{{item.videoDuration}}
{{item.title}}
{{item.text}}
{{item.videoDuration}}
{{item.title}}
{{item.text}}
2024 Q3 Audit committee newsletter: Prepare for your next meeting
Overview
Audit committees have a critical oversight responsibility and committee members must stay up to date about changing regulations, reporting guidelines and dynamic expectations. Our quarterly audit committee special edition offers potential topics for inclusion in your upcoming audit committee meeting.
Each quarter we provide highlights of trending financial reporting topics, emerging regulatory and standard setting matters, and updates on current governance topics. We also provide useful links that direct you to more information.
As you perform your oversight responsibilities and plan your next audit committee meeting agenda, check in each quarter for our updated summary.
Financial reporting
- 1. Getting ready for the new segment reporting requirements
- 2. Developments in sustainability reporting
- 3. Checking in on annual goodwill impairment assessments
- 4. SEC staff provides guidance on cybersecurity incident reporting
- 5. FASB aims to issue final “DISE” standard by end of year
- Other topics
1. Getting ready for the new segment reporting requirements
What the audit committee needs to know
Public companies are required to apply new segment reporting requirements for the first time for fiscal years beginning after December 15, 2023. That means calendar year-end companies should be planning now for the new disclosures that will be required in their 2024 Form 10-Ks. The new guidance requires incremental disclosures about reportable segments but does not change the definition of a segment, the method for determining segments or the criteria for aggregating operating segments into reportable segments. All requirements also apply to companies with one reportable segment and will be required in interim periods for years beginning after December 15, 2024.
The most meaningful change is the requirement to disclose significant segment expenses. A significant segment expense is an expense that is:
- regularly provided to or easily computed from information regularly provided to the chief operating decision maker (CODM),
- included in the reported measure of segment profit or loss, and
- significant to the segment.
The new guidance requires significance to be assessed using both quantitative and qualitative factors depending on the facts and circumstances. Other requirements include disclosing the title and position of the individual or the name of the group identified as the CODM and how the CODM uses each reported measure of segment profit or loss to assess performance and allocate resources to the segment.
Additionally, the new guidance allows public companies to disclose multiple measures of segment profitability if the CODM uses multiple measures to assess segment performance and allocate resources. However, since additional measures of segment profitability are voluntary, and the guidance does not address how such amounts should be calculated, the SEC staff has expressed a view in several public forums that any additional measures of segment profitability included in the segment footnote that are not consistent with GAAP would be considered non-GAAP financial measures.
Why is it relevant to the audit committee?
As part of its oversight role, the audit committee should be aware of emerging accounting standards and their potential impacts on the company’s financial reporting. The audit committee should understand management’s process for implementing the new segments standard, including any systems or financial reporting process changes and any incremental resource needs. The audit committee will want to understand management’s process for determining and disclosing significant segment expenses. If management has established a disclosure committee, the audit committee may want to understand how it considered the new disclosure requirements and how interim reporting may change for the first quarter of 2025.
What questions should the audit committee ask?
- What is management’s process for determining which expenses are considered significant to a segment?
- What are management’s considerations in determining if information is “regularly provided” to the CODM?
- If the CODM uses multiple measures of segment profitability to assess segment performance and allocate resources, what is management’s process for disclosing those multiple measures?
- How has management assessed the need for any systems changes that would be required to meet the disclosure requirements of the new guidance?
- How is management ensuring that the new processes for segment reporting are properly documented and tested?
- How has management considered any communications changes relating to changes in segment reporting to investors, analysts and other stakeholders?
- Has the external auditor reviewed the company’s plan for implementing the new segment reporting guidance? What are the auditor’s views on the approach?
- What is management’s plan for monitoring the effectiveness of its new segment reporting processes once reporting has begun?
Where to go for more information:
PwC: SEC provides greater clarity on new segments guidance
PwC: FASB updates segments guidance
PwC: Financial statement presentation guide (Chapter 25: Segment reporting)
2. Developments in sustainability reporting
What the audit committee needs to know
California climate disclosure amendments
In August, the California State Legislature approved a bill that would amend two of California’s climate disclosure laws (Senate bills (SB) 253 and 261). The proposed amendments are largely administrative in nature, although one amendment may make the required reporting of greenhouse gas (GHG) emissions easier for subsidiaries with parents that report GHG emissions. The proposed amendments will become law unless vetoed by Governor Newsom before September 30, 2024. The California State Legislature adjourned on August 31 for the 2024 session, which means that no further amendments can be proposed this year. Initial reporting under SB 253 begins in 2026 (on prior fiscal year) and on or before January 1, 2026 for SB 261).
