Following a year of unprecedented challenge and upheaval, the 2021 audit committee agenda has a different look than in years past. Issues such as the uncertain economic outlook, geopolitical tensions, a remote and distributed workforce, cybersecurity threats and changing customer demands will continue to disrupt business as usual and demand that business leaders remain alert and ready to pivot. Protiviti recently hosted a webinar to discuss the audit committee’s agenda for this year and examine audit committees’ unique opportunities to support key financial reporting players within their organization. It was an engaged and interactive discussion and we encourage you to listen to the free recorded version, as well as read Protiviti’s latest Bulletin, Volume 7, Issue 9, “Setting the 2021 Audit Committee Agenda,” which covers the 10 critical issues for audit committees to consider within the three areas of Enterprise, Process and Technology; Financial Reporting; and Environmental, Social and Governance (ESG).
We received a number of questions from our webinar audience and we addressed many of them live. For those who were unable to join us in the live session, here are some of those questions and our perspective:
Q: In 2020, many organizations had to quickly adapt their processes and workflows to the reality of working from home. What are some of the key innovations that arose from working remotely?
We’ve seen a number of major initiatives around workflow, spurred by necessity because people were unable to collaborate in person. In this environment, checks still had to be cut, vendors had to be paid and cash receipts had to be processed, all without sacrificing internal controls. All of the workflow innovation we’ve seen has come from people and organizations that took a proactive approach— in some cases reconstituting workflow manually to accommodate a lack of adequate hardware and connectivity, but then seeking out new tools to support and automate these alternative processes. Now, as people contemplate re-entering their workplaces, they are looking to formalize the processes they performed differently while working remotely.
For example, this summer we interviewed members of the CFO community. This group was highly interested in implementing cloud security measures because they had become comfortable operating in a remote environment. They’ve learned a lot from this experience, and we expect they will continue to innovate and look to do things differently or more efficiently once they are able to collaborate in person again.
It’s important to remember that the return to the office will not be return to the way things were done before. Teams that previously worked in close proximity will need to maintain social distancing measures over a larger footprint or through staggered schedules. Flexible thinking and innovation in how people work together and collaborate, and the apps and innovations that support that, will play an essential role throughout 2021 and beyond.
Q: What level of environmental, social and governance (ESG) reporting is expected of companies that are not publicly traded? Should such firms employ external reporting teams to help them manage compliance?
ESG reporting is not required for private firms, nor for public companies in the United States, but to the extent that you’re a private company with plans to go public someday, it’s important to prepare for scrutiny in the area, as it is an emerging area of regulatory and stakeholder interest for public companies. Also, be prepared for the fact that, although you’re private, key stakeholders, including your vendors, customers and employees, who are putting pressure on public companies in the area of ESG, could begin placing similar pressure on you. As a private company, even if you are not subject to a requirement, you still may want to be as prepared as possible to address your market’s expectations.
Within public companies, CFOs, controllers, and their Financial Planning and Analysis (FP&A) organizations, generally own the 10-K and the 10-Q, including any voluntary ESG disclosures and now-required Human Capital disclosures. You’re not required to make such disclosures, but if you choose to do so they have to be accurate, fairly stated and in accordance with a comparable frame of reference. Once a public company makes such disclosures, those disclosures are potentially subject to third party attestation requirements, especially if they are included in public filings used to sell securities.
Although it’s been relatively quiet on the regulatory and accounting standards front lately, we recommend keeping an eye this year on ESG developments. Observable market forces continue to elevate the importance of ESG-related matters and it’s likely a matter of when, not if, the market can expect more rulemaking and standard-setting on ESG-related impacts.
Finally, note that the SEC recently amended Regulation S-K to require a description of human capital measures or objectives used in managing the business, provided such disclosures are material to understanding the company’s business as a whole. The audit committee should review these new disclosures in light of developments occurring at the company.
Q: Is there a role for the audit committee to challenge the chief audit executive on how they proactively manage and ensure the relevance of internal audit within the organization?
We think this is critically important in this day and age. At Protiviti, we say the future auditor has arrived, and as such the CAE needs to demonstrate they can bring value to the audit committee and to management. To borrow from the musical “Hamilton,” it’s all about earning the right to be “in the room where it happens.”
To maintain relevance, internal audit must proactively demonstrate certain high-level skills, including strong communication, data savviness and the ability to anticipate changes on the horizon. Some may say this is outside of the auditor’s traditional third-line role in an organization, but we counter that the mission of internal audit is to offer oversight while also serving as a consultant to the business.
Regarding the audit committee’s role in this process, it’s important to ask whether the committee is setting clear expectations of the CAE to proactively get the internal audit function’s transformation process on its agenda. Furthermore, does the audit committee provide the CAE sufficient time on its agenda to address these matters? These and other questions should be considered as the audit committee takes more interest in how internal audit is advancing its capabilities and influence across the enterprise.