Audit committee responsibilities continue to grow as organizations grapple with new and ongoing challenges in an increasingly complex regulatory environment.
These increased responsibilities are the focus for 2025 Audit committee implementation report , A collaboration between the Center for Audit Quality (CAQ) and Deloitte's Center for Board Effectiveness, we highlight the latest trends, priorities, challenges, and practices for promoting audit committee effectiveness based on our findings. Below are the key takeaways from this year's report.
What are the top priorities for the audit committee?
The demographics of survey respondents are consistent from year to year: Of the 237 participants, 89% are directors on U.S. boards, 86% are directors of publicly traded companies, and 72% are directors of companies with a market capitalization of more than $2 billion. Additionally, 27% serve on the board of directors of a financial services company.
The study found that beyond financial statement oversight and internal control over financial reporting, the three areas of highest priority for audit committee chairs and members remain consistent with last year's report: cybersecurity, enterprise risk management (ERM), and finance and internal audit talent.
Focus on cyber security
93% of survey respondents listed cybersecurity as one of their top three priorities, and 50% of respondents listed it as their No. 1 priority for audit committees over the next year. Additionally, 71% of respondents reported that cybersecurity is on the agenda of their quarterly committee meetings.
These findings are consistent with insights from CAQ and Ideagen Audit Analytics. Audit Committee Transparency Barometer 2024. According to the Barometer report, 64% of S&P 500 companies say their audit committees have oversight responsibility for cybersecurity risks, up from 59% a year ago. Additionally, these findings also reflect the regulatory landscape, as the U.S. Securities and Exchange Commission's Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure Rules are in place. CAQ 2024 Audit Partner Pulse Survey We found that 47% of audit partners expect primary industry companies to voluntarily increase or strengthen their cybersecurity disclosures over the next 12 months.
Given that cybersecurity is a top priority for audit committees, it is important that they have the right skill set to provide effective oversight. Therefore, almost a third (31%) in 2025 Audit committee implementation report Respondents pointed to cybersecurity expertise as the skill most likely to increase audit committee effectiveness. Half of respondents (50%) ranked cybersecurity expertise among the top three skills most likely to increase audit committee effectiveness. Interestingly, fewer respondents from financial services companies ranked cybersecurity among their top three skills (44%). This indicates that these companies may have made efforts to add this skill to their boards in recent years.
Given the prevalence of cybersecurity threats, it is important for the board or audit committee to engage regularly with the chief information security officer (CISO) or equivalent leader. As with many executive engagements, the audit committee chair needs to develop a strong relationship with the CISO beyond the committee meeting.
Why is ERM important?
ERM is also a top priority for audit committees. This is consistent with the previous year, 2024 Audit committee implementation report Effective ERM has proven to be essential to achieving organizational goals, protecting the company's reputation and stakeholder relationships, and ensuring long-term success.
According to 2025 Audit committee implementation reportFifty-two percent of survey respondents indicated that the audit committee is responsible for ERM oversight, 28 percent cited the board as a whole, and 19 percent cited the risk committee as responsible for this oversight. Interestingly, financial services companies were less likely to assign the primary role of overseeing ERM to the audit committee (21%) compared to companies in other industries (63%). Instead, 48% of financial services companies delegate this responsibility to a specialized risk committee, and only 8% of non-financial services companies utilize a risk committee to oversee ERM.
When asked to rank the skills needed to increase audit committee effectiveness over the next 12 months, 8% of respondents listed ERM as their top skill, and 27% included it in their top three skills. Almost half of all respondents reported that ERM is on the agenda of their audit committee's quarterly meetings.
As board and committee members continue to prioritize ERM, it is important to stay aware of emerging risks and ask management how risks are being considered in the ERM program. If they have not already done so, boards should ask management for tools to help assess risk.
Our experience has shown that there are benefits to using directors from different backgrounds. In this case, the diverse perspectives of directors enhance risk identification, enabling the board to fulfill its oversight responsibilities and support management.
The importance of finance and internal audit talent
Towards 2025 Audit committee implementation reporthuman resources expertise trumps other top priorities like compliance and financial transformation, rounding out the top three skills to increase committee effectiveness.
Impressively, 92% of respondents said finance and internal audit talent are the audit committee's primary responsibility. This topic is on the audit committee agenda quarterly for 38 percent of respondents, biannually for 18 percent of respondents, annually for 23 percent of respondents, and on an as-needed basis for 21 percent of respondents.
According to the survey, 89% of respondents agreed that internal audit has a high level of understanding of business operations, and 82% agreed that there is an opportunity to derive more value from internal audit.
“As the chair of the audit committee, develop a strong relationship with the chief financial officer and chief audit executive. Especially if they are new to the role, act as a mentor and ally and demonstrate your commitment to their success. Establishing trust and open communication during periods of time builds an invaluable foundation when challenges arise. Additionally, meaningful mentoring relationships not only increase effectiveness, but are also personally rewarding. said Sandra Helton, Chair of the Audit Committee.
To achieve this objective, audit committees must continue to build strong relationships with both finance and internal audit leaders, in addition to focusing on succession planning for key team members. It is also important to consider the appropriateness of resource allocation to finance and internal audit functions so that appropriate investments can be made in long-term system and process improvements to support the company.
Audit committee practices and effectiveness: Key insights.
It is equally important for audit committees to benchmark against best practices to measure their effectiveness. This year, respondents were asked to measure the effectiveness of their audit committees during meetings, and only 31% of respondents were satisfied with their performance, compared to 35% in last year's survey, according to the 2025 survey. Audit committee implementation report.
When asked how audit committees can improve their effectiveness, the top three responses were:
- Improve the quality of presentations during meetings.
- Increase discussion during meetings.
- Improve the quality of pre-read materials.
These three opportunities are interrelated, as a key point we often hear is the desire to avoid long presentations. For audit committees, we recommend creating an effective outline for your presentation with details in the appendix. This allows additional time for questions and discussion, rather than presentations taking up the bulk of the meeting.
The role of the independent auditor
2025 Audit committee implementation report It has been found that the most important considerations when assessing the quality of a company's independent auditors are:
- have previously worked with auditors (53%);
- Audit firm’s overall reputation (53%) and
- Audit quality indicators (53%).
Audit committees seeking to strengthen the effectiveness and oversight of independent auditors need to understand from their audit engagement partners the planned risk-based audit approach, whether there is adequate engagement staffing and continuity, and whether audit milestones are being achieved as planned. Additionally, audit committees should tell their own story in their mandate regarding independent auditor oversight.
Explore fully 2025 Audit Committee Practice Report Learn more about the latest trends, priorities, and practices impacting audit committee members.
This article was first published NACD Directorship® online.
