Your Q1 audit committee guide

Everything you need to walk into your next audit committee meeting with confidence

With the end of Q1 approaching our guide can help you streamline meeting prep, prioritize agenda items, and plan for the future.

Let’s get started...

2025 has been off to a quick start with significant changes to the business landscape on the horizon from tariffs to tax policy to new accounting standards, and more. As you navigate what it all means for the companies you oversee, we’ve boiled the ocean down to a few timely topics that may deserve some attention as you close out the quarter:

What the audit committee needs to know

As President Trump’s second term progresses in earnest, tax policy appears to be at a crossroads for 2025. With the prospect of major changes in tax policy almost a certainty, business leaders are trying to get a handle on exactly what it means for their companies.

President Trump has called for extending and expanding the provisions of the Tax Cuts and Jobs Act of 2017 (TCJA), but major tax legislation may not emerge until late spring or summer. Additionally, the narrow Republican margins in Congress and a process that ties tax legislation to spending cuts as part of one bill that can be enacted with only Republican votes could complicate White House efforts to follow through and turn campaign pledges into policy. With key TCJA provisions set to expire at the end of 2025, a lack of action would result in across-the-board tax increases for virtually every individual taxpayer and automatic increases in some business taxes.

At the same time, the global tax policy landscape continues to undergo significant transformation, as countries move forward to implement the second part of the two-pillar approach of the Organization for Economic Co-operation and Development (OECD)/G20 Inclusive Framework on Base Erosion and Profit Shifting. Pillar Two aims to establish a coordinated global 15% minimum effective corporate tax rate and has been adopted by many developed economies, particularly in Europe. However, President Trump has withdrawn US support from Pillar Two and has stated that the US intends to retaliate against other countries that try and infringe on the US’s sovereignty. Regardless of what the US does (or does not do) in 2025, US multinational companies with operations in jurisdictions that have adopted Pillar Two-inspired minimum taxes will be caught in the crosshairs of the local requirements. The evolving political landscape over the next several months will be a critical factor in shaping the future of these tax policies.

Businesses must navigate these complex and evolving domestic and international tax environments characterized by political tensions, regulatory uncertainty, and potential unilateral actions by countries. Due to the many unknowns at this early stage, it is impossible to predict with accuracy the tax policy outlook. The documents referenced at the end of this section include PwC observations on the current landscape and potential scenarios. Monitor our US Tax services page to stay up to date on the latest developments.

Why is it relevant to the audit committee?

The expectation for US tax policy changes in 2025 and the evolving international tax landscape mean companies will be faced with several accounting and financial reporting challenges and increased compliance obligations. The audit committee will want to confirm management has processes to monitor tax developments (both internationally and domestically) and are prepared to account for the impacts of changes appropriately. The audit committee will also want to understand how management is addressing the benefits and risks of significant tax developments going forward as well as the company’s ability to respond under varying scenarios.

What questions should the audit committee ask?

• What is management’s process for monitoring and modeling tax developments and their potential impacts on the company?
• What are the provisions that would have the most impact on the company’s business operations, cash taxes and/or effective tax rate?
• How is management engaging with policymakers and building public support for tax and trade policies that promote economic growth, business investment, and job creation?
• How do the potential tax policy changes affect the company’s competitive position within the industry?
• Has the company benefited from tax credits? What were the significant financial statement effects of these benefits?
• What impact did Pillar Two have on the company in 2024? Did the company rely on any safe harbors, delaying the impact of Pillar Two? What significant judgments or estimates were considered in those determinations?
• How has management assessed resource needs, including specialist knowledge and adequacy of the technology to support the finance and tax teams’ data and reporting needs?

What the audit committee needs to know

Prior to taking office, President Trump laid out an activist trade policy agenda built around proposals for substantial increases in tariffs intended to reshape US trade relations and encourage domestic manufacturing. Since taking office, President Trump’s trade policies have brought substantial disruption and uncertainty to the trade landscape.

Since early February, President Trump has announced tariffs on imports from Canada, Mexico, and China, and planned reciprocal tariffs on goods from other countries. However, his approach has been marked by announced delays, retractions, and negotiations, creating uncertainty about the final scope and impact of the administration’s trade policies. This series of events highlight that historically large and broad-based tariffs remain a very possible policy outcome in 2025. Therefore, companies need to be proactive and model the potential impacts of a range of possible outcomes.

