Jessica Donohue

Senior Specialist

The audit committee: What it is and its role

Boards rely on audit committees to provide independent oversight of financial reporting, internal controls, and risk management. As one of the cornerstones of effective corporate governance, audit committees protect investor interests while ensuring regulatory compliance across complex business environments.

Modern audit committees face responsibilities that extend far beyond traditional financial oversight. NACD reported that 64% of S&P 500 companies assign cybersecurity oversight to their audit committees. These governance bodies must navigate IT security, AI governance, ESG reporting, and operational risk management alongside established auditing duties.

The committee operates independently from management, with certified public accountants reporting directly to the committee rather than company executives. This structure ensures objective oversight of external auditor selection, compensation, and performance while maintaining the integrity of financial reporting processes.

In this guide, we'll cover the following:

• What is an audit committee?
• Who should be a member of the audit committee
• 12 responsibilities of the audit committee
• How chief audit executives can support today's audit committees
• How Diligent transforms audit committee effectiveness

What is the audit committee?

The audit committee is responsible for helping independent auditors oversee the corporation's financial reporting system in a process independent of management. This foundational role has expanded to address contemporary governance challenges. They achieve financial and operational oversight through:

• Providing vital oversight of the corporation's financial reporting processes, internal controls, and independent auditors
• Serving as a check and balance over the company's financial reporting practices
• Granting a forum for discussing financial concerns candidly and objectively
• Managing cybersecurity risk oversight — now assigned to 64% of S&P 500 audit committees
• Overseeing artificial intelligence governance

Boards appoint audit committees composed of between three and seven board directors who aren't part of the corporation's management.

Who should be a member of the audit committee?

Modern audit committee composition emphasizes competency-based selection alongside enhanced independence requirements. Audit committees should have at least one individual on the committee who is considered a financial expert.

This focus on talent and expertise reflects broader governance trends. According to the NACD Audit Committee Practices Report, 92% of survey respondents indicated finance and internal audit talent as the primary responsibility of the audit committee. The same research shows that 89% of committees agree that internal audits have a high level of understanding of business operations, highlighting the importance of leveraging this expertise for effective oversight.

The audit committee chair should be a certified public accountant (CPA) or otherwise considered a financial expert; however, it’s not necessary for all members of the committee to be financial professionals. For companies operating under the Sarbanes-Oxley Act, the Act requires corporations to appoint only independent members to the audit committee. The Act also requires companies to disclose whether they have appointed at least one financial expert to the audit committee.

Enhanced independence requirements for 2025

Enhanced independence requirements reflect evolving governance expectations. Institutional Shareholder Services (ISS) has implemented policy clarifications for 2025 that establish a minimum five-year cooling-off period for former CEOs before they can serve on audit committees. The policy specifically states that ISS will recommend voting against any director who has served as CEO within the past five years and is a member of the audit committee.

Even after the cooling-off period, independence is assessed case-by-case, and former CEOs must be classified as independent by ISS to qualify for audit committee service. These restrictions address potential conflicts of interest and ensure the committee maintains objective oversight of financial matters.

12 responsibilities of the audit committee

While the audit committee is responsible for performing the audit, they are also responsible for other essential tasks related to the audit and the corporation’s internal control system. Audit committee responsibilities encompass many oversight responsibilities, including fraud prevention, ethics and compliance, oversight of the independent auditor and involvement with external communications. Core oversight functions:

1. Risk oversight: The audit committee ensures that the company’s risk management plan is well-defined and effective. Management should discuss the company’s policies and guidelines that govern risk management. Both parties should be knowledgeable about major financial risk exposures and the steps managers should take to monitor and control risks.
2. Ethics and compliance: This is a crucial function of the audit committee, as it requires members to promptly and consistently address allegations or violations of the code of ethics. Audit committees must protect individuals who come forward with reports of questionable employee behavior. The company must have a fair process for addressing violations of ethics or compliance, which should include regular compliance audits.
3. Oversight of the independent auditor: An essential part of the audit committee's duties is to be responsible for appointing, compensating and overseeing the duties of the independent auditor. This responsibility extends to resolving any disagreements with management. Audit committee members should meet with the independent auditor at least quarterly.

