Inflation, cybersecurity and SEC proposals are on the agenda of the audit committee.
According to a recent EY report, a number of factors complicate the task of audit committee members. As detailed in How Audit Committees Can Prepare for Q2 2022 Reportsthese factors include inflation, rising interest rates, supply chain disruptions and more.
Patrick Niemann, the Los Angeles-based leader of the EY Center for Board Matters audit committee forum, notes that questions about the state of the economy and the uncertainty of geopolitical risk further complicate the work of audit committees. .
“Are we in a recession or not? There are different points of view,” says Niemann. “Additionally, there is the war in Ukraine and so many other geopolitical risks. I think this combination of macroeconomic factors creates high-priority challenges for audit committees today. »
The current economic challenges will affect the work of audit committees in several ways. Disrupted supply chains, inflationary cost structures and rising interest rates will squeeze earnings and impact earnings trends. These, along with the still tight labor market conditions, will be risks that audit committees will want to monitor.
“Audit committees should consider how their companies’ management reevaluates earnings forecasts, including non-GAAP financial measures that companies often use.”
Audit Committee Best Practices
To manage macroeconomic risk, Niemann recommends several steps for audit committees. They should review scenario plan updates, stress testing, and contingency planning. The level of communication with management should be strengthened, with audit committees working to identify criteria for determining when management should inform directors of risk factors and agreeing with management on the timing of Targeted business recovery from adverse events, such as cybersecurity incidents. The audit committee should also play a major role in determining an organization’s ability to handle risky situations.
“Audit committees need to consider whether the company has access to trusted sources of real-time data, tools, and talent to identify relevant risks and issues,” Niemann says.
Audit committee responsibilities in the area of cybersecurity vary from board to board, with many companies having specific committees to manage this emerging risk. However, Niemann believes that all audit committees should focus on cyber issues, given its potential impact on financial reporting and internal controls. Some of the steps audit committees should take include assessing the organization’s cyber hygiene and due diligence; assess the company’s plan to monitor and report cyberattacks, particularly in light of the SEC’s disclosure proposals; and establishing a high-level government contact to assist in the event of cybervictimization.
“Working with the FBI and having an established relationship with them can help companies get through an incident and ensure they are not making payments to a sanctioned entity or nation state, or other actions that could represent a significant risk or even illegal activities.”
Monitor the SEC’s disclosure program
The SEC’s cyber-disclosure program should be scrutinized by audit committees to assess which aspects of the proposal will affect reporting requirements. Niemann continues to emphasize communication with management, saying audit committees should work with their management counterparts to assess the implications stemming from climate regulation and broader ESG issues and determine whether the company has strong and adequate disclosure controls and procedures to be ready for a final SEC Ruling.
While the thoughts of the SEC should be kept in mind, Niemann also says the views of other stakeholders will need to be considered.
“Think about what other stakeholders are looking for. Institutional investors have expectations of companies,” says Niemann. “They care about what companies are doing on the climate front. Companies need to convey a consistent message that truly represents corporate efforts, priorities and values, and audit committees can and should play a key role in delivering that message.