Why is it relevant to the audit committee?

While tariffs can be useful in providing effective protection for domestic production in specific economic sectors and shielding US workers from unfair forms of competition from specific trading partners (e.g., those with abusive labor rights regimes), they also bring with them a myriad of potential impacts on companies’ strategy, tax planning, and financial reporting.

Tariffs and financial statement impacts

Once enacted, tariffs are generally included in the acquisition cost of inventory. As such, entities should evaluate how increased tariffs affect inventory valuation and the determination of cost of goods sold. Additionally, entities should evaluate whether higher inventory costs resulting from increased tariffs affect the net realizable value (NRV) assessment of inventory, particularly when fixed-price contractual arrangements limit an entity’s ability to adjust selling prices in response to rising costs.

Entities should also assess whether increased tariff-related costs can be passed on to customers through price adjustments. In certain instances, competitive market conditions may restrict an entity’s ability to recover incremental costs, resulting in margin compression. Furthermore, management should evaluate whether existing accounting and enterprise resource planning (ERP) systems can effectively track, allocate, and report tariff-related costs.

Disclosure and risk factor considerations

Entities should assess whether additional disclosures are necessary to adequately reflect the risks associated with tariff-related costs in the financial statements. Tariffs may result in unanticipated cost increases, which could materially affect financial forecasts and the ability to recover the costs of inventory. If pricing flexibility is constrained due to market conditions or contractual obligations, an entity may experience downward pressure on both revenue and margins. Moreover, uncertainty surrounding trade policy changes may have broader implications for an entity’s supply chain and customer demand, necessitating ongoing monitoring of legislative and regulatory developments.

What questions should the audit committee ask?

• How are potential tariffs expected to impact the company’s COGS, and what measures are in place to mitigate the effects?
• How might tariffs influence pricing strategy, and what are the potential impacts on demand and revenue?
• What is management's process for evaluating how tariffs might affect inventory valuation? Are there risks of inventory obsolescence or write-downs due to increased costs?
• How has management considered the impact of potential retaliatory actions from trade partners (e.g., relocate manufacturing, supplier changes)?
• How will the external auditor’s approach address the potential risks and impacts associated with tariffs?
• What is internal audit’s process for assessing the risks associated with tariffs?

What the audit committee needs to know

European sustainability reporting simplification

On February 26, the European Commission (EC) published the first of the ‘Omnibus' packages intended to simplify sustainability reporting requirements and due diligence regulations. The package includes proposals related to the Corporate Sustainability Reporting Directive (CSRD) as well as proposed changes to the Corporate Sustainability Due Diligence Directive (CSDDD), the Carbon Border Adjustment Mechanism (CBAM) and regulations related to InvestEU and other EU investment programs. The EC also issued a draft Delegated Act to propose changes to the EU Taxonomy Regulation (EU Taxonomy).

Key provisions of the proposals relating to CSRD:

• Postponing by two years (until 2028) the reporting requirements for companies currently in scope of CSRD and which are required to report as of 2026 or 2027 (‘wave 2’ and ‘wave 3’ entities)
• Determining entities in scope by whether they have more than 1,000 employees, exempting approximately 80% of companies previously under CSRD
• Implementing a “value chain cap,” which would limit the information that entities falling into the scope of the CSRD can request from companies in their value chains that have fewer than 1,000 employees
• Removing the reasonable assurance requirement (current rules require limited assurance in initial years of reporting before moving to reasonable assurance)
• Removing the sector-specific standards requirement
• Updating European Sustainability Reporting Standards (ESRS) with an intent to substantially reduce the number of data points, clarifying provisions deemed unclear and improving consistency with other pieces of legislation

The Delegated Act changes are intended to make EU Taxonomy reporting simpler and therefore more cost-effective for entities. The proposals would reduce the data required and make some requirements more flexible.

All of the proposals are draft and subject to significant change through the adoption process. The Omnibus proposals and the Delegated Act will go through a “co-legislative” process and require approval from the European Parliament and the Council of the European Union.

