Skip to main content
close search
site logo
Dive Brief

Audit committees expand oversight to ESG, cybersecurity, AI: EY

Nearly four out of five investors said boards should demonstrate expertise in climate, cybersecurity and other risks by detailing their work to limit such hazards, EY said.

Published Nov. 18, 2024
Jim Tyson's headshot
Senior Reporter
View of trees.
View of a forest. Moeru Matsunoo via Getty Images

Dive Brief:

  • Audit committees at the largest U.S. companies have expanded their oversight this decade beyond financial challenges to encompass risks in cybersecurity, sustainability and artificial intelligence, EY said Monday.
  • The proportion of companies citing sustainability as an audit committee responsibility surged to 22% this year from 6% in 2021, EY found in a survey of Standard & Poor’s 500 firms.
  • “This momentum is likely connected to companies preparing to comply with various new global reporting standards, including the Securities and Exchange Commission’s climate-related disclosure requirements,” EY said in a report.

Dive Insight:

The SEC this year blunted requirements of a rule focused on climate risk disclosure before putting the regulation on hold in the face of legal challenges. Companies would be required to disclose the impact of climate change on their finances, operations and business strategy.

Since the appointment of Gary Gensler as SEC Chair by President Joe Biden in 2021, mentions of the environment and climate in audit committee descriptions at S&P 500 companies have doubled from 7% to 14% this year, EY said.

Audit committees in many cases focus on the reliability of environmental, social and governance disclosures, including controls and procedures, as well as risks related to sustainability, EY said.

Gensler, the leading champion of the climate-risk disclosure rule, has said institutional and retail investors during the past several years have sought detailed and consistent corporate disclosure about ESG risks.

Nearly four out of five investors (79%) said boards should demonstrate expertise in climate, cybersecurity and other risks by detailing their work to limit such hazards, EY said, citing another survey.

A growing proportion of audit committees oversee cybersecurity risk at most large companies, EY said. The share of S&P 500 companies that cite cybersecurity as an audit committee responsibility increased to 77% this year from 25% in 2019, according to EY.

Under Gensler the SEC mandated that publicly traded companies disclose information about a material cybersecurity incident on Form 8-K within four business days of determining that incident is a material event. Companies may delay disclosure only when the Attorney General concludes that such a revelation would pose a substantial risk to national security or public safety.

The SEC rule also requires companies to identify a board committee or subcommittee to oversee cybersecurity risks. The proportion of S&P 500 boards that lack proxy disclosures assigning cybersecurity to a specific committee has fallen to 5% from 15% in 2021, EY said.

Companies are beginning to disclose some level of oversight for AI risks, and most commonly cite the risk as a point of audit committee oversight, EY said.

“AI is starting to emerge as an area of committee focus,” EY said, noting that 13% of technology committee descriptions cite the quickly evolving technology.

Editors' picks

Company Announcements

View all | Post a press release
Pharmaceutical Executive Taggart McGurrin Featured on Life Sciences 360 Podcast
From Wild Fig Advertising
October 29, 2024
Basware’s New GenAI Tool Transforms Insights for CFOs
From Basware
October 29, 2024

Want to share a company announcement with your peers?

Get started

Editors' picks
Latest in Strategy & Operations
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell