On June 22, 2023, the SEC’s Investor Advisory Committee hosted a panel discussion regarding audit committee workload and transparency. The panel was led by James Andrus, with presentations of new research by Lauren Cunningham and Vanessa Teitelbaum and ensuing discussion with several audit committee chairs: Anthony Anderson, Sheila Hooda, Robert H. Herz and David Herzog. The panel touched on nuances of many issues facing a modern audit committee, particularly the expanding universe of risk oversight, the importance of proxy disclosures, the type of information sought out by investors, and whether new regulations are needed. While there was no consensus on the best approach to risk oversight, all of the panelists could agree on a few matters: investors rarely, if ever, raise questions about how the audit committee functions and new regulations are not needed.
Risk allocation – some consider the audit committee a “kitchen sink;” one size does not fit all.
Research presented by Prof. Cunningham indicated that many audit committee members believe the audit committee is the appropriate committee to oversee new risks. Those who disagreed cited the bandwidth of the audit committee or the expertise needed to oversee the risk. The risks facing companies are growing and evolving; however, the discrete risks facing each company and the resources available to each company and board are different. While an audit committee has experience overseeing technical matters, that does not necessarily mean the audit committee is best positioned to oversee the company’s cybersecurity risks, for example. The complexity of the evolving business environment often requires unique expertise. As aptly noted throughout the panel, there is no one-size-fits-all solution. Rather, a company’s industry, the business’ complexity, board and committee structure and individual director expertise, among other variables, must all be considered.
Smaller companies may have the audit committees oversee the company’s primary risks based on the expertise of the individual members of the audit committee and the complexity of the company’s business. On the other end of the spectrum, Mr. Herz discussed Morgan Stanley’s approach to risk allocation, which takes into account the complexity of the large financial services institution. The majority of risk oversight is delegated to the risk committee; however, risks associated with cybersecurity, data privacy and artificial intelligence are handled by the operations and technology committee. This approach leaves the audit committee with more traditional audit committee related functions.
It’s also important to assess each board’s overall committee structures. Connections between the audit committee, nominating committee, compensation committee and others—such as risk or technology—must be considered. The members of each committee must have the necessary expertise and skillset to adequately oversee the areas of risk assigned to the committee. As the risk areas evolve, and directors roll off of committees and boards, it is important that the skillsets and experience needed are included in succession planning.
Shareholders are not monolithic-engagement and listening are important but directors still must exercise independent judgment.
Turning to the adequacy of proxy disclosures, none of the panelists has received questions from investors seeking a better understanding of what the audit committee does. Rather, investors typically raise questions about compensation, succession planning, climate impacts, and similar matters. While some audit committees use the proxy statement to craft a narrative for investors going beyond the required disclosures, the directors must exercise independent judgment about the right level of detail. The need for additional detail should be weighed against the volume of information included; more is not necessarily better.
More regulation is not likely the answer.
It is not surprising that none of the panelists thought that additional regulations would benefit investors. There was some discussion on whether there is value in the SEC Corporation Finance Staff issuing additional guidance on the information that may be beneficial to investors. But it seems that additional guidance may still be a solution in search of a problem.