14 minute read 14 Dec 2020
Golden building with blue sky

What audit committees should consider at the end of 2020 and beyond

By Stephen Klemash

EY Americas Center for Board Matters Leader

Recognized leader in corporate governance. Experienced board member. Trusted advisor to senior executives and directors. Fervent reader. Husband and father.

Contributors
14 minute read 14 Dec 2020

This report helps audit committees address financial reporting, tax and regulatory developments as well as top of mind risk management issues.

In brief

  • Audit committees will continue to focus on accounting and disclosure issues related to the pandemic.
  • A new administration will bring potential regulatory and tax policy changes and developments that should be considered.
  • Disclosure requirements continue to evolve particularly around human capital and environmental, social and governance issues.

In this 2020 edition of our annual review of issues affecting audit committees during the year-end audit cycle, we summarize key developments for audit committees to consider. With the changing risk landscape, the audit committee’s role continues to grow more demanding and complex amid the pandemic and a dynamic and fluid business environment. This report will assist audit committees as they proactively address recent and upcoming developments in financial reporting, tax, the regulatory landscape and risk management.

Business people working remotely via video conference
(Chapter breaker)
1

Chapter 1

Financial reporting

Continue to focus on accounting and disclosure issues related to the pandemic.

The Securities and Exchange Commission (SEC or the Commission) staff continues to encourage audit committees to maintain the right “tone at the top” to create an environment and culture that supports the integrity of the financial reporting process. Additionally, stakeholders are requiring businesses to provide more disclosures for a variety of reasons.

They are especially focused on how the continued global COVID-19-driven economic uncertainty and shifting geopolitical developments are impacting the company. From considering the ongoing accounting and disclosure ramifications of the pandemic to implications arising from the changing work environment and the impacts to internal control over financial reporting, audit committees will be contending with a plethora of financial reporting issues. Read the full report.

SEC statements and guidance issued this year made it clear that the COVID-19 pandemic and its impacts on the registrant and its business prospects should be effectively discussed in all major sections of a company’s periodic reports.

How auditors are adapting to the virtual environment

COVID-19 simultaneously disrupted the accounting cycle for companies and auditors. External auditors have been adapting to the new environment and adjusting their audit approach in response to an altered business landscape. While the transition to off-site and remote auditing was already underway for some companies, the pandemic has accelerated this trend across the profession and highlighted how auditors are leveraging technology and data to deliver high-quality audits and focus more on risk identification and business insights. As an example, data analytics have helped audit teams focus on key audit issues raised by the pandemic by flagging potential risks resulting from anomalies and trends in financial data.

While the transition to a remote close and remote workforce has generally been effective for companies and auditors, audit committee chairs noted increasing risks, including cyber-related risks associated with phishing attempts and email security, increased fraud risk factors, and potential changes to internal control over financial reporting.

Heading into the year-end audit, it will be critical that audit committees maintain proactive, open and complete communications with the auditors to keep pace with the changing nature of audits and oversee audit effectiveness and quality. To aid in those discussions, the PCAOB provided the following questions for audit committees to discuss with their auditors to better understand the risks associated with remote work and virtual audits:

  • Will additional time be needed to get the audit work done remotely? What complexity does working remotely add to the audit?
  • Will working remotely affect productivity of audit engagement team members? If so, does the audit plan need to be updated, and do fees need to be revised?
  • Has remote work affected the company’s ICFR? If so: Is the auditor including new controls in their assessment or evaluating changes to existing ones? Has the auditor identified any concerns with respect to segregation of duties?
  • If a review of the issuer’s interim financial information has been completed already, are there any lessons learned that can be applied to the year-end audit?
  • Has the auditor assessed potential risks of material misstatement related to cybersecurity, and how does the auditor plan to respond to those risks? 

Source: PCAOB’s Conversations with Audit Committee Chairs: COVID-19 and the audit [July 2020]

Businessman using video conferencing interactive screen
(Chapter breaker)
2

Chapter 2

Tax and other policy-related developments

Audit committees will want to make sure that all tax matters related to COVID-19 and the broader tax landscape have been appropriately assessed and considered.

Global digital tax initiatives, evolving interpretations of US tax reform legislation and ongoing trade volatility have all been contributing to an unpredictable tax landscape for businesses. The COVID-19 pandemic (including responses to the virus) and the US election results introduce even more layers of uncertainty about the future direction of tax policy.

Boards and audit committees are tasked with overseeing businesses’ responses to these and other considerations and making sure their organizations can respond rapidly to an ever-evolving tax environment. Adapting and excelling in this environment requires a greater focus on risk and compliance oversight, as well as greater involvement in monitoring policy developments and modeling different potential scenarios. 

Audit committees will also contend with potential tax policy changes and developments stemming from the change in administration.

