the internal controls over financial reporting, and then of course monitoring the external auditor and the internal auditor. This can be a challenge as business and regulatory risks become more and more complex."
"Audit committees are reassessing their composition to ensure that they have the appropriate expertise and time to oversee the risks which they have been assigned, and also making an assessment of whether some risks should be dealt with at the full board level, or at other separate committees, making sure that the audit committee does not become the default risk committee unless it chooses to take on a risk,” he continued.
Other priorities this year will include redoubling the audit committee’s focus on the company’s ethics, compliance and whistleblower programs, and understanding how technology is affecting the finance organization’s talent, efficiency and value. The two remaining priorities are reassessing the quality and scope of the company’s environmental, social, governance and sustainability reports, and helping ensure internal audit is focusing on key risks beyond financial reporting.
Audit committees are also likely to be dealing with the recent proposed changes in the auditor independence rules from the Securities and Exchange Commission (see SEC proposes to relax long-standing auditor independence rules).
“The SEC, in addition to changing some of the independence rules, recently put out a statement at the end of December talking about the role of the audit committee over financial reporting, and generally the audit committee’s oversight responsibility,” said Rodi. “Interestingly they made a point to say that auditor independence is a shared responsibility of the audit firm, the audit committee, and then management of the entity being audited. The audit committee clearly plays a critical role in the auditor's compliance with the independence rules, in part because the Sarbanes-Oxley Act specifically mandates that the audit committee be responsible for the oversight of the auditor."
"The SEC statement also said that audit committees should periodically assess both the auditors’ and the companies’ monitoring processes over independence, making sure that these monitoring processes on the company’s side also address items such as corporate events, such as acquisitions, and making sure that there’s a timely communication between management and the auditor so that the audit firm can make sure that they follow the independence rules,” he added.
The new auditor reports mandated by the Public Company Accounting Oversight Board, include a discussion of critical audit matters, and those too will probably be a topic of discussion in audit committees.
“That’s very much been a topic that auditors and audit committees have been having a lot of dialogue on,” said Rodi. “It’s the first significant change in the audit opinion in many, many decades. While the judgment of what is determined to be a critical audit matter rests with the auditor, what we’re talking to audit committees about is that there be a robust dialogue between the audit committee and the auditor on the process that the auditor went through to conclude what is a critical audit matter, to make sure that they have a full list of what those significant risks might be, or items that might rise to the level of a CAM, and certainly making sure that audit committees see the draft CAM before it’s included in the audit opinion. Lastly, it’s also important that others within an organization are aware of the change in opinion. As an example of that, we’re talking to our clients about making sure that the investor relations department is aware of the change in case they receive questions from various investors. It’s been very much a topic of interest, more so over these next couple of months as we get into our busier time with our Dec. 31 year-end clients.”
Separately, KPMG also released a separate set of agenda items for corporate boards this year, along with its own audit quality report highlighting how the firm is working on reinforcing quality control.
Audit committees are also grappling with all the new accounting standards, including revenue recognition, leases, vurrent expected credit losses, hedging and long-duration insurance contracts.
“What we’ve been talking to our audit committee about is things that they should be focusing on, such as making sure that they understand the company’s implementation process,” said Rodi. “What’s their process to ensure that the standard will be implemented, including the timeline, and whether management of the entity has the appropriate resources to implement the standard, questioning management as to whether or not they have determined what the transition impact will be, and then at the same time what the auditor has done to separately evaluate the accuracy of that transition impact."
"Going forward," he continued, "what’s the company's readiness to operate under that new standard? What are some of the key assumptions that are used in CECL, for example? What is the involvement of other groups within the company, such as model risk management, which is particularly relevant for CECL, where model risk management has vetted the models and whether they’re ready for use. Where is the transition impact being disclosed, in the notes to the financials or within MD&A? Lastly what’s the impact of the new standard on the internal control processes and what’s the impact on the company’s disclosure controls and procedures? There are lots of areas for audit committees to probe to make sure that they understand how the company has implemented or will be implementing new standards.”