Public company audit committees continue to increase the level of their disclosures around cybersecurity in proxy statements, according to a yearly analysis performed by Audit Analytics in cooperation with the Center for Audit Quality (CAQ).
The biggest increase in audit committee disclosures involved cybersecurity, according to the 2020 Audit Committee Transparency Barometer report published Monday by the CAQ, which is affiliated with the AICPA.
Almost four in 10 (39%) S&P 500 companies in 2020 made disclosures related to the audit committee’s responsibility for cybersecurity risk oversight, up from 34% the previous year and 11% in 2016. And 28% of S&P 500 companies in 2020 disclosed whether the board of directors has a cybersecurity expert, up from 23% in 2019 and 7% just four years earlier.
But some audit committee disclosures are slowing based on year-over-year growth, and some even decreased slightly in the past year. For example, 18% of S&P 500 companies disclosed in 2020 that the audit committee is responsible for fee negotiations with auditors, down from 19% the previous year.
Meanwhile, the portion of S&P 500 companies that disclosed the criteria considered when evaluating the audit firm was 51% in 2020, just one percentage point higher than last year but 17 percentage points higher than in 2016. And the portion of S&P 500 audit committees that disclose that the engagement partner rotates every five years remained at 49% for the third straight year.
“Transparency around audit committee oversight contributes to the orderly operations of capital markets,” CAQ Executive Director Julie Bell Lindsay said in a news release. “We urge public companies and their audit committees to accelerate the trend toward increasing transparency and provide an appropriate level of detail in audit committee disclosures to give investors additional confidence in the key oversight role these committees play in company-reported financial information.”
— Ken Tysiac (Kenneth.Tysiac@aicpa-cima.com) is the JofA’s editorial director.