What audit committees should prioritize in 2024

We highlight key priorities for audit committees on risk management, financial reporting, tax and regulatory developments heading into 2024.

In brief

• Understanding the risks and opportunities around AI and other disruptive technologies will continue to be an area of focus for boards.
• Global tax changes could have profound implications for multinational entities and their global tax obligations in 2024.
• SEC rulemaking and other actions could meaningfully shift regulatory requirements in the months ahead.

With the changing risk landscape, the audit committee’s role continues to grow more demanding and complex amid the uncertain and dynamic business environment. This report highlights audit committee priorities for 2024 and addresses key risk management, financial reporting, tax and the regulatory developments.

Risk management

Boards face sharper challenges in navigating a risk environment that has become more expansive, complex and interconnected. A recent EY Board Risk survey indicates an escalating level of concern among boards a risk will severely impact their business. In an increasingly complex risk environment that is likely to both persist and evolve, boards need to support their organizations in anticipating and adapting to key and other emerging risks, rather than reacting to them. Leading boards are continuing to add value by supporting management in horizon scanning and scenario planning to identify and capitalize on changes in the business environment before they materialize into significant risks.

Artificial intelligence

Artificial intelligence and machine learning (AI/ML) have climbed to the top of the strategic agenda for many boards. Fraud detection, automating operational tasks, identifying possible cyber attacks, and regulatory compliance are some of the use cases that organizations are exploring to enhance their risk management and compliance-related efforts. However, AI/ML early adopters may face increased risks, such as lawsuits arising from the use of web-based copyrighted material in AI outputs, concerns about bias, lack of traceability due to the “black box” nature of AI applications, reliability of the outputs and threats to data privacy and cybersecurity. As a result, many organizations are opting for a cautious approach to AI/ML.

 Organizations are initially implementing applications in noncustomer- facing processes or to aid customer-facing employees where the primary goals are improving operational efficiency and augmenting employee intelligence by offering insights, recommendations and decision-making support. In the future, we expect to see risk teams using AI to scan and review regulations and for process, risk and control diagnostics. Over time, AI-enabled scenario modeling is expected to be used for market simulation and portfolio optimization.

With AI usage increasingly democratized, robust and agile governance has become an urgent board priority. Audit committees should inquire with management and internal audit regarding risk assessments around AI and related AI governance, including how risks around the ethical use of AI, accuracy of outputs, plagiarism, copyright, trademark violations, and protections of company IP were considered. Additionally, audit committees should ask management whether and how AI is used within the financial reporting processes, including related internal control impacts.

Financial reporting developments

Companies are continuing to re-evaluate their disclosures as stakeholders seek to understand the impact of various external developments on the business. This includes the continued global economic uncertainty; climate and other environmental, social and governance (ESG) factors; and evolving geopolitical developments.

What we’re seeing in SEC comment letter trends

In our review of SEC staff comment letters on periodic reports, we found that the SEC staff issued nearly 60% more comment letters on periodic reports in the year ended 30 June 2023 than in the previous year, continuing the upward trend that began in 2022. This reverses multiple years of decline in the number of letters issued by the staff, with the volume of comment letters exceeding that of each of the past four years. With the SEC staff now issuing significantly more comment letters to many more registrants, it is important that audit committees and management understand the process and ways to effectively respond to the staff’s comments.

MD&A and non-GAAP financial measures again took the top two spots on our list of topics the SEC staff addressed most frequently in comment letters in the year ended 30 June 2023. The SEC staff’s increased focus on MD&A and non-GAAP measures was a key reason for the overall increase in comment letters. For the second year in a row, comments on climate-related disclosures made our list of frequent topics addressed by the SEC staff, and we expect the SEC staff to continue to scrutinize these disclosures, even as the SEC is expected to finalize a new rule to require more extensive disclosures. On average, the comments on climate-related disclosures also continued to require more rounds of comments to resolve than comments on other topics on our list.

The SEC staff has also been asking registrants about the effects of macroeconomic factors such as inflation, rising interest rates and supply chain issues on their results of operations. Given the persistence of inflation, the expectation that interest rates may remain elevated, and uncertainly in the geopolitical environment, registrants should carefully evaluate how such conditions may affect their business and provide disclosures related to these matters in sufficient detail.

Looking ahead, we expect the SEC staff to continue to focus on the topics discussed above in the upcoming year. The SEC staff may also expand its comments related to pay-vs.-performance disclosures, cybersecurity-related disclosures and other disclosures made in response to recently issued or amended SEC rules.

