Chairing an Audit committee is a huge responsibility in normal times. But now, at a time of absolute uncertainty about the future of one’s company—let alone the economy – it’s a titanic challenge. On May 18, Egon Zehnder virtually convened 15 Audit Committee Chairs to get a sense of how they have worked with the board and their management team during the COVID-19 crisis, what they deem most important going forward, and how the audit process may change forever.
Earnings Guidance Suspended
Almost everyone on our call said that they have suspended giving earnings guidance to the Street—because the current situation has shown that normal forecasting tools were not set up for a simultaneous global pandemic. Indeed, the National Association of Corporate Directors has reported that over 200 companies so far have stopped providing guidance. “Our numbers are all over the board,” said the audit committee chair of an industrial company. So far, there has been virtually no pushback from analysts and others, which has caused many audit chairs to breathe a sigh of relief for now.
Many directors said they are emphasizing other numbers instead to show at least some directional information about business performance. “We kept metrics that were common,” said the audit chair of a large retailer. “We are not introducing new ones, so even if they wanted to see this regularly, it wouldn’t be anything new.”
Eventually, however, investors will expect a return to regular guidance, which means, the audit chairs say, that forecasting will have to get better. One director also expressed concern that in the meantime, analysts, who must still make projections, may make mistakes without guidance. “Analysts are used to being spoon-fed,” he said, “but they still have to run models. It becomes very difficult. The volatility will cause a lot of problems going forward,” he said.
Can Remote Audits Work?
In an environment in which most people are working from home—particularly white-collar workers in the finance function—it has become clear that remote audits, once dismissed as insufficient, are happening right now. “What companies have achieved in the past months would have previously been thought impossible,” said one. Attendees expressed surprise at just how effective these audits have been—leading some to speculate that regulations may need to change to allow them going forward. “Most of the Big Four have invested heavily in tech to allow for remote auditing, analyzing data, and reconciliation,” one director said. “I’ve been impressed how well it has worked.”
At the same time, there was skepticism as to whether remote audits should be relied upon beyond this emergency period, with some executives concerned that an auditor may miss a lot of potential red flags without the in-person element. Said one audit chair: “I do worry with auditors working remotely about professional skepticism and reading body language and walking the halls. If you convert that to a purely virtual environment, the degree of skepticism that needs to exist in governance has to go up several clicks.”
There is also some concern that the fatigue and stress of working under the current circumstances will lead to burnout or, perhaps, to mistakes. “It will be important as an Audit Chair to stay on top of the due diligence,” says one, “to ensure that attention and controls are maintained. I think it will get harder and not easier, especially if there is a resurgence [of the virus] in Fall or Winter.”
Changing Definition of Risk
Risk, as defined by Audit Committee chairs, has typically been about financial and business risk. Will a company make its numbers? Does it have sufficient liquidity? Are its financial controls sufficient? Yet the long tail of the pandemic has made directors consider that other types of risk—from the health of their employees while in the office to burnout from the emotional and physical strains faced by many to the cybersecurity risks that come from a work-from-home technology network. Said the audit committee chair of one large real estate firm: The board is “also rethinking the business-as-usual approach to risk, vs. what needs to happen in the future or be prioritized.”
Cyber merited a specific mention from a few executives. “We are spending more time on risk management, things like virtual closes and scenario planning, but even more time on cybersecurity,” said one. “It’s about understanding the vulnerabilities of a large volume of virtual work for an extended period of time.” Another executive shared a terrifying statistic: At his company, attempted incursions had gone from 3000 per day in 2019 to 260,000 per day during the crisis. It’s clear that a new type of risk process will be necessary.
Should boards be more or less involved with management teams during this stressful time? Committee chairs differed in their response to this. Most said that they had increased the frequency of meetings in the early stages as the emergency unfolded. Others said that they had realized over time that the best thing to do was to remain available as an advisor, but to try not to inject themselves into day-to-day operations for fear of making decisions even more complex. “We need to be careful to not get in the way of execution,” said the audit chair of a global retailer. “The CEO is sending bi-weekly communications and metrics on how things are going, but we want to step back to let management operate.” Said another: “Relationships matter. You need to nurture them through the good times so that they are there when things get bad. I don’t need to monitor the CEO because we have a trusted relationship and I know he will keep me informed.”
All executives agreed just how important it was to make sure, as the reopening begins, to focus on the longer-term implications of this crisis. One summed it up perfectly: “Don’t let the urgent crowd out the important.”