SEC halts defense of its climate-related disclosure rule

On February 11, Acting SEC Chairman Mark Uyeda issued a statement indicating that he had instructed the SEC staff to request that the Court not schedule oral arguments for the pending case concerning the SEC’s climate-related disclosure rule. The pause is intended to allow the SEC time to deliberate and decide on its appropriate next steps. The announcement followed the disbanding of the SEC’s Climate and ESG Task Force in September 2024 and suggests the possibility that the SEC may not defend the rule or may initiate formal rulemaking to rescind it. Registrants should continue to monitor their climate-related disclosures as existing regulations still mandate the disclosure of material information, events, and risks. Issuers remain subject to enforcement actions for non-compliance.

State sustainability regulations: California and other states

California's climate disclosure laws (Senate Bills 253 and 261) remain in litigation, with the lawsuit continuing to the discovery phase in November 2024. The litigation will likely take months to resolve and may not conclude until after the January 1, 2026 compliance date for in-scope entities. At the same time, New York, New Jersey and Illinois are advancing climate disclosure legislation akin to that of California. However, that activity is in the early stages.

Why is it relevant to the audit committee?

While there remain significant domestic and international developments relating to sustainability-related reporting requirements, impacted companies (particularly multinationals) should continue monitoring developments and gearing up for potential disclosures. This means potentially developing processes and controls and having technology in place to produce quality reporting. Understanding management’s processes and controls relating to the scope and quality of disclosures is an important aspect of the audit committee’s oversight role. For companies that are now expected to be out of scope of CSRD, management may want to consider other mandatory reporting as well as stakeholder expectations or other drivers (e.g., competitive pressures, internal strategy) to voluntarily report sustainability information.

What questions should the audit committee ask?

• How is management monitoring and evaluating the impacts of domestic and international sustainability reporting developments that may impact the company?
• How is management considering potential adjustments to supply chain monitoring to align with the proposed focus on direct suppliers?
• How does the delayed implementation timeline for certain entities to mid-2028 influence the company’s compliance strategy?
• If the company is now likely to be out of scope of CSRD, what are management’s considerations relating to voluntary reporting of sustainability metrics and other information or preparation for potential future regulation?
• What is management’s process for communicating the potential impacts of regulatory changes relating to sustainability reporting to its key stakeholders?
• What is management’s process for confirming that internal controls and governance processes are in place to support the accuracy and reliability of sustainability data?
• To what extent are the company’s finance function, internal audit and other reporting units involved in creating and/or strengthening the control environment for sustainability disclosures?

What the audit committee needs to know

The FASB’s standard on improvements to income tax disclosures became effective for public companies for annual periods beginning after December 15, 2024. The standard requires disaggregated information about a reporting entity’s effective tax rate reconciliation as well as information on income taxes paid. The standard is intended to benefit investors by providing more detailed income tax disclosures that would be useful in making capital allocation decisions.

Although reporting is not required until year end, early preparation is crucial, as the level of disaggregation for both the effective tax rate and cash taxes paid is significant. Complying with the new requirements may require additional processes and controls to collect data that may not be captured within existing systems. By preparing now, through modeling the new disclosures, companies can assess any gaps in data, adapt or create processes and controls as needed and prepare for discussions with stakeholders.

Why is it relevant to the audit committee?

As part of its financial reporting oversight, the audit committee will want to understand how management is considering the potential impacts of the new disclosures. This would include understanding whether there are underlying systems and processes in place to report the disaggregated information completely and accurately.

What questions should the audit committee ask?

• What is management’s process for evaluating the processes and controls to collect data that may not be captured within existing systems?
• What is management’s process for resolving any identified data quality concerns related to reporting under the new standard?
• What is the expected impact of the new disclosure requirements on the company’s financial statements?
• What is management’s plan to confirm ongoing compliance with the new requirements?
• What is management’s process for communicating the changes in the company’s tax disclosures to stakeholders?
• How has internal audit evaluated the risks associated with the new disclosure requirements and how might its annual audit plan be impacted?

