Audit committee cybersecurity disclosures on the rise

By Ken Tysiac

Although public company audit committee disclosures on cybersecurity continue to increase significantly, other disclosures by audit committees increased just slightly or stagnated in 2021 compared with 2020, according to a Center for Audit Quality (CAQ) report issued Wednesday.

For the eighth straight year, the CAQ's Audit Committee Transparency Barometer measured disclosures by audit committees of S&P 500, S&P MidCap, and S&P SmallCap companies. The CAQ encourages thorough disclosures by audit committees in proxy statements to promote high-quality performance by auditors and investor trust in the audit committee's oversight role.

This year's study shows that cybersecurity disclosures by audit committees continue to climb and are dramatically more common than they were even just a few years ago. For example, 46% of S&P 500 companies in 2021 disclosed the audit committee's responsibilities for cybersecurity risk oversight. That's up from 39% a year earlier and just 11% as recently as 2016. The results for S&P MidCap and S&P SmallCap companies showed similar trends.

In addition, 34% of S&P 500 companies disclosed in 2021 whether the board included a cybersecurity expert (up from 28% last year and 7% in 2016).

The percentage of audit committees making other disclosures was largely unchanged compared with 2020. The most common disclosures reported in the survey were:

  • Discussion of how nonaudit services may affect independence. This disclosure was made by 83% of S&P 500 companies, 80% of S&P MidCap companies, and 76% of S&P SmallCap companies.
  • Disclosure of the length of time the auditor has been engaged (70% S&P 500, 59% S&P MidCap, and 54% S&P SmallCap).
  • Discussion of criteria considered when evaluating the audit firm (52% S&P 500, 39% S&P MidCap, and 35% S&P SmallCap).
  • Explicit statement that the audit committee is involved in the selection of the audit engagement partner (50% S&P 500, 22% S&P MidCap, and 12% S&P SmallCap).

ā€” Ken Tysiac ( is the JofA's editorial director.


Get your clients ready for tax season

Upon its enactment in March, the American Rescue Plan Act (ARPA) introduced many new tax changes, some of which retroactively affected 2020 returns. Making the right moves now can help you mitigate any surprises heading into 2022.


Black CPA Centennial, 1921ā€“2021

With 2021 marking the 100th anniversary of the first Black licensed CPA in the United States, a yearlong campaign kicked off to recognize the nationā€™s Black CPAs and encourage greater progress in diversity, inclusion, and equity in the CPA profession.