Home / All Governance Resources / Directorship Magazine / The Evolving Role of Audit Committees in 2025 and Beyond
Directorship Magazine / The Evolving Role of Audit Committees in 2025 and Beyond

Future of the American Board

Blue Ribbon Commission Reports

Online Article

The Evolving Role of Audit Committees in 2025 and Beyond

By Vanessa Teitelbaum

03/12/2025

Cybersecurity Audit Committee Online Article

In an increasingly complex regulatory environment, and as organizations address new and ongoing challenges, the responsibilities of audit committees continue to grow.

These growing responsibilities are the focus of the 2025 Audit Committee Practices Report, a collaboration between the Center for Audit Quality (CAQ) and Deloitte’s Center for Board Effectiveness, which sheds light on the latest trends, priorities, challenges, and practices to promote audit committee effectiveness according to survey results. Below are the main takeaways from this year’s report.

What are the top priorities for audit committees?

The demographics of survey respondents remain consistent year over year: Of the 237 participants, 89 percent were directors on US boards, with 86 percent serving on the boards of public companies and 72 percent serving on the boards of companies with more than $2 billion in market capitalization. Additionally, 27 percent serve on the boards of financial services companies. 

The survey found that—beyond oversight of financial statements and internal control over financial reporting—the three top priority areas for audit committee chairs and members remain consistent with last year’s report: cybersecurity, enterprise risk management (ERM), and finance and internal audit talent.

A Spotlight on Cybersecurity

Ninety-three percent of survey respondents ranked cybersecurity as one of their top three priorities, with 50 percent of respondents ranking it as their number one audit committee priority for the year ahead. Furthermore, 71 percent of respondents reported that cybersecurity is on their committee agenda every quarter.

These findings are consistent with insights from the CAQ and Ideagen Audit Analytics Audit Committee Transparency Barometer 2024. The Barometer report finds that 64 percent of S&P 500 companies indicated their audit committees are responsible for oversight of cybersecurity risk, up from 59 percent the previous year. Furthermore, with the US Securities and Exchange Commission’s Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure Rule in effect, these findings also reflect the regulatory landscape. The CAQ’s 2024 Audit Partner Pulse Survey found that 47 percent of audit partners expected to see companies in their primary industry sector voluntarily increase or enhance cybersecurity disclosures over the next 12 months.

Given that cybersecurity is a top priority for audit committees, it is important for audit committees to have the right skill set for effective oversight. As such, nearly one-third (31%) of 2025 Audit Committee Practices Report respondents pointed to cybersecurity expertise as the top skill most likely to enhance the audit committee’s effectiveness. Half of respondents (50%) ranked cybersecurity expertise among the top three skills most likely to enhance the audit committee's effectiveness. Interestingly, not as many respondents from financial services companies (44%) ranked cybersecurity in their top three skills, indicating that these companies may have made an effort to add this skill to their boards in recent years. 

Given the prevalence of cybersecurity threats, it is critical that the board or audit committee regularly engage with the chief information security officer (CISO) or equivalent leader. Similar to engaging with many C-suite executives, the audit committee chair should have a strong relationship with the CISO beyond committee meetings.

Why is ERM important?

ERM is also a top priority for audit committees. This is consistent with the prior year’s 2024 Audit Committee Practices Report results as having effective ERM is crucial for achieving organizational objectives, safeguarding the company’s reputation and stakeholder relationships, and ensuring long-term success.

According to the 2025 Audit Committee Practices Report, 52 percent of survey respondents noted that the audit committee is responsible for the oversight of ERM, while 28 percent cited the full board and 19 percent cited the risk committee as responsible for this oversight. Interestingly, financial services companies were less likely to assign audit committees the primary role of overseeing ERM (21%) when compared to companies in other industries (63%). Instead, 48 percent of financial services respondents delegate this responsibility to a dedicated risk committee, with only 8 percent of nonfinancial services companies using a risk committee for oversight of ERM.

Eight percent of respondents identified ERM as the top skill, and 27 percent included it in their top three skills, when asked to rank the skills needed to enhance audit committee effectiveness over the next 12 months. Nearly half of all respondents reported that ERM is on the audit committee’s quarterly meeting agenda.

As boards and committee members continue to prioritize ERM, it is important to remain aware of emerging risks and ask management about how they are being considered in the ERM program. If they have not done so already, boards should request tools from management to help them assess risk. 

From our experience, we know there are benefits to having directors with different backgrounds. In this case, the varied perspectives of directors can enhance the identification of risk and enable the board to perform its oversight responsibilities and support management.

The Importance of Finance and Internal Audit Talent

In the 2025 Audit Committee Practices Report, talent expertise nudged out other top priorities, such as compliance and finance transformation, to round out the top three skills to enhance committee effectiveness. 

Impressively, 92 percent of respondents indicated that finance and internal audit talent is the primary responsibility of the audit committee. This topic is on the audit committee agenda quarterly for 38 percent of respondents, semiannually for 18 percent of respondents, annually for 23 percent of respondents, and as needed for 21 percent of respondents.

According to the survey, 89 percent of respondents agreed that internal audit has a high level of understanding of business operations and 82 percent agreed that there is an opportunity to extract more value from internal audit.

“As audit committee chair, build a strong relationship with your [chief financial officer] and chief audit executive, particularly if they are new to their roles. Serve as a mentor and ally, demonstrating your commitment to their success. Establishing trust and open communication during stable times creates a foundation that will prove invaluable when there are challenges. Moreover, meaningful mentoring relationships not only boost effectiveness but are personally rewarding as well.”
Sandra Helton, audit committee chair, OptiNose

To this end, audit committees should continue to cultivate strong relationships with both the finance and internal audit leaders, in addition to focusing on succession planning for key team members. It is also important to consider the appropriateness of resource allocation to finance and internal audit functions so that appropriate investments can be made in long-term system and process improvements to support the company. 

Audit Committee Practices and Effectiveness: Key Insights

It is equally important for audit committees to benchmark against best practices to measure their effectiveness. This year, respondents were asked to measure audit committee effectiveness during meetings and only 31 percent of respondents were satisfied with their performance, compared to 35 percent in last year’s survey, according to the 2025 Audit Committee Practices Report

When asked how audit committees can improve their effectiveness, the top three responses were:

  • Improve the quality of presentations during meetings.
  • Increase discussion during meetings.
  • Improve the quality of pre-read materials.

These three opportunities are interconnected as the key point we often hear about is a desire to avoid lengthy presentations. For audit committees, we recommend creating effective executive summaries of presentations with details in appendices. This allows for additional time for questions and discussion, rather than presentations taking up most of the meeting.

The Role of the Independent Auditor

The 2025 Audit Committee Practices Report reveals that the most important considerations when assessing the quality of a company’s independent auditor include:

  • previous experience working with the auditor (53%),
  • the audit firm’s overall reputation (53%), and
  • audit quality indicators (53%).

Audit committees looking to enhance the effectiveness and oversight of their independent auditors should understand from their audit engagement partners the planned risk-based audit approach, if there is adequate engagement staffing and continuity, and if audit milestones are being achieved as planned. Furthermore, audit committees should tell their stories in their proxy statements regarding their oversight of the independent auditor.

The views expressed in this article are the author's own and do not represent the perspective of NACD.

CAQ is a NACD partner, providing directors with critical and timely information, and perspectives. CAQ is a financial supporter of the NACD.

Vanessa Teitelbaum, CPA, is senior director on the Professional Practice team at the Center for Audit Quality. She joined the CAQ in 2016 and advocates for stakeholders in the audits of public companies.