What the audit committee needs to know

FASB guidance for the accounting for and disclosure of crypto assets is now effective for calendar year-end reporting companies (fiscal years beginning after December 15, 2024), including interim periods within the year. The scope of the new guidance includes crypto assets that meet all of the following criteria:

• meet the definition of intangible assets in current guidance;
• do not provide the asset holder with enforceable rights to, or claims on, underlying goods, services or other assets;
• are created or reside on a distributed ledger based on blockchain or similar technology;
• are secured through cryptography;
• are fungible; and
• are not created or issued by the reporting entity or its related parties.

All in-scope crypto assets must be measured at fair value in accordance with current fair value measurement guidance. Changes in fair value would be recognized in net income each reporting period and separately presented from the income statement effects of other intangible assets, such as amortization or impairments. Additionally, in-scope crypto assets would be required to be presented separately from other intangible assets on the balance sheet.

The guidance includes several required disclosures for each reporting period, including the name, fair value, units held and cost basis for each significant crypto asset holding, as well as information about crypto assets that are restricted from sale. For annual periods only, required disclosures would also include a reconciliation of activity for crypto asset holdings, as well as the total amount of cumulative realized gains and losses from crypto asset dispositions.

Why is it relevant to the audit committee?

As part of the audit committee’s responsibility for overseeing the integrity of a company’s financial statements, it is tasked with confirming that the company complies with relevant accounting standards. The audit committee will want to understand management’s overall crypto strategy, the business and financial reporting risks, management’s plan for monitoring, measuring and mitigating those risks, and the processes and controls put in place to support the appropriate accounting and disclosure for crypto activities.

What questions should the audit committee ask?

• What is management’s process for implementing new accounting standards?
• What is management’s overall crypto strategy?
• What is management’s process for determining the business and financial reporting risks associated with crypto assets? What is management’s plan for monitoring, measuring and mitigating those risks?
• What processes and controls have been (or will be) put in place to support the appropriate accounting and disclosure for crypto activities?
• What is management’s plan to confirm ongoing compliance with the new requirements?

What the audit committee needs to know

The current cybersecurity landscape is characterized by a rapidly evolving and complex threat environment with an increase in the number and sophistication of attacks that target critical data and systems. Ransomware attacks remain a dominant type of threat, but state-sponsored cyberattacks are increasing, and AI-supported threats enable highly sophisticated phishing attacks. As a result, cybersecurity has grown into a critical enterprise risk, requiring increasingly enhanced board-level oversight.

The costs of a cyber breach can range significantly, depending on the severity of the attack. And the types of costs are many, including direct costs like containing and remediating costs, regulatory fines, legal costs, cyber insurance costs, ransomware payments and indirect costs, such as a reduced stock price, brand reputation damage and customer churn. And with regulators having a heightened focus — with both the Cybersecurity and Infrastructure Security Agency (CISA) and SEC rules related to cyber disclosures and incident reporting — the regulatory landscape will likely continue to evolve.

Why is it relevant to the audit committee?

In recent years, the role of the audit committee continues to expand to include oversight of cybersecurity, with more than 60% of S&P 500 audit committees having responsibility for cybersecurity risk oversight. In our interactions with audit committee members, cybersecurity risk oversight is consistently mentioned as a top priority. Given the increasing complexity and frequency of cyberattacks, it is crucial for the audit committee to keep cybersecurity oversight at the top of the agenda. Monitoring the cybersecurity landscape, staying informed of the company’s cybersecurity practices and policies, considering more frequent updates from management on cyber risk, understanding regulatory developments and reporting responsibilities, remaining educated about cybersecurity developments, and leveraging internal audit and the external auditor are key resources, tools and techniques that can be employed by the audit committee.

What questions should the audit committee ask?

• What are the most significant cybersecurity risks facing the company, and how are they being managed?
• What is management’s process for aligning cybersecurity strategy with the overall business strategy?
• How has management considered the company’s risk tolerance for cybersecurity threats?
• How has management considered the appropriateness of its plans and resources to manage through, and recover from, a major cyberattack?
• How is management considering the use of tabletop exercises to inform the company’s crisis management, incident response and disaster recovery plans?
• What processes have management established to detect a cyber incident, and how is materiality determined?
• How has management considered disclosure controls and procedures in relation to current regulatory rules?
• How has management considered the audit committee’s cybersecurity information needs, including frequency of reporting?