COVID-19 and ongoing implementation changes stemming from the TCJA

In a year of health, economic and trade disruption, tax policy has played a key role. Governments around the world have responded to the COVID-19 pandemic with economic relief and stimulus measures. In the US, a significant portion of the relief has been offered through the tax code, at a time when businesses continued to implement changes stemming from the Tax Cuts and Jobs Act (TCJA).

Of the roughly $2.8 trillion spent across several US COVID-19 relief bills as of early November, tax provisions have accounted for about $540 billion, with the business tax elements aimed at improving liquidity and employee retention. Tax changes included payroll tax relief, rollbacks of provisions from the TCJA, individual tax relief and other business tax measures.

While some of the TCJA guidance has been in final form, several proposed regulations were also issued. Examples include proposed regulations related to business interest expense limitations, the foreign tax credit and the controlled-foreign-corporation status of a foreign corporation when applying certain tax provisions. Depending on the priorities of the next Presidential administration, the interpretations and policies laid out in the regulations released in these final months of 2020 may be revisited, adding to the uncertainty businesses face heading into 2021.  Read the full report.

Designer using laptop at office desk
(Chapter breaker)
3

Chapter 3

Regulatory developments

Under the leadership of Chairman Clayton, the SEC has included in its agenda a range of rulemaking activities aimed at improving the process for raising capital in the US.

The SEC has been focused on achieving some of Chairman Clayton’s top priorities: increasing the attractiveness of the US public capital markets for companies and facilitating more investment options for retail investors, while preserving and enhancing investor protections.

Disclosure effectiveness and simplification efforts continue

One area of focus for the SEC under Chairman Clayton’s leadership has been to encourage capital raising in the public capital markets, and improving investment opportunities for “Main Street” or retail investors. In 2020, the SEC has continued to take actions intended to modernize disclosure requirements to reduce regulatory burdens for companies while maintaining investor protections. While the changes have been evolutionary rather than revolutionary, this sustained effort should have a meaningful cumulative impact on the SEC’s disclosure requirements. Read the full report.

In 2020, the SEC has continued to take actions intended to modernize disclosure requirements to reduce regulatory burdens for companies while maintaining investor protections.

How to approach the SEC’s new human capital disclosures

Many investor groups have been calling for expanded human capital disclosures for some time, and these new disclosures will receive significant attention from key stakeholders. As such, this may also be an opportunity for companies to further enhance their disclosures by discussing their plans and strategic strengths associated with human capital placed in the context of their business objectives and strategies. These are increasingly important as greater emphasis is placed on the role of human capital in underpinning and enhancing long-term value — especially in those sectors that are highly dependent on skilled, well-developed and engaged personnel.

Examples of measures, objectives and strategies that companies might disclose include:

  • Overarching human capital resource strategies, goals and management
  • Employment and recruitment strategies and practices
  • Diversity and equality
  • Employee retention strategies, goals and measures
  • Compensation and incentive mechanisms
  • Employee benefits, collective bargaining and grievance mechanisms
  • Employee engagement
  • Investment in employee training
  • Employee health and well-being
  • Succession planning
  • Legal or regulatory proceedings related to employee management 
Geometric ceiling of office building
(Chapter breaker)
4

Chapter 4

Risk management

Boards and audit committees are revisiting risk management practices to enable enterprise resiliency and agility to better respond to the shifting risk landscape.

In the current COVID-19 pandemic landscape, organizations are faced with an unprecedented duality: of managing the transition to a “new normal,” while also reimagining the future of work and business. The recent pandemic has also brought to the forefront the current state of enterprise risk management (ERM) and highlighted the interconnectedness of risks and the velocity at which the risk landscape can change. Given the likely continued waves of disruption ahead, resilience will need to be an organizational priority every day, not just in times of crisis.

Advancing risk oversight to enable enterprise resiliency and agility

Prior to the pandemic, boards were concerned that their organizations were insufficiently prepared for an event regardless of likelihood. The most recent EY Global Board Risk Survey17 indicated that only 21% of boards felt their organization was very prepared to respond to an adverse risk event from a planning, communications, recovery and resilience standpoint.

With organizations facing the prospect of quickly and effectively responding to the “new” business environment, there is a renewed focus on enterprise resiliency that relies on coordinated risk assessment, planning, monitoring and response across the enterprise. Leading boards and audit committees are motivated to enhance the oversight of ERM, make sure that the ERM process incorporates recent lessons from the pandemic, and evaluate ways to adapt and strengthen ERM.

As organizations look to enhance risk management, some key areas of focus include improved risk identification (including the detection of weak signals of risks that are emerging slowly), more rigorous scenario planning, simulations, stress testing over more variables and extremes, disaster response/contingency planning, incorporation of external data/perspectives, and the need to better leverage technology/digital experience.

Leading organizations have also been changing their resiliency planning efforts and evolving their risk frameworks, processes, and controls to allow them to be more agile and resilient. Resiliency planning should involve more sophistication and build more agility into the organization. This includes using data-enriched, multi-risk and multi-step scenarios that stress test the organization’s ability to respond to complex operational threats, mitigate the impact to customers and critical services/suppliers, and withstand a range of adverse economic effects. Read the full report.

