The December 2024 Update and the January 2025 Update included a discussion of five papers in which accounting or consulting firms suggest issues that audit committees should focus on during 2025.  See What Should be on the Audit Committee’s 2025 Agenda?, December 2024 Update, and What Should be on the Audit Committee’s 2025 Agenda? – Part II, January 2025 Update.  An additional paper is now available. On January 21, BDO released Audit Committee Priorities for 2025.

BDO states that in “an era when the business landscape is characterized by rapid changes and rising uncertainties, the need for robust governance oversight has never been more critical.” The BDO agenda paper “discusses the evolving priorities and responsibilities of audit committees (ACs) in 2025, emphasizing risk governance, technology integration, and investor expectations.”  Some topics addressed include:

• Enhanced Risk Governance and Enterprise Risk Management Integration.  “The AC’s oversight of ERM goes beyond oversight of management’s processes to stress testing those results to help ensure priorities are aligned, mitigation efforts are sound, and the company can be resilient against new challenges. The AC should not only review the formal ERM processes performed by management but receive further reporting and updates at an established cadence throughout the year to enhance recurrent risk conversations.”

• Emerging Technology and Cybersecurity.  “ACs should evaluate the impact of technology, including generative AI use in the financial reporting function. Three increasingly interdependent elements — technological efficiency, regulatory compliance, and talent — impact both corporate finance teams and audit engagement teams. Data governance challenges can increase the risk for potential reporting issues, errors, or unreliable insights.” The paper includes a list of nine questions directors should ask as part of their oversight of generative AI.

• Investor Expectations of Audit Committee Effectiveness.  “While ACs are often assigned expanding responsibilities, they must not fall behind on the traditional mandate of their role. It is important to clearly define and regularly review the AC's responsibilities and associated charter to ensure compliance with requirements, along with assessing the capacity and experience around expanded oversight responsibilities.”  The paper includes a list of 16 questions audit committees should ask about their responsiveness to investor expectations.

• Oversight of Internal Audit.  BDO states that “regular reports to the AC to ensure continued alignment on audit strategy and goals, along with timely resolution of identified deficiencies before they become material issues” is a best practice. The paper also recommends that audit committees consider the Institute of Internal Auditors’ Global Internal Audit Standards as a basis for evaluating the quality of the internal audit function.  (Regarding the new IAA standards, see Deloitte Has Suggestions for Audit Committee Support of the New Internal Audit Standards, November 2024 Update.)

• Disclosure. “The AC should inquire about the rigor for how disclosures outside the financial statements (such as those related to earnings releases and sustainability reports) are verified for accuracy and consistency, including reviewing presentation slides and management's commentary, while overseeing internal controls around non-financial metrics.”

• Oversight of the External Auditor.  BDO states that it is a best practice for audit committees to “build a strong professional relationship with their external auditors, which includes frequent, transparent communications about the audit.” Discussion topics should include auditor independence; the scope, status, and conduct of the audit; the engagement team’s and audit firm’s experience, supervision, and review; the audit firm’s structure and its potential impact on audit quality; inspection results at the engagement and firm level; and the audit firm’s system of quality control.