Corporate Sustainability Reporting Directive (CSRD)
In July, the European Financial Reporting Advisory Group (EFRAG) released a new compilation of explanations based on questions submitted to the ESRS Q&A Platform addressing questions submitted through July 2024. In August, the European Commission issued FAQs on the interpretation of certain provisions in CSRD and European Sustainability Reporting Standards (ESRS). Both documents are intended to facilitate the implementation of the ESRS and do not introduce new guidance. Although non-authoritative, these resources may be helpful to preparers in interpreting the CSRD and ESRS requirements.
EU Member States were to complete the transposition of the CSRD into local law by early July 2024. Many have yet to complete the transposition process. Until their process is complete, we expect that EU Member States will abide by the CSRD as published by the European Union.
Why is it relevant to the audit committee?
Companies that are impacted by sustainability-related reporting requirements should be gearing up for disclosures. This means developing processes and controls and having technology in place to produce quality reporting. It may also involve having internal audit allocate time in its audit plan to weigh in on the design and operating effectiveness of new processes and controls. Understanding management’s processes and controls relating to the scope and quality of disclosures is an important aspect of the audit committee’s oversight role.
What questions should the audit committee ask?
- What is management’s process for determining sustainability reporting requirements to which the company is subject?
- How is management monitoring and evaluating the impacts of national and international sustainability reporting developments that may impact the company?
- What processes and controls are in place to support high-quality data collection and reporting?
- What is management’s process for confirming that internal controls and governance processes are in place to support the accuracy and reliability of sustainability data, similar to those used for financial data?
- To what extent are the company’s finance function, internal audit and other reporting units involved in creating and/or strengthening the control environment for sustainability disclosures?
Where to go for more information:
PwC: California advances amendments to sustainability reporting laws
PwC: California's not waiting for the SEC's climate disclosure rules
PwC: The audit committee has specific responsibilities under the EU’s CSRD
PwC: Sustainability and ESG oversight: the corporate director’s guide
3. Checking in on annual goodwill impairment assessments
What the audit committee needs to know
In the current economic environment, which includes higher costs of capital and inflation, the value of tangible and intangible assets, including goodwill, can be negatively impacted, potentially leading to impairments. Companies may perform their annual goodwill impairment assessment at any time during the year, but many elect to perform it in the months leading up to their fiscal year end.
The guidance permits companies to first evaluate qualitative factors to determine if it is more likely than not that the fair value of a reporting unit is less than its carrying amount (the “step 0” test). If it is, a quantitative assessment is needed to identify and measure any impairment loss. Otherwise, no further impairment testing is necessary. Conversely, companies can proceed directly to a quantitative assessment. Companies can choose to perform the qualitative assessment on all, some or none of its reporting units.
Why is it relevant to the audit committee?
The audit committee’s role in confirming that goodwill is accurately evaluated and reported is essential to maintaining transparency, investor confidence and compliance with accounting standards. In addition, the SEC staff has had a continued focus on the quality of the disclosure about significant judgments and estimates associated with goodwill and intangible assets, including impairment assessments, making it a perennial top 10 SEC comment letter topic.
What questions should the audit committee ask?
- What is the company’s process for conducting goodwill impairment testing?
- How frequently is goodwill tested for impairment, and what are the triggers for additional testing outside of the annual review?
- How have current economic conditions affected the fair value of reporting units?
- What significant assumptions (e.g., discount rates, growth projections) are management using in impairment testing, and how do these assumptions reflect the current economic environment?
- How have the assumptions or estimates used in the impairment test changed significantly from previous years?
- What internal controls are in place to ensure the accuracy and integrity of goodwill impairment testing?
- What is the status of the external auditor’s work related to the goodwill impairment assessment process, and what is their assessment of the reasonableness of management’s assumptions?
Where to go for more information:
PwC: Business combinations and noncontrolling interests guide (Chapter 9)
4. SEC staff provides guidance on cybersecurity incident reporting
What the audit committee needs to know
Beginning in December 2023, most registrants were required to report material cybersecurity incidents on Form 8-K within four business days after the registrant determines that the incident is material. In the past quarter, the SEC staff has continued to release statements and interpretative guidance clarifying certain aspects of this requirement:
- SEC Division of Corporation Finance Director Erik Gerding issued a statement reminding registrants that nothing in the new rules prohibits a registrant from providing information to other parties about material cyber incidents beyond what is disclosed in Form 8-K. However, registrants should consider the requirements of Regulation FD in connection with any such disclosures to private parties.
