Skip to main content
close search
site logo

Cybersecurity increasingly on audit committee agendas

To the extent CFOs support the committees, they could be called on to help find experts to join, or present to, members who are tasked with preventing a damaging breach.

Published Jan. 26, 2022
Robert Freedman's headshot
Robert Freedman Lead Editor
People at business meeting
vm via Getty Images

CFOs can expect to see more cybersecurity experts on their audit committees. Audit committee members increasingly say they need that expertise around the table to better manage this growing responsibility, according to a report by The Center for Audit Quality and Deloitte. 

Almost 100% of audit committees have members with finance and accounting expertise but only 35% have members who are strong in cybersecurity, the report finds. And yet cybersecurity is the fastest-growing risk focus for the committees.

“Audit committees are being challenged by increased complexity in their core responsibilities, as well as scope creep across other areas within their organizations,” says Audit Committee Practices Report, released this month. 

Almost 55% of audit committees have cybersecurity as part of their responsibilities, 60% say it's an agenda topic at least quarterly and 69% say they expect to spend more time on it in the coming year. And almost two-thirds call it their top risk focus. 

Not surprisingly, 41% say they need additional expertise on it in their committee, more than any other risk area. That means committees will be looking at who they should be adding as members and inviting to make presentations at meetings.

CFO Dive / CAQ, Deloitte data
 

“Make sure you’re hearing from the right people,” says the report. “Consider having the chief information security officer (CISO), or the equivalent, present … on a regular basis. Given the pace of developments in the cybersecurity space, it’s also appropriate to get periodically an outside-in perspective. Asking your external auditor or other advisors to present with your CISO is a natural option.”

CFO Dive / CAQ, Deloitte data
 

Common practices

The report, which looks broadly at what audit committees are focused on, is based on input from almost 250 committee chairs and members of mostly large public companies in the United States. 

In addition to the growing focus on cybersecurity, it finds the committees increasingly concerned with all types of fraud and security risks, environmental, social and governance (ESG) reporting, and supply chain issues, while continuing to focus on their core finance and control responsibilities. 

Among the findings:

  • 98% say audit quality is the same or better than the prior year
  • 21% say meetings will return to in-person when COVID-19 conditions make that possible
  • 62% say they’ll hold hybrid meetings, some in-person and some virtual, while 27% say they’ll hold hybrid meetings in which some people will attend in-person, others virtually
  • 97% expect to spend as much time or more on core financial reporting and control issues in the next year
  • 74% say they’ve updated their internal controls to account for remote work
  • 42% say fraud risks have increased
  • 42% say their committee oversees enterprise risk management, compared to 20% of risk committees
  • 19% say supply chain issues fall into the jurisdiction of the audit committee
  • 10% said ESG falls into that jurisdiction

Access the report

Recommended Reading

Filed Under: Risk Management

Editors' picks

Company Announcements

View all | Post a press release
Pharmaceutical Executive Taggart McGurrin Featured on Life Sciences 360 Podcast
From Wild Fig Advertising
October 29, 2024
Basware’s New GenAI Tool Transforms Insights for CFOs
From Basware
October 29, 2024

Want to share a company announcement with your peers?

Get started

Editors' picks
Latest in Risk Management
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell