What Are Audit Committees Up To?
Quite a lot, if audit committees in Central and Eastern Europe (CEE) are anything to go by. They are making a practical difference, ensuring reliable and informative corporate reporting. But they face significant challenges ahead as they respond to evolving regulatory frameworks, changing business needs, and rapid technological developments as well as flux in the broader geo-economic environment.
At the Institute of Chartered Accountants of England and Wales (ICAEW) and Deloitte, we know that efficient and effective capital markets require confidence in the corporate framework. Audit committees are at the heart of this. It is no surprise, therefore, that their role has grown significantly, perhaps nowhere more so than in CEE where audit committees have, in many cases, been established and strengthened as a consequence of EU membership.
We wanted to know how they are doing. So we engaged in a series of conversations with audit committee members in Bulgaria, Czech Republic, Hungary, Lithuania, Poland, Romania, and Slovenia—individuals sitting on audit committees in different types of corporate entities, active in different sectors. Our joint report, Making a Difference: Audit Committees in Central and Eastern Europe, explores how they are making a practical difference—in ways that might not always be obvious to outsiders—while trying to investigate what is in their in-tray. Our findings, while drawn from a certain set of countries, resonate broadly.
Fulfilling Core Responsibilities
At the center of interactions between management, boards, and statutory auditors, audit committees play a key role underpinning the integrity and transparency of corporate reporting. This is the case across much of CEE where they are growing into and expanding their role. The best performing ones are adding real value, focusing on matters of substance.
Our report includes concrete examples. Internal audit units have been upgraded with qualified staff now in place. IFRS reporting has been introduced. Financial statement disclosures have been improved. New budgeting systems have been set up. Internal control functions have been enhanced. Broader organizational structures have been changed. Compliance with legislative and regulatory requirements has been monitored.
Looking forward, audit committees remain focused on issues falling within their core remit: financial reporting, internal audit, internal control, risk management, and the statutory audit process. The list is unsurprising, matching soft and hard law requirements. However, it does mask shifts in priority—for instance, as audit committees deal with the introduction of new IFRS standards or consider how to adapt to new rules relating to non-audit services.
Our conversations also highlighted a number of direct and indirect challenges. Audit committees in CEE often seem to pay only limited attention to new and emerging issues. Despite rapid changes in the digital world, issues related to cybersecurity, data protection, artificial intelligence, and data analytics are not on the radar screen of many audit committees. This may reflect the skillset of audit committee members, with few likely to be real IT specialists—although questions of policy and procedure should fall squarely within their remit.
Similarly, only a handful mention the need to respond to broader regulatory matters, be it changes in whistle-blowing arrangements, increasing anti-money laundering requirements, or tax reform debates, to name but a few.
Relatedly, audit committees in CEE are grappling with risk. Responsibilities for risk management are often fluid and not always well defined. Our report suggests that it is not always clear what risks are being considered by the audit committee—specific ones related to the financial process or broader ones related to the corporate entity?
Audit committees cannot work in isolation—their effectiveness also depends on a properly functioning broader corporate environment. Regulators clearly play a key role here: in our conversations, we repeatedly heard appreciation for the catalytic role of the EU in driving change, despite limited demand from investors (reflecting, perhaps, the size of local capital markets). Yet the profile of audit committees in many of the countries we looked at still needs bolstering. Perceptions of audit committees as being nominal bodies established primarily to comply with the law persist. Such views can, indirectly, disempower audit committees, limiting their ability to make decisions and challenge management and the statutory auditor.
Room for Improvement
There is no one-size-fits-all audit committee model. This reflects the diverse nature of the corporate world as well as different corporate governance traditions. But audit committees are also facing a number of common practical issues. Across the region, there is room for improvement when it comes to engagement with shareholders. The level of interaction between audit committees and shareholders differs widely. For many, dialogue could be more frequent and communication more direct. Of course, this should be a two-way street.
Equally, it is clear that the skills needed to be an effective audit committee member are changing. More financial reporting, audit, and risk management expertise is required—as well as industry-specific knowledge. This on top of good soft skills and an independent outlook. Diversity criteria need to be considered. Finding candidates who fit the bill is not straightforward, with demand exceeding supply in many countries. Once on board, they increasingly need more structured support to stay abreast of growing business complexity and technological change.
More attention needs to be paid to evaluating performance. Given the increasing remit of audit committees (and, specifically in the EU, the monitoring requirements now being assumed by oversight bodies), audit committees should be reflecting on how they assess performance—perhaps also using external expertise.