- The SEC staff issued five new compliance and disclosure interpretations related to evaluating the materiality and Form 8-K reporting requirements of ransomware-related cybersecurity incidents.
Why is it relevant to the audit committee?
Since many audit committees are charged with cybersecurity oversight, they will want to stay abreast of how companies are complying with SEC rules and stay up to date on evolving SEC interpretive guidance. Given the complexity of evaluating the impact of a cyber incident, the audit committee will want to understand management’s planned approach to evaluating materiality and communications protocols. The audit committee should continue to evaluate and understand management’s ability to meet the disclosure requirements and gauge the effectiveness of the information it receives to monitor cyber incidents.
What questions should the audit committee ask?
- How has management considered the appropriateness of its plans and resources to manage through a cyberattack?
- What processes have management established to detect a cyber incident, and how is materiality determined?
- How has management considered its ability to report a cybersecurity incident within four days of determining it is material?
- How has management considered disclosure controls and procedures in relation to the new rules?
- How has management considered communication protocols to stakeholders outside of the required regulatory process?
- How has management considered the audit committee’s cybersecurity information needs, including frequency of reporting?
Where to go for more information:
PwC: SEC adopts cybersecurity disclosure rules
PwC: Overseeing cyber risk: the board’s role
PwC: Making materiality judgments in cybersecurity incident reporting
5. FASB aims to issue final “DISE” standard by end of year
What the audit committee needs to know
At its June 26 meeting, the FASB completed redeliberations of its Disaggregation of Income Statement Expenses (DISE) project and directed the staff to draft a final standard, which is expected to be issued in the fourth quarter. Among other final decisions, the FASB decided the new disclosures will be required in both interim and annual financials (except for certain policy disclosures) and will be required on a prospective basis, with optional retrospective application. The new standard will only apply to public business entities and will be effective for fiscal years beginning after December 15, 2026, and interim periods within fiscal years beginning after December 15, 2027.
Why is it relevant to the audit committee?
Disaggregating income statement expenses will require changes in how many companies collect, analyze and report financial data. The audit committee will want to understand management’s plans and processes for monitoring and scoping this standard, as the level of detail to be required by a final standard will likely be significant for many companies.
What questions should the audit committee ask?
- How is management considering the impact of the anticipated final standard on the company’s financial statements and footnotes?
- How is management considering the potential for changes to its processes and systems to meet the proposed expanded presentation requirements?
- What is management’s process for evaluating the adequacy of internal controls to ensure accurate disaggregation of expenses?
- What staffing or other human resource considerations are management exploring to support efficient implementation of the new guidance?
- What is management’s process for confirming that necessary resources and expertise are in place to ensure a smooth implementation?
Where to go for more information:
PwC: Presenting the income statement (podcast)
PwC: Don't roll the DISE on the FASB’s expense disaggregation project
PwC: Getting ahead of the FASB project on expense disaggregation, DISE (podcast)
Other topics
The audit committee may want to consider discussing the above topics with management to understand how they are being addressed. For an in-depth discussion and more insights on these topics, see PwC’s The quarter close – Third quarter 2024.
Other topics
- 6. Fraud risk oversight: A focus on company culture
- 7. Preparing for the year-end audit: communicating with the external auditor
- 8. Executives identify areas for effective board oversight
- 9. Digital transformation oversight
- 10. Recurring items for the audit committee agenda
6. Fraud risk oversight: A focus on company culture
What the audit committee needs to know
Given the continued impacts of volatile business and economic environments in recent years, corporate culture has been put into the spotlight as an area of enhanced risk. This includes changes in culture related to the shift to more remote and hybrid working, changing business models and increased technology use among others. A healthy corporate culture can support a company in delivering on its strategy and be a powerful enabler of success. An unhealthy culture can be a hindrance, leading to brand damage, high turnover, decreased engagement and increased risk of fraud. Certified fraud examiners estimate that an organization loses 5% of its revenue annually due to fraud Top ($1.7 million average loss per case). Developing a culture of ethical behavior is imperative, especially during times of significant change, for effective risk mitigation, compliance, fraud prevention and fraud detection.
While management is responsible for setting and cultivating culture, boards, including the audit committee, have a responsibility to understand and monitor it. However, culture is inherently intangible, unique to each organization, and difficult to quantify, making it a challenge to understand and evaluate. A leading organization demonstrates its commitment to establishing a healthy culture by setting the right tone at the top, implementing strong anti-fraud programs and regularly conducting robust culture assessments.