What the audit committee needs to know

As Q1 ends, now may be a good time for the audit committee to reexamine its annual plan for external auditor oversight and communication. In the current business landscape, companies face a variety of challenges that can impact their financial reporting and other areas overseen by the audit committee, such as responding to geopolitical uncertainty, managing through global tax reform and complying with changing regulations.

Why is it relevant to the audit committee?

As a critical gatekeeper in an organization’s governance structure, it is imperative that the audit committee continually focus on strengthening its relationship and communications with the external auditor. Transparent and timely communication with the external auditor can help inform the audit committee of any financial reporting challenges, understand any areas of disagreement with management, hear views on audit committee leading practices and get feedback on operational matters like the strength of the finance team, comparisons to evolving practices, tone at the top and corporate culture.

The audit committee should set clear expectations for the external auditor and appropriately evaluate performance. It should also have consistent engagement, including informal one-on-one meetings and private sessions. By engaging now, the audit committee can review findings and recommendations from the most recent annual audit as well as get the external auditor’s views on risks, fraud and other matters. Further, the audit committee can explore matters like the external auditor’s use of (or plans to use) technology in the audit and learn about other planned enhancements to the audit process.

What questions should the audit committee ask?

• Were there any significant matters that arose during Q1 that require the audit committee’s attention?
• What areas, if any, has the external auditor identified as having an increased risk of fraud?
• What new or emerging auditing or accounting standards could impact the company’s reporting and the audit?
• How has the auditor considered the impact of emerging matters, such as geopolitical developments on the company’s financial reporting risks?
• How is the external auditor using or planning to use technologies like data analytics, cloud services and AI to execute the audit? What are the potential risks and benefits?
• What changes can the audit committee make to enhance its processes for assessing the auditor’s performance?
• What are the results of the auditor’s most recent PCAOB inspection and what actions has the firm taken in response to the findings?

What the audit committee needs to know

During Q1, PwC held peer exchanges among audit committee members who collectively identified and discussed the following high priority matters (not ranked by priority):

• Risk oversight/enterprise risk management (ERM) – Considering appropriate risk oversight allocation among the board and committees; the audit committee’s role relating to ERM
• Cybersecurity oversight – Collaboration with other committees; strategies for obtaining/accessing expertise; effective management reporting to the audit committee; incorporating tabletop exercises with director participation
• AI – Increasing directors’ knowledge of AI and generative AI; the audit committee’s role in overseeing AI; managing AI risks; understanding the opportunities and costs of AI; understanding AI governance
• Board continuing education – Leading practices for board member education, especially relating to newer areas of focus (e.g., AI); navigating complex topics and risks
• Non-GAAP metrics – Non-GAAP policies; SEC comment letter trends; collaboration with other committees; potential areas for enhanced audit committee scrutiny (e.g., press releases)
• Audit committee effectiveness – Tools and techniques to gain efficiency; strategies for evolving the governance culture; setting the annual agenda
• External auditor oversight – Setting clear expectations; regularly assessing the external auditor’s performance

Why is it relevant to the audit committee?

The evolving demands of the current business environment have put upskilling in the spotlight for audit committees. Continuing education programs that address emerging issues and cultivate dialogue on current challenges and leading practices offer excellent opportunities for audit committee members to keep pace with their evolving oversight responsibilities. In addition to the references that follow this section, browse our library for insights on a broad array of topics relevant to the changing landscape of audit committee oversight.

What questions should the audit committee ask?

• How are key risk indicators defined, measured and monitored, and who has accountability for such within management?
• How has management considered the appropriateness of its plans and resources to manage through a cyberattack?
• What is the overall AI strategy, and which AI use cases or policies could impact financial reporting and/or underlying processes and controls?
• What are management’s plans to keep the audit committee apprised of AI’s growing capabilities and planned uses within the company?
• What is management’s process to calculate and present non-GAAP measures?
• What protocols and processes can be implemented to enhance overall audit committee effectiveness?

Every audit committee meeting agenda should include these important items or, at least, they should be discussed at scheduled intervals:

• Hotline complaints and code of conduct violations
• Changes in the regulatory environment
• Private and executive sessions
• Related-party transactions
• Internal and external audit plan reviews
• Discussions with the CIO, CISO and GC as needed