Internal controls and fraud prevention

1. Oversight of internal audit: Audit committee members’ roles require them to oversee and make suggestions for improving the company’s internal operations and processes. Proper oversight of the internal audit requires companies to enlist the help of independent internal auditors to ensure the integrity and transparency of the processes.
2. Facilitate external audit: During the annual audit, the audit committee meets separately with external auditors to examine matters that need to be discussed privately. It’s important for audit committees to work toward preventing fraud. Auditors with forensic audit expertise are adept at detecting willful accounting errors and anomalies. Because of their unique relationship with external auditors and the importance of their duties, audit committees must have authority over their budgets and the management of external auditors.
3. Manage financial reporting and controls: The role of the audit committee requires them to be familiar with the processes and controls for financial reporting and internal controls. This requires working with members of management, independent auditors and internal auditors to acquire adequate knowledge about the company’s financial reporting and internal controls. The committee uses this information to determine whether the company’s financial reporting processes are designed and operating effectively.
4. Understand regulatory requirements: Audit committee responsibilities require committee members to know and understand regulatory requirements, like the NYSE and NASDAQ auditing requirements. These regulations require audit committees to review any significant changes in accounting principles and the adequacy of internal controls.
5. Review of filings and earnings releases: Financial analysts, ratings agencies and other financial experts rely on audit committees to oversee earnings releases, SEC filings containing financial information and other financial reports to ensure they’re transparent and fair. Audit committee teams are also responsible for working with legal teams to ensure that disclosures are accurate and complete, and include reporting on financial trends.
6. Provide recommendations to management: The audit committee should allow management adequate time to review and comment on the audit committee’s annual audit findings. An important function of an audit committee is to provide management with an audit committee report and final management letter that offers recommendations on how to comply with best practices for financial reporting and internal controls.

Expanded audit committee responsibilities

1. Cybersecurity risk management: Cybersecurity oversight is one of the priorities for modern audit committees. Committees must schedule monthly cybersecurity risk reviews and develop proactive governance approaches to guide organizations through innovation while maintaining cybersecurity practices.
2. AI governance: As AI transforms corporate governance, committees must embed AI oversight into their frameworks. Committee members should implement quarterly AI governance assessments to monitor the use of AI in financial reporting, internal control over financial reporting, risk management and compliance — even when the board maintains primary oversight.
3. ESG reporting oversight: Environmental, Social, and Governance (ESG) reporting has become a core responsibility, driven by expanding regulatory requirements and stakeholder expectations. Committees must broaden their governance focus to address increasing social, political, and ethical challenges while navigating internal and external reputational risks.

How chief audit executives can support today's audit committees

Audit committees are responsible for so much more than annual reports. The varied role of the audit committee necessitates that it address a wide range of challenges, including:

• Cybersecurity and AI governance
• ESG reporting
• Enterprise risk management

Their ongoing activities can strengthen compliance and bolster good governance, but only with the support of effective chief audit executives (CAE).

Partnership for expanded oversight

CAEs champion internal audits for management and the board, creating a culture that encourages internal audits to lead with strategic insights.

With committees now overseeing cybersecurity risk and managing AI governance responsibilities, CAEs must proactively identify risks across these expanded domains. Modern internal audit teams must collaborate with committees to address challenges across traditional financial controls, cybersecurity oversight, and emerging technology governance.

Technology-enabled audit excellence

As AI is implemented across organizations, internal audit functions are providing advisory services to set up processes and controls for AI governance. CAEs must work with committees to establish AI-specific control frameworks while ensuring traditional financial reporting controls remain effective.

This dual focus on emerging technology governance and established control frameworks positions internal audit as an operational partner for committees managing expanded oversight complexity.

How Diligent transforms audit committee effectiveness

The evolution of artificial intelligence and automation technologies is transforming how audit committees operate and fulfill their oversight responsibilities. Modern governance platforms address three critical areas that enhance committee effectiveness.

1. Enhanced board book preparation and risk intelligence

Traditional board book preparation consumes weeks involving manual compilation of financial data and compliance documentation.

Diligent Boards transforms audit committee meeting management through AI-enhanced capabilities that automate material creation and distribution. The platform organizes agendas and minutes while securing sensitive documents through enterprise-grade security, with electronic signature integration and real-time risk reporting dashboards.

2. Intelligent meeting preparation and data analytics

Diligent ACL Analytics transforms audit committee oversight by providing comprehensive data analytics that enable 100% data coverage rather than traditional sampling-based approaches. The platform aggregates and tests financial and operational data while automating controls testing to deliver evidence-based insights that surface anomalies for committee review.

3. Enhanced risk detection and control monitoring

Diligent Audit Management provides comprehensive solutions for planning, executing, and reporting internal audits that directly support audit committee oversight roles. The platform offers advanced AI-powered analytics to uncover insights, automate testing, and enable real-time risk monitoring. Committees receive curated, actionable information about internal controls, financial reporting, and emerging risks through centralized functions that produce impactful, visual reports.

These integrated systems address expanded oversight responsibilities that committees manage, from cybersecurity risk assessment to AI governance monitoring.

Strengthen your audit committee effectiveness

Modern audit committees face expanded responsibilities spanning financial oversight, cybersecurity, AI governance, and ESG reporting that manual processes cannot effectively support.

Organizations that combine skilled committee members with integrated technology platforms achieve sustainable governance excellence through real-time risk visibility and proactive decision-making.

Ready to modernize your audit committee operations? Discover how Diligent's integrated governance platform streamlines oversight responsibilities while strengthening compliance and risk management. Schedule a demo to see how leading enterprises are transforming their audit committee effectiveness.