Why is it relevant to the audit committee?
Since the audit committee is charged with oversight of management’s fraud prevention program, it is in a unique position to assess the risk of fraud and consider how culture (or changes therein) impacts fraud risk. So, what can the audit committee do? The audit committee can discuss culture-related aspects of internal and external audits, meet separately with employee groups or members of lower-level management, review HR data, such as turnover rates and feedback from exit interviews, review compliance updates, review employee hotline and whistleblower reports, and examine data from employee surveys. Together, these tools can provide insight into the ethics, safety and attitudes toward risk and compliance that can characterize a company’s culture.
What questions should the audit committee ask?
- What is management’s process for assessing culture and monitoring culture-related metrics to keep a pulse on how culture is evolving?
- Does the information and metrics provided to the audit committee suggest that corporate culture is understood and healthy or that it needs to be addressed?
- How do inquiries and reports into the Ethics Hotline indicate how corporate culture is perceived by employees?
- What is management’s process for addressing cultural factors, such as fear of retaliation or excessive pressure to perform, that may have been identified as part of a cultural assessment?
- How are employees trained and encouraged to act in accordance with the company’s ethical standards?
- What is management’s process to confirm that ethical behavior is consistently rewarded, and unethical behavior is appropriately addressed?
- What notable changes in company culture, if any, have been observed by internal audit or the external auditor, and could affect fraud risk?
- What steps are being taken by the external auditor to assess and address the risk of fraud in the current audit?
Where to go for more information:
PwC: Audit committee effectiveness: practical tips for the chair
7. Preparing for the year-end audit: communicating with the external auditor
What the audit committee needs to know
As Q3 comes to a close, many audit committees will turn their focus to the external audit. Now is a good time for the audit committee to check in with the external auditor to confirm that the external audit is on track and aligned with the company’s risk profile and regulatory requirements. Open, timely communication with the external auditor is key to addressing any challenges and maintaining progress on the external audit. While the audit committee likely has had regular, informal meetings with the lead audit partner in between audit committee meetings, now is a good time to dig deeper and probe into engagement status, any challenges and to get answers to any questions. The check-in should include a discussion on risk assessment, control testing results and other topical areas.
Why is it relevant to the audit committee?
Given the accelerated pace of technology change and evolving business, economic and geopolitical environments, it is important for the audit committee to engage in effective two-way communication with the external auditor. For example, many auditors are implementing new technologies to enhance the efficiency and quality of the audit as well as changing their staffing and overall approach. Understanding the auditor’s technology strategy, including how it is upskilling its workforce, how the team may be incorporating innovation and how the technology is tailored to the business should be an area of focus for the audit committee.
The audit committee will also want to ask the auditor how its risk assessment and audit procedures may have changed since initial planning and if any new risks have been identified that could affect the audit’s scope or focus. Among other areas, the audit committee will want to get the external auditor’s observations on the effectiveness of the company’s internal controls which have been subject to testing and understand if there are any significant areas for improvement.
What questions should the audit committee ask?
- As part of the auditor’s risk assessment procedures, how has it contemplated relevant economic factors, such as inflation, rising interest rates and geopolitical risks on overall audit risk?
- How has the audit plan changed in response to the current business environment (e.g., supply chain disruptions, asset valuations, availability of talent)?
- How has the auditor considered the impact of emerging issues, such as new accounting standards or geopolitical developments, on the company’s financial statements?
- Does the auditor utilize any specialized technology-based tools with respect to the audit? If so, what are the risks and opportunities?
- What changes may have been made to the external auditor’s staffing plan?
- How is the external auditor maintaining independence and objectivity throughout the audit process?
Where to go for more information:
8. Executives identify areas for effective board oversight
What the audit committee needs to know
PwC’s fourth annual survey of corporate executives reveals business leaders are looking for more from their boards. With shifting pressures and changes to the business landscape, executives are looking for their boards to move beyond traditional roles and expertise. Only 28% of executives believe their boards have the right combination of skills and experience. And while most executives indicate their boards have a strong understanding of corporate strategy, key business risks and opportunities, and executive compensation, only 30% rate their boards’ overall performance as excellent or good.
Executives also want their boards to provide greater guidance, leadership and knowledge in emerging areas such as digital transformation and ESG. Only about half of the executives rated their boards’ understanding of these topics as very well or somewhat well. And while global instability and a volatile macroeconomic environment appear to be the new normal, just 66% of executives expressed confidence in their boards’ ability to provide effective crisis management oversight (e.g., cyberattack, natural disaster, financial fraud allegations).