Audit committees should continue to understand SEC comment letter trends to be better informed and identify disclosure improvements for the management team to consider.

Tax and other policy-related developments

The political dynamics and unpredictability of the current Congress have so far yielded little in terms of tax legislation, but it is still possible that a tax bill could advance in late 2023 if a mustpass legislative vehicle, such as Federal Aviation Administration authorization or the fiscal 2024 National Defense Authorization Act, emerges. Among the items that might be included are modifications of some expired provisions from the Tax Cuts and Jobs Act (TCJA). These include addressing a change to Section 174 that requires five-year or 15-year research and development (R&D) amortization, depending on the location of the activity, rather than expensing; changes to the interest deduction limitation calculations under Section 163(j); and 100% expensing.

So far, however, these priorities have remained mired in a partisan standoff, which makes the path forward unclear. Congressional Democrats wish to expand the Child Tax Credit, while Republicans would aim to partially offset a tax package’s revenue losses by rolling back clean energy tax provisions from last year’s Inflation Reduction Act (IRA). Some members of both political parties in high-tax states would also like to enact some form of relief from the TCJA’s $10,000 cap on deductions for state and local taxes (SALT).

Insights from administrative guidance

While tax legislation has been slow to move, the Treasury Department and IRS continue to issue administrative guidance on a range of issues that may affect companies’ tax positions. Topics of recent guidance have included the IRA’s corporate alternative minimum tax (CAMT), the 1% excise tax on certain corporate stock repurchases, and different aspects of clean energy incentives included in the IRA legislation.

Additionally, in a July 2023 notice (Notice 2023-55), the U.S. Treasury Department announced temporary relief for taxpayers seeking foreign tax credits (FTCs). For tax years ending on or before 31 December 2023, the notice generally allows taxpayers to claim certain FTCs that otherwise may not have been available. Further relief, and additional changes to the FTC regulations, might be considered in the future. Companies should evaluate the notice’s impact on their tax returns, financial statements and FTC profile.

The IRS also issued highly anticipated proposed digital asset rules (REG-1122793-19) that would define key terms and introduce new standards that would apply uniquely to digital assets. The package adopts many of the long-standing concepts and terms that apply to sales of securities, including the reporting of a customer’s tax basis and gross proceeds from a sale. More regulatory guidance on a variety of topics is expected from Treasury and the IRS before year-end. Audit committees should ask how management is tracking relevant tax guidance and determining the potential impact on their organization’s reporting and compliance obligations, supply chains and effective tax rate (ETR). Depending on the topic, such guidance can affect future decisions and provide opportunities for engagement with tax policymakers.

State outlook

State tax policy often flows from federal tax policy changes and their impact on state fiscal conditions. Having reported record revenues over the last few years, many states experienced a decline in tax revenue collections this year.

Current revenue declines — in combination with inflation, the ending of pandemic-related federal aid, and migration of businesses and individuals — could lead to future business tax increases in some states. Businesses in states with stronger fiscal conditions may consider tax rate reductions and other business tax relief in the coming year.

Global tax — unprecedented cross-border cooperation

Globally, it is a time of fundamental tax change and cross-border coordination that may have profound implications for multinational entities (MNEs) and their global tax obligations. In October 2021, agreement was reached on new global minimum tax rules that establish a minimum tax rate of 15% and give priority of rights to impose a “top-up tax” to the local country, the headquarters country or other countries where an MNE group has taxable presence. Known as Pillar 2 of the OECD/G20 project on addressing the tax challenges arising from the digitalization of the economy (commonly referred to as the BEPS 2.0 project), it applies to companies with global revenue of at least €750m (roughly $825m) and is being implemented through changes to country tax laws.

Regulatory developments

Market participants should continue to expect regulatory changes in 2024 as the SEC works through its rulemaking agenda. As has been widely observed, the SEC under Chair Gary Gensler has issued more rule proposals at this stage of his tenure than it had under most other recent SEC chairs at the same point in their tenure. The SEC is now in the process of finalizing some rules as well as planning new proposals. Chair Gensler also remains focused on a vigorous enforcement program. The Public Company Accounting Oversight Board (PCAOB) also has a number of standard setting initiatives planned for 2024. Outside the U.S., regulators are likely to continue to be similarly active, as, for that matter, are certain state authorities. Audit committees and SEC registrants and other companies should keep abreast of these areas to be able to meet regulatory expectations.

