This report will assist audit committees to proactively address developments in risk management, financial reporting, tax and the regulatory landscape.
1. Risk management
Rampant inflation fears, geopolitical tensions and the shadow of the COVID-19 pandemic are the critical threats occupying the minds of CEOs, boards and audit committees. A recent EY CEO survey indicates that, despite the multiple headwinds, many CEOs remain focused on building long-term optionality, resilience and value. Leading companies are holding firm on transformational investment plans — or formulating new strategies to navigate the new complexity. This includes reframing the company’s strategy; reimagining its portfolio, global operations and footprint; and reinventing its ecosystems.
Against this backdrop, boards and audit committees are revisiting risk management practices to make sure that risks are managed effectively across the organization, and building more resiliency and overall preparedness to respond and manage these headwinds going into 2023.
Key risk areas of focus for 2023 include:
Unconstrained inflation, ongoing pandemic effects, and geopolitical uncertainty
- Cybersecurity
- Talent strategies and workforce issues
- Evolving risk management programs to incorporate technology-enabled risk management
- Transforming internal audit
- Enhancing integrity and sharpening the focus on fraud and overall compliance
2. Financial reporting
Companies are continuing to re-evaluate their disclosures as stakeholders seek to understand the impact of various external developments on the business. This includes the continued global economic uncertainty; climate and other ESG factors; and evolving geopolitical developments. We highlight some of these and other key financial reporting developments and trends to assist audit committees in overseeing audit quality and encouraging an environment and a culture that supports the integrity of the financial reporting process.
Organizations continue to be affected by macroeconomic factors, such as inflation, rising interest rates, supply chain disruptions and stock market volatility, as well as the war in Ukraine and its ripple effects. We anticipate that audit committees will continue to evaluate these evolving impacts and changes in the business environment on their financial reporting processes.
Companies should continue to update their disclosures and consider the financial statement effects of the current market conditions (e.g., inflation, pandemic) and their expectations for the future. It will be important for audit committees not only to understand management’s view of future economic conditions, but also validate that the organization provides transparent disclosures regarding these views.
Read more about trade volatility, the global tax landscape and more by downloading the full report.
3. Tax and other policy-related developments
Opportunities for potential year-end tax legislation, inflationary pressures, a slowing economy and partisan politics provide the backdrop to this year’s tax policy outlook. With guidance anticipated from the U.S. Treasury Department on several tax issues and open questions about future US and global tax policy, boards and audit committees must oversee their organizations’ responses to tax changes in real time. They need to closely monitor the tax environment to recognize both potential challenges and opportunities and to remain agile in the face of uncertainty.
Supply chain resiliency is a growing focus of US trade policy, in the wake of pandemic supply chain challenges and global economic uncertainty. The increasing levels of government intervention in strategic supply chains, including semiconductors (as with the CHIPS and Science Act) or EVs (as with the IRA) have solidified the shift from more open globalized trade to greater promotion of domestic producers and fragmented markets for multinationals, which will have tax impacts.
Additionally, tensions continue to escalate across a range of fronts with China, including continued Section 301 tariffs on Chinese imports, increased restrictions on exports of sensitive semiconductor chips, and rising foreign policy and security tensions.
Given the current uncertain geopolitical environment, companies and their boards should monitor political risks and watch for shifts in leadership and elections in key countries, foreign policy actions, tariff changes and regional trade agreements.
Read more about trade volatility, the global tax landscape and more by downloading the full report.
4. Regulatory developments
SEC Chairman Gary Gensler continues to include as priorities a focus on company disclosures and investor protection. Given his priorities and the changing regulatory landscape, audit committees and SEC registrants should keep abreast of the evolving SEC agenda and the impact that such changes have on the organization.
Chairman Gensler has put forward an ambitious regulatory agenda, including potential changes to rules governing disclosures about climate-related and other ESG matters (e.g., board diversity, human capital), cybersecurity risk governance and other corporate governance matters (e.g., proxy rules, pay vs. performance). More information is available on its rulemaking agenda, which the SEC updates semiannually.
Perhaps the highest profile SEC rulemaking relates to climate disclosure. The SEC is currently considering the public’s feedback on its proposal to enhance and standardize disclosures that public companies make about climate-related risks, their climate-related targets and goals, their greenhouse gas (GHG) emissions and how the board of directors and management oversee climate-related risks. The proposal would also require registrants to quantify the effects of certain climate-related events and transition activities in their audited financial statements. The SEC received thousands of comment letters on the proposal and now must decide whether and how to amend the proposal before voting on a final rule. A final rule is expected in 2023.
The SEC also is considering feedback on proposed new rules to enhance and standardize disclosures registrants make about their cybersecurity risk management, strategy and governance. The SEC proposal also would require registrants to disclose information about material cybersecurity incidents on Form 8-K within four business days of determining that the incident is material. The SEC plans to issue a final rule by April 2023.
Audit committees should consider how their companies should be preparing for potential regulatory changes, which could impact reporting requirements, disclosures, and policies and procedures.
Read more about regulatory developments to watch in 2023 by downloading the full report.
Questions for the audit committee to consider
Select questions are included here; for the complete set of questions audit committees should consider, download the full report here.
- Do scenario analyses consider an appropriate range of extreme and even improbable scenarios, including existential threats? Do they incorporate the potential compounding effects of various risks? Are the assumptions that underpin the organization’s strategic plans still valid?
- Did the organization’s stress testing account for ongoing inflation, Federal Reserve rate hikes, geopolitical tensions, labor shortages, technology changes, shifts in consumer preferences or climate change? Has the organization conducted financial risk modeling analyses to evaluate routine (low-impact, high-likelihood) scenarios vs. black swan (high-impact, low likelihood) events?
- Has management assessed whether the company’s current disclosures on climate related matters consider the SEC’s 2010 guidance on the same topic?
- Have there been any material changes to internal controls over financial reporting or disclosure controls and procedures to address the changing operating environment? Have any cost-saving initiatives and related efforts impacted resources or processes that are key in internal controls over financial reporting? If so, has management identified mitigating controls to address any potential gaps?
- Has the organization analyzed the impacts on the company of federal tax legislation enacted in 2022? Has the company performed modeling and scenario planning reflecting potential tax policy changes and trade developments?
- Does the company have sufficient controls and procedures over nonfinancial data? Is internal audit providing any type of audit coverage on ESG-related data or is the company obtaining any external assurance?
- If ESG-related matters are being discussed in more than one place (e.g., SEC filings, earnings releases, analyst communications, annual report and shareholder letter, sustainability report), is there consistency in the disclosures? Has the company evaluated controls related to such disclosures?