Audit committees constantly face new challenges. Technology continues to advance rapidly and the rules continue to change. Audit committee responsibilities have changed over the years, as outlined in the CAQ and Deloitte Annual Audit Committee Practice Report. Over the past few years, the report highlights that priorities such as cybersecurity, enterprise risk management (ERM), finance and internal audit talent have consistently risen to the top of audit committee agendas, even as other areas such as compliance and AI governance have evolved over the years.
This changing landscape highlights why audit committees must prioritize the development and implementation of robust action plans. Leverage the resources of EY’s Center for Board Matters, Audit committee priorities for 2026: Addressing complexity and change; PwC's Governance Insights Center; A guide to year-end reporting developments for the 2025 year-end financial reporting season.of BDO's Center for Corporate Governance. Audit committee priorities for 2026Here are 10 priorities to help set the tone for your audit committee. It also creates a framework for healthy oversight, smart decision-making, and strong stakeholder trust to help organizations stay prepared for what comes next.
1. Map risks to scenarios
Treat this like a “what if” plan. List major risks such as market fluctuations, trade changes, cyber risks, and AI shocks. Perform scenario analysis for each. Consider what would happen if a critical supplier went out of business, a major cyber event occurred, or new regulations disrupted your business model. Agree on triggers, decision rights, and escalation paths.
2. Update cyber incident response and AI governance
Cyber and AI risks are no longer just for IT. Threats reach every sector, and boards are increasingly held accountable. Keep your plan current and maintain strong control by conducting periodic tabletop exercises to test the speed and effectiveness of your escalation procedures. Track clear metrics, such as how long it takes your team to find and contain an issue, system recovery time, and incident disclosure protocols.
3. Note the main themes of SEC comment letters
Always pay attention to what the SEC warns you about in its filings. Common themes include the use of non-GAAP, MD&A clarity, segment reporting, and revenue recognition. Ask if management plans to address these points, and keep your notes clear and plain so external reviewers and regulators can follow your logic. Regularly reviewing recent SEC comment letters can further help prevent surprises.
4. Be aware of key internal control issues in ICFR management adverse assessment
Strong controls help deter errors and fraud. We will focus on areas where organizations are most likely to fall short when it comes to ICFR (internal control over financial reporting). These include treasurer resources, segregation of duties, information technology, inadequate disclosure controls, and irregular transactions. Spending more time here will save you time in real time later by preventing restatements and regulatory fines and strengthening your culture of compliance.
5. Assessing the impact of Pillar 2/global minimum tax
The world's tax rules continue to change, and Pillar 2 is an important part of that. The new global minimum tax regime introduces complex calculation and disclosure requirements across jurisdictions. See if your team can handle new math, note-taking, and administrative needs, including effective data collection and reporting on a consolidated basis. It helps to prepare early and not panic when rules change and deadlines approach. Consider cross-functional alignment with tax, finance, and IT to manage compliance and identify areas to improve processes.
6. Challenges to Impairment and Going Concern Judgments
Tight interest rates and funding can make such requests difficult, especially if economic volatility spikes. Advancing key requirements related to asset write-downs and going concern assessments, asking whether assumptions can withstand stress testing and scenario analysis. Review refinance plans and covenant sensitivities. It is important to review these decisions regularly throughout the year, as circumstances can change rapidly.
7. Refresh Fraud Risk Assessment and Investigation Protocol
Because fraud risks change rapidly, bad actors often continue to learn new tricks, exploit new technologies, or exploit missteps during organizational changes. Update your fraud risk view, test that your hotline is working, and ensure that your channels are accessible and confidential. Use data testing, analysis, and trend monitoring to identify red flags such as unusual transactions or rapid employee turnover. Review the use of data analytics by auditors and how audit committees gain insights.
8. Clarifying AI in audit and finance functions
AI is now being implemented in many financial and auditing tasks, from invoice processing to forecasting. Understand where external auditors are using technology and AI. Ask where it is used and why. What problem does it solve? And what are the human fallbacks? Think about what it can and cannot do, and what controls are around it to prevent errors and misuse. Review policies for model validation, output monitoring, and data privacy.
9. Tighten cyber reporting to the board
Cyber events are currently being discussed at board level as they can have far-reaching business implications and attract regulatory attention. Define what makes an event “important” and coordinate how it will be communicated internally and externally. Build dashboards that are clear and tied to your company's strength goals, showing incident trends, threat types, and comparative benchmarks. Clear reporting provides strong views and sound action, ensuring the board is not caught by surprise and can respond with authority.
10. Revisit AC Charter, Skills, and Education Plan
The world is changing and audit committees need to check their suitability. Review your charter to ensure it covers technology fluency (AI, data governance), deal oversight (M&A resurgence), and disclosure expertise. Small steps here can have an immediate impact and ensure that committees have the expertise to oversee the changing risk landscape.
For additional resources for audit committee members, visit the Center for Audit Quality's Audit Committee Resource Center.