SEC’s regulatory agenda

In 2023, the SEC issued a number of final rules that impact public companies. These include final rules on cybersecurity risk management, strategy, governance and incident governance; share repurchase disclosure modernization; and recovery of erroneously awarded compensation (clawbacks). Still pending is action on climate-related and several other ESG disclosure matters (e.g., board diversity, human capital) as reflected on the SEC’s rulemaking agenda, which is updated semiannually.

Climate-related disclosures: One of the major areas of expected activity in 2024 relates to climate-related disclosures. The SEC continues to consider the public’s feedback on its proposal to enhance and standardize disclosures that public companies make about climate-related risks, their climate-related targets and goals, their greenhouse gas (GHG) emissions, and how the board of directors and management oversee climate-related risks. The proposal would also require registrants to quantify the effects of certain climate-related events and transition activities in their audited financial statements. There is no clear indication of when a final rule may be issued, although Chair Gensler has indicated that it remains high on the SEC’s agenda.

In the meantime, US companies should also consider whether they will fall within the scope of climate disclosure requirements that have been finalized by California and the European Union (EU) and that will begin to take effect in the next several years. The EU Corporate Sustainability Reporting Directive (CSRD) includes a mandate to disclose sustainability information that applies to a wide range of entities operating in the EU, including subsidiaries of non-EU entities and non-EU subsidiaries of EU holding companies.

SEC enforcement and auditor independence

The SEC Division of Enforcement also continues to be active. SEC Chair Gensler has discussed five themes that capture his priorities for the enforcement program, including holding individuals and entities accountable for securities law violations as well as prioritizing high-impact cases. This approach has meant that the SEC regularly imposes high fines and mandates corrective actions via its enforcement actions. Gensler also has focused on accountability for gatekeepers, including lawyers, auditors, underwriters and others, on whom he says trust in the markets depends. Division of Enforcement Director Gurbir Grewal also has highlighted the SEC’s expectations for compliance personnel, including that they will create a culture of proactive compliance.

Role of the audit committee in overseeing audits

Both the SEC and the PCAOB have highlighted the important role of the audit committee in overseeing the audit and financial reporting. SEC Chief Accountant Paul Munter has urged audit committees to have an investor-focused mindset and to remind auditors to do the same. The PCAOB conducts ongoing outreach to audit committees and provides various resources to assist in their auditor oversight. These include a publication highlighting questions that audit committees may want to ask their auditors, including about potential risks due to the economic environment that could impact financial reporting and the audit.

PCAOB standard setting

The PCAOB significantly expanded its standard setting agenda in 2023 and is expected to continue advancing on it through 2024. The PCAOB currently plans to propose or finalize 10 standards and rules in 2024. Audit committees, external auditors and SEC registrants should keep abreast of related developments and the impact they can have on the execution of audits and overall audit quality.

Questions for the audit committee to consider

• How strong are the organization’s capabilities to be highly informed about the internal and external environment, and risks, events and opportunities that may influence or compromise enterprise resilience?
• How effective is the board’s oversight of emerging risks and other evolving external risks such as geopolitical developments, uncertain economic conditions and climate risk? Does it have the information, expertise and professional skepticism it needs to challenge management in these areas?
• Has the board participated with management in one of its cyber breach simulations in the last year? How rigorous was the testing?
• Has management considered which financial reporting items and disclosures may pose heightened restatement risk, such as through the company’s regular risk assessment activities?
• Is management confident in the effectiveness of its whistle-blowing process and that known or suspected issues in financial reporting would be appropriately reported and addressed? How does management evaluate the effectiveness of its whistle-blowing process?
• Has there been an assessment of whether the organization might be in scope of Pillar 2, and if so, have constituent entities been identified in countries that have enacted, or will enact, the Pillar 2 rules by year-end? Is there a plan in place for determining what may be owed under the new rules in relevant countries?
• Has the organization begun making the necessary changes to its data and systems that will be needed to do the Pillar 2 computations required to establish its estimated annual effective tax rate for its fiscal year ending in 2024 and its other provision, compliance and reporting obligations?
• What process does the committee have in place for assessing the impact of regulatory updates and is the committee sufficiently engaged in dialogue providing views and input as needed on the related impacts?
• Does the company have sufficient controls and procedures over nonfinancial data? Is internal audit providing any type of audit coverage on ESG-related data or is the company obtaining any external assurance?

Read our quarterly reports from 2023