EY helps clients create long-term value for all stakeholders. Enabled by data and technology, our services and solutions provide trust through assurance and help clients transform, grow and operate.
At EY, our purpose is building a better working world. The insights and services we provide help to create long-term value for clients, people and society, and to build trust in the capital markets.
As audit committees prepare for year-end discussions with the board, management, auditors, and external stakeholders, they should consider the following issues.
In Brief
In the face of a dynamic business environment and evolving risks, the role of the audit committee has grown more demanding and complex.
We provide questions for audit committees to ask in the areas of risk management, financial reporting, tax, and the regulatory landscape.
This 2022 edition of our annual review of issues affecting audit committees during the year-end audit cycle summarizes key considerations for audit committees. With the changing risk landscape, the audit committee’s role continues to grow more demanding and complex amid the pandemic and a dynamic business environment. This report will assist audit committees to proactively address developments in risk management, financial reporting, tax, and the regulatory landscape.
Risk management
How is the company using new technologies and data to enhance stress testing and scenario analyses to better prevent surprises and significant variability in operating performance?
Do scenario analyses consider an appropriate range of extreme and even improbable scenarios, including existential threats? Do they incorporate the potential compounding effects of various risks?
How can the organization build resilience while remaining lean and agile enough to respond to unforeseen risks? Are contingency and response plans related to risks, including cybersecurity and supply chain, periodically simulated and reviewed with the board?
How is the company revisiting and adapting its risk management strategy and management’s approach to the three lines model in response to potential changes in the external and internal environment, changes in strategy and risk landscape and the company’s operating model?
How is the company managing critical third-party and systemic risks, including those related to financial and operational resilience, IT security, data privacy, and the company’s supply chain?
Has the board considered how the organization’s technology strategy is evolving, including how AI and other emerging technologies can be used to review and validate data and information to unearth insights into enterprise risks and opportunities?
Have the company’s information security measures and other controls been reviewed and adapted to be responsive to ongoing digital acceleration efforts, technology changes and the shifting business environment?
How has the company’s cybersecurity risk management program evolved to address the post-pandemic context, in which attackers are targeting a larger surface area and using increasingly unpredictable tactics? How is cybersecurity proactively integrated into all major strategy or tactical decisions, such as transactions, alliances, new products or services, and technology upgrades?
Financial reporting
How is the organization proactively assessing opportunities to enhance stakeholder communications, including corporate reporting, to address changes in operations and strategies as well as changing stakeholder expectations?
Have there been any material changes to internal controls over financial reporting or disclosure controls and procedures to address the changing operating environment? Have any cost saving initiatives and related efforts impacted resources or processes that are key in internal controls
over financial reporting? If so, has management identified mitigating controls to address any potential gaps?
What approach has management taken to consider multiple scenarios related to its projections and underlying assumptions that are expected to have a material impact on the results of operations or capital resources?
Have there been material changes in controls and processes to evaluate the reasonableness of the assumptions and key estimates?
Does the audit committee understand how management uses non-GAAP financial measures and how they supplement the GAAP financial statements?
Tax
Did the organization use any COVID-19-related tax benefits in 2021? How were those benefits identified and documented?
Has the organization reviewed its approach to tax controversy management in light of the ongoing pandemic and the shifting economic, trade and tax policy environment?
What systems are in place to keep the organization informed of changes and related developments?
Has the company performed modeling and scenario planning reflecting potential tax policy changes and trade developments?
What role does tax play in the organization’s ESG strategy?
Regulatory developments
Does the company have sufficient controls and procedures over nonfinancial data? Is internal audit providing any type of audit coverage on ESG-related data or is the company obtaining any external assurance?
In anticipation of CSA and SEC rule-making on disclosure of ESG-related matters, what steps will be taken to evaluate and adopt processes and controls related to potential new disclosure requirements?
What process does the audit committee have in place for regulatory updates and is the committee sufficiently engaged in dialogue providing views and input as needed on the related impacts?
In light of the changing environment, what additional voluntary proxy disclosures might be useful to shareholders related to the audit committee’s time spent on certain activities, such as cybersecurity, data privacy, business continuity, corporate culture and financial statement reporting developments?
External auditors: were there material changes to materiality assessments, scope, physical inventory counts and the overall planned audit approach? Were there any “close calls” or areas that were particularly challenging as a result of the current environment and remote workforce? What additional procedures has the external auditor performed to gain comfort regarding key assumptions, estimates and prospective financial information? How has the engagement team considered the potential increase in errors due to work-from-home distractions or changes to the incentive, opportunity and rationalization of the fraud triangle? Has there been a re-evaluation of key audit matters and how will auditor reporting requirements be impacted?
Summary
This annual report helps Canadian audit committees address financial reporting, tax and regulatory developments as well as top of mind risk management issues.