Questions for the audit committee to consider

  • Financial reporting

    1. Have there been any material changes to internal controls over financial reporting or disclosure controls and procedures to address the changing operating environment? Have any cost saving initiatives and related efforts impacted resources and/or processes that are key in internal controls over financial reporting? If so, has management identified mitigating controls to address any potential gaps? Has management and/or internal audit taken additional steps to address heightened risk of fraud in the current environment?
    2. Are there any resource concerns and, if so, what are the mitigating plans? Has management confirmed whether specialists routinely used by the company to assist in complex financial reporting inputs (e.g., valuation, impairment, pension) or in internal audits (e.g., IT, cybersecurity) have the bandwidth and ability to meet the company’s financial reporting needs?
    3. How is the company adjusting its disclosures to adapt to evolving events and planning for COVID-19‑related uncertainties going forward?
    4. What approach has management taken to consider multiple scenarios related to its projections and underlying assumptions that are expected to have a material impact on the results of operations or capital resources? Have there been material changes in controls and processes to evaluate the reasonableness of the assumptions and key estimates?
    5. External auditors: were there material changes to materiality assessments, scope, physical inventory counts and the overall planned audit approach? Were there any “close calls” or areas that were particularly challenging as a result of the current environment and remote workforce? What additional procedures has the external auditor performed to gain comfort around key assumptions, estimates, and prospective financial information? How has the engagement team considered the potential increase in errors due to work-from-home distractions or changes to the incentive, opportunity, and rationalization of the fraud triangle? Has there been a re-evaluation of critical audit matters and how will auditor reporting requirements be impacted? 
  • Tax

    1. Did management optimize the corporate tax benefits available in the CARES Act (i.e., maximized the employee retention credits, all possible deductions into the 2020 tax year if a net operating loss is expected to be carried back or applied for immediate refunds of alternative minimum tax credits for liquidity purposes) and/or other foreign government stimulus tax provisions?
    2. Have the organization’s tax planning strategies been re-evaluated to address possible shifts in tax policy changes (including those that may arise post‑US election), supply chain, workforce, and capitalization?
    3. Has the company engaged in modeling and scenario planning to weigh the potential impacts of tax-and trade-related developments?
    4. What additional audit procedures has the audit firm incorporated as a result of COVID-19 and the changing tax environment? Have there been any additional audit risks identified? How were they addressed?
    5. How is the company staying informed of global, federal, state and local tax policy changes and related developments? Is the company considering the outlook for future COVID-19-related legislation? 
  • Regulatory developments

    1. What process does the committee have in place for regulatory updates and is the committee sufficiently engaged in dialogue providing views and input as needed on the related impacts?
    2. To what extent is the audit committee considering how new areas of nonfinancial disclosure and related metrics (e.g., human capital disclosures and other ESG‑related metrics) are subject to adequate disclosure processes and controls?
    3. Has the company benchmarked its disclosure practices around key ESG matters with those of its industry and proxy peers to identify areas of improvement?
    4. Does the company’s proxy statement effectively communicate how the audit committee is overseeing and engaging with the external auditor? Does it address areas of investor interest, such as the independence and performance of the auditor? Has the audit committee considered how changes in the auditor reporting requirements may impact audit committee disclosures?
    5. In light of the changing environment, what additional voluntary disclosures might be useful to shareholders related to the audit committee’s time spent on certain activities, such as cybersecurity, data privacy, business continuity, corporate culture and financial statement reporting developments? 
  • Risk management

    1. Do the organization’s ERM practices incorporate forward-looking insights and use of data analytics to determine trends and predictive indicators? Has the audit committee reviewed the effectiveness of management’s risk management programs in the wake of the pandemic?
    2. How is the organization deploying new tools and technologies to identify patterns and correlations in company data to identify potential warning areas? How can the organization act upon weak signals, aligning the increase in the organization’s intensity to the velocity of the underlying risk?
    3. Does the organization have the necessary skill sets, talent and culture to effectively manage the organization’s significant risks? If not, what are the gaps and how will those be addressed by management?
    4. How is management understanding and monitoring the effectiveness of risk management of critical third parties with respect to financial and operational resiliency, IT security, data privacy, culture, and environmental, social and governance factors?
    5. Are there any concerns with the company’s (risk) culture given the ongoing remote environment?
    6. Has the organization revisited and updated its training programs to consider the current and changing business landscape, new controls, new systems and revised regulations? 

Summary

Our annual review of issues affecting audit committees during the year-end audit cycle summarizes key developments for audit committees to consider.

About this article

By Stephen Klemash

EY Americas Center for Board Matters Leader

Recognized leader in corporate governance. Experienced board member. Trusted advisor to senior executives and directors. Fervent reader. Husband and father.

Contributors