Why is it relevant to the audit committee?
While the survey results provide managements’ perceptions about the board, the feedback is informative to the audit committee as it relates to carrying out its specific oversight responsibilities. For example, more than half of audit committees have oversight responsibility for cybersecurity risk and many play a significant role in overseeing management’s enterprise risk management (ERM) process.
The audit committee will want to confirm that it has the right mix of skills and experience, as well as access to any specialized knowledge required for appropriate oversight of the company’s specific circumstances. Some audit committees have chosen to add members with specific competencies (e.g., cybersecurity) to their ranks, while others have chosen to access broader management resources, outside experts or a combination of both. Further, the audit committee will want to evaluate the need for continuing education on specific topics or emerging matters that are applicable to the industry or the company.
What questions should the audit committee ask?
- Does the audit committee have the right expertise (or access to expertise) to provide future-ready oversight over its expanding agenda?
- How is the audit committee providing effective oversight of emerging risks?
- How has the audit committee prepared to lead during a crisis?
- How has the audit committee assessed key risks under its oversight in planning for continuing education opportunities?
- Does the audit committee agenda include sufficient time for educational topics or more in-depth discussions on relevant risks and matters affecting the company?
- Does the order and time allocation of audit committee agenda topics reflect the matters most important to the audit committee’s oversight?
Where to go for more information:
PwC: Bridging the gap: Comparing board and C-suite perspectives
PwC: PwC’s 2024 Annual Corporate Directors Survey
PwC: Audit committee effectiveness: practical tips for the chair
9. Digital transformation oversight
What the audit committee needs to know
As businesses respond to an environment dominated by emerging technologies and business model disruptions, modernizing company infrastructure (digital transformation) has become a strategic imperative. Businesses undertake digital transformation for a variety of reasons, including to gain competitive advantage, become more efficient, cut costs or to just keep pace. Consequently, many are seeking to innovate the finance function to gain efficiencies and improve their ability to pivot efficiently in the future. To accomplish this, organizations are leveraging tools like advanced analytics and GenAI.
While a finance transformation can drive significant value, it can be a challenging, time consuming, disruptive and potentially costly undertaking if not planned and executed properly. A transformation should incorporate strategic planning, understanding and implementing new technologies, revising processes, updating people strategies, evolving the culture, and establishing success metrics to meet and maintain desired performance outcomes. This means effective audit committee oversight is imperative.
Why is it relevant to the audit committee?
Overseeing technological transformation is an area frequently under the audit committee’s oversight. The audit committee will want to confirm that the transformation doesn’t compromise the finance function’s ability to maintain integrity for reporting — finance’s core responsibility. At the same time, the committee will want to understand how the function’s processes will change, how internal controls will be maintained, what system implementation risks exist, how the workforce will be impacted and how the external audit may be affected.
The audit committee should engage with management to understand KPIs and success metrics upfront. It should also expect management to provide timely and transparent status updates on how operations are impacted, how costs are being managed and how the transformation project’s benefits can be leveraged throughout the broader organization. The audit committee could also utilize internal audit to evaluate the design and operating effectiveness of process and control changes and monitor implementation progress against the transformation plan.
What questions should the audit committee ask?
- How is digital transformation affecting the company’s competitors, suppliers and customers?
- What lessons has management learned from digital transformations in adjacent industries?
- How will the transformation benefit the finance organization as well as the broader organization?
- What are the potential risks to the company’s financial reporting processes?
- How are new processes likely to change data collection, storage and use of information, and reporting?
- How will privacy and security protections be managed through the transition?
- What is the finance team’s talent strategy? How is headcount expected to change in the short and long term? What is the plan to make certain appropriate skillsets are in place to realize maximum benefit in the new environment?
- How is the external auditor refreshing its audit approach to consider changes in the control environment arising from the transformation?
Where to go for more information:
PwC: Finance transformation: four areas of focus for the audit committee
10. Recurring items for the audit committee agenda
Every audit committee meeting agenda should include these important items or, at least, they should be discussed at scheduled intervals:
- Hotline complaints and code of conduct violations
- Changes in the regulatory environment
- Private and executive sessions
- Related-party transactions
- Internal and external audit plan reviews
- Discussions with the CIO, CISO, and GC as needed
{{filterContent.facetedTitle}}
{{contentList.loadingText}}
{{contentList.loadingText}}
Contact us
Follow us
