top of page
Search
Writer's pictureDaniel Goelzer

Audit Committee Nonfinancial Oversight Responsibilities Continue to Expand

In How board committee responsibilities and structures are changing, the EY Center for Board Matters explores changes in board committee structure and responsibilities at S&P 500 companies from 2021 to 2024. EY found that audit committee responsibility for oversight of nonfinancial matters has increased, particularly in the areas of enterprise risk, cybersecurity, sustainability, and AI.

 

The EY Center reviewed how committee oversight responsibilities were described in S&P 500 company proxy statements between 2021 and 2024. Key findings regarding changes in the work of audit committees include:

 

  • Enterprise risk.  Audit committees are frequently the overseers of risk.  In 2024, 44 percent of companies referenced enterprise risk in their proxy statement description of the audit committee’s responsibilities, up from 38 percent in 2021.

 

  • Cybersecurity oversight.  The audit committee is the primary committee with responsibility to oversee cybersecurity risks. The percentage of S&P 500 companies citing cybersecurity in their audit committee descriptions increased from 25 percent in 2019, to 70 percent in 2021 and 77 percent in 2024. In 67 percent of 2024 proxy disclosures, the audit committee was the only committee described as having cybersecurity oversight responsibility (up from 61 percent in 2021.)  Eighteen percent cited only a committee other than audit as having cybersecurity oversight responsible, and 10 percent included cybersecurity in describing the responsibilities of the audit committee and another committee. In 2024, only 5 percent of S&P 500 boards did not disclose a specific committee to which cybersecurity is assigned, down from 15 percent in 2021. The EY Center states: “This change was likely driven by the SEC’s new rules on cybersecurity disclosures, under which companies must identify any board committee or subcommittee that oversees cybersecurity risk, if applicable.”

 

  • Sustainability oversight.  Nominating and governance is the primary board committee that oversees sustainability, but audit committees are catching up. Since 2021, the percentage of S&P 500 companies mentioning ESG or sustainability in their audit committee description increased from 6 percent to 22 percent.  Mentions of environment and climate in audit descriptions rose from 7 percent in 2021 to 14 percent in 2024.  The EY Center surmises that, in many cases where audit committee descriptions include sustainability-related terms, the committee is “overseeing the reliability and adequacy of ESG disclosures, including related disclosure controls and procedures.”

 

  • AI oversight.  In 2024, two percent of S&P 500 companies disclosed that AI oversight was an audit committee responsibility.  “[D]isclosures vary with some only listing AI among a variety of specific risks, while others provide more in-depth information regarding their AI oversight responsibilities (e.g., oversight of issues emerging from AI’s development, including impacts to data privacy, human rights and climate action).” 

 

The EY Center’s report also discusses how S&P 500 companies describe the responsibilities of other committees and trends in the formation of new committees, such as technology and sustainability committees.  The Center states:

 

“Decisions about board committee structure or the division of oversight responsibilities are heavily dependent on company facts and circumstances. Leading practice is for boards to conduct regular and thoughtful reviews of how their oversight responsibilities are allocated, to establish that such allocation remains fit for purpose. Boards should regularly evaluate what works best for them to meet changing priorities and needs.”

 

The report concludes with a list of questions to guide board consideration of whether to modify committee structure or the matters assigned to particular committees. 

1 view0 comments

Recent Posts

See All

Comments


bottom of page