The pandemic has everyone rethinking how they do things, whether it be personal greetings, grocery shopping, organized sports—or, in the case of audit committees, financial oversight. In January, we examined five items that the SEC wanted on audit committees’ agendas. However, audit committees are now preparing for the upcoming reporting period differently, as the health crisis places a new lens (and not a rose-colored one) over all of their areas of responsibility, from risk management to cybersecurity.
The American Institute of Certified Public Accountants (AICPA) just published a COVID-19 checklist for audit committees as they exercise oversight in the weeks and months ahead. (Similar checklists have popped up from EY, PwC and others. Here, we’ll look at the five major audit committee functions identified by the AICPA, detailing specific tasks relevant to each during the pandemic.
- Financial reporting and disclosures
Audit committees should consider what metrics they are using to assess the impact of COVID-19 and how to include them in financial reporting. One big question is whether to resort to non-GAAP measures. Many companies, for instance, have used something called ‘EBITDAC’ (earnings before interest, taxes, depreciation, amortization and coronavirus) in their Q1 earnings numbers. This effort to cast a flattering light on their results is already drawing side-eye from investors and European regulators.
- Technology and cybersecurity
With our increased reliance on technology in the pandemic (heard of this thing called Zoom?), technology and cybersecurity should be concerns of every audit committee. The threat of ransomware attacks and data breaches, heightened during the pandemic, requires audit committees to minimize the chance of them happening, and create procedures to follow if they do.
A search of the Intelligize platform reveals that many issuers have been updating their cybersecurity risk factors, including: McKesson, Intuit and Moderna. Companies like BlackRock, UPS and Visa, meanwhile, are monitoring the effect of COVID-19 on internal controls over financial reporting.
- New legislation
It’s incumbent on any audit committee to assess a company’s response to the CARES Act, including pursuing any government relief. Companies should appropriately factor that into accounting and reporting, which includes an assessment of any income tax impact. Similarly, as issuers participate in government programs like the recently announced Main Street Lending Program, audit committees must consider how that is communicated to shareholders, employees and other stakeholders.
- Risk management
Audit committees must evaluate the coronavirus’ impact on the company’s financial relationships, including debt arrangements. The committee therefore should keep careful watch over the company’s need for liquidity and capital. This includes overseeing the risk of business interruption, particularly in the supply chain. Similarly, the audit committee is responsible for addressing the company’s plans to finance itself in the short and medium term, which we have seen play out recently with the spike in corporate bond issuance.
- Entity operations, including culture
Audit committees must also ensure their companies have adequately planned return-to-work and economic recovery scenarios and have addressed succession planning. Staggered return-to-work policies, essential worker classifications, leadership gaps and potential shifts back to remote work in the face of new infection peaks might cause ethics-related complaints. Audit committees should oversee ethics and whistleblower policies that ensure compliance and deter fraud. This task has become even more essential as the pandemic strains organizational culture.
As corporate boards start to focus on what comes next, audit committees must keep their attention on the here and now of the COVID-19 pandemic. Keeping these five functions top of mind will help.