The Critical Role of the Audit Committee in Corporate Governance

NACD Northern California hosted an exclusive audit committee cohort peer exchange led by Brooke Seawell, audit committee chair of NVIDIA, and Claudia Fan Munce, audit committee member of Best Buy to discuss The Critical Role of the Audit Committee in Corporate Governance.

Facilitated by Tony Perazzo, West Region Managing Principal at Grant Thornton, audit committee board directors had the opportunity to share insights and best practices in the evolving landscape of corporate governance with their peers.

The key takeaways can be found below.

Audit Committee Structure

• Many critical issues like cybersecurity, AI, and ESG often fall under the purview of audit committees. It's crucial to structure your board effectively to ensure these issues are adequately addressed.
• Committee composition varies widely across businesses and industries. Establishing a subcommittee within the audit committee that focuses on cyber and climate issues, with participation from non-audit members, works well for some and helps provide a broader perspective on these issues.
• Issues affecting the entire board should be summarized and discussed quarterly to ensure strategic alignment and comprehensive oversight, but more off-cycle meetings are required for these critical topics to be discussed outside the quarterly audit meetings.
• An optimal audit committee should include a tenured chair, a (recently retired) CFO, and other members with diverse skills tailored to the company's needs, ensuring a balance of technical expertise and broad leadership knowledge.

Cybersecurity and AI

• The introduction of AI has expanded the scale and complexity of cybersecurity challenges. Regulatory actions by the SEC are increasingly focusing on disclosures related to AI and cybersecurity risks.

• Board oversight can be significantly bolstered by a knowledgeable Chief Information Security Officer (CISO) who can provide critical insights into cyber and AI issues. Ask your CISO what they are doing to monitor company email addresses on the dark web, for example.

• "How boards can amp up their oversight of cybersecurity" by Grant Thornton

Future Trends and Preparedness

• Anticipated future trends for audit committees include increased regulatory scrutiny on AI use and ethics. Committees may need to rethink their structure to be prepared for this additional oversight requirement.

• Regular formal training sessions for board members on emerging technologies and regulations may need to become a requirement.

• Leveraging external consultants can supplement board knowledge, particularly on specialized topics.

• When AI is solely viewed through an audit lens, it tends to be seen as a risk. Engaging external stakeholders is essential to explore AI's opportunities for business growth.

• Use executive sessions to discuss board member comfort levels on each critical topic and ensure there is technical coverage on all of the important issues.

Materiality Determination Process

• Establishing a robust materiality determination process helps in timely and accurate reporting, mitigating risks of regulatory scrutiny.

Utilizing AI Strategically

• Boards are increasingly using AI for strategic decision-making but need to ensure responsible usage.

• AI tools like ChatGPT and Box can aid in strategic analysis and decision support, but human judgment remains essential for contextual understanding and nuanced decision-making. As a best practice, board directors are not using AI for their financials yet.

Staffing and Structure Considerations

• Remote work and AI-supported roles are reshaping staffing dynamics in accounting and finance functions—boards should think carefully about staffing quality and structure when working with third parties.

Current Trends in SEC Enforcement Actions

• The SEC is intensifying its focus on transparency and accountability, particularly regarding disclosures related to cybersecurity and AI.

• Companies should be cautious about exaggerating their use of AI in products and services, as the SEC has recently penalized firms for misleading claims. 

ESG Oversight

• ESG oversight is still not managed by a standardized committee. Sometimes it is managed by nomination/governance committees, while others have it reside in audit committees, with them often handling assurance of ESG-related numbers.

• Given increasing regulatory scrutiny, robust oversight frameworks (and a move toward useful templates) are crucial for ESG reporting and compliance.

• There's ongoing debate around ESG reporting timelines, with some companies delaying implementation—it's advisable not to delay ESG reporting due to impending regulations. Proactive reporting can enhance transparency and compliance.

Thank you to Grant Thornton for generously hosting this dinner.