2025 Audit Committee Transparency Barometer

Celebrating its twelfth year of publication, the Audit Committee Transparency Barometer, released by the Center for Audit Quality (CAQ) offers investors current standards, examples of robust disclosures and areas of improvement regarding information shared by audit committees in proxy statements each year. 

Developed in partnership with Ideagen Audit Analytics, the Transparency Barometer provides year-over-year comparisons of disclosure trends for S&P 500, S&P MidCap and S&P SmallCap companies in certain key areas, including audit committee responsibilities and makeup, auditor assessment/oversight, audit firm and lead partner selection, auditor compensation, cybersecurity, ESG and board members' areas of expertise. 

A new age of disruption and risk 

Audit committees today face responsibilities that extend far beyond traditional financial reporting and external auditor oversight. As organizations encounter multifaceted risks like rapid AI adoption, cybersecurity threats, regulatory shifts and economic uncertainty, audit committees play a critical role in applying their knowledge and experience to oversee emerging risks. However, this year, the Barometer highlights a troubling trend: stagnation in many areas of disclosure. While audit committees have made progress overall since 2014, the observed plateau in the last year comes at a critical time when transparency is needed most, representing a missed opportunity. As audit committee roles expand and evolve in response to disruption and emerging risks, updated and transparent disclosures shift from important to essential. The Barometer provides guidance and examples to help audit committees move beyond stagnant, formulaic disclosures and deliver current, comprehensive information to investors and stakeholders about how their oversight is evolving to meet these challenges. 

Board expertise and connection to director changes: 

As boards navigate increasing complexity and disruption, director expertise has become paramount. Skills matrices have emerged as a critical tool for both evaluating and communicating board competency. These disclosures provide stakeholders with transparency into whether the board possesses the collective capabilities needed to exercise effective oversight in today's challenging environment. 

The 2025 data shows strong adoption of skills matrix disclosures: disclosure rates reached 90% among S&P 500 companies, rising from 85% in 2024. MidCap and SmallCap companies reported rates of 80% and 70% respectively, both showing year-over-year improvements. 

While many companies in the S&P 1500 collectively are revealing a skills matrix, there is still opportunity for improvement, particularly among smaller companies. Additionally, companies that are revealing a skills matrix can seek to add more information to their matrix, including a broader variety of capabilities, industry-specific expertise, emerging technology knowledge and level of proficiency in specific skills. The Barometer highlights leading examples of comprehensive skills matrices that companies can reference when strengthening their own disclosures. 

As boards and audit committees uncover gaps in critical competencies, whether in cybersecurity, AI/technology, ESG, or regulatory domains, they face strategic choices about how to close them. The skills matrix provides both a diagnostic framework for identifying board composition shortcomings and a blueprint for director selection and ongoing education. Generally, a third of SEC filers experience director turnover each year, providing Boards with regular opportunities to refresh and increase expertise. By disclosing a skills matrix, companies give investors and stakeholders confidence that through new appointments or continuing education, board composition is evolving to support the capabilities required for managing emerging risks and achieving strategic objectives. 

Cybersecurity 

Audit committees increasingly require specialized expertise to manage emerging risks, with cybersecurity standing out as a top priority. Currently, 64% of S&P 500 companies disclose that their audit committee holds responsibility for cybersecurity oversight, with 55% and 53% disclosing in the Midcap and SmallCap respectively. While these percentages did not increase significantly when compared to the 2024 data, they have increased drastically since collection of this data point started in 2016: 11% of the S&P 500, 5% of the S&P MidCap, and 4% of the SmallCap disclosing at that time. 

AI's growing presence brings intensified risks, both expanded cybersecurity vulnerabilities and new types of fraud. These threats can manifest through internal misuse of AI tools by management or through sophisticated external attacks targeting company systems and data. Companies can recruit cybersecurity experts to their boards and encourage/require board members to complete Cybersecurity or Technology focused certifications, both of which bolster boards with appropriate expertise to handle growing cybersecurity risks. While many data points in the barometer showed stagnation compared to last year, cybersecurity experts on the board (Q9) saw an increase with disclosures showing a meaningful 5% year-over-year increase among S&P 500 companies. 

Disclosing if the audit committee oversees cybersecurity risk and what cybersecurity expertise exists at the board level provides stakeholders with essential insight into how the company governs this critical emerging risk area. As technology threats continue to evolve, this transparency becomes increasingly important for maintaining investor confidence in corporate governance. 

Oversight of the external auditor 

At the heart of the audit committee's responsibilities is the management of the external auditor. Audit committees can establish a clear link between their direct oversight and overall audit quality through the strength of their disclosures. Since 2014, there have been gains in disclosures regarding certain aspects of external auditor oversight. However, many of these gains have plateaued or even declined in recent years, suggesting that not enough companies are leveraging disclosures to their advantage. By revealing the depth of their responsibilities and actions in proxy statements, audit committees can offer genuine insight into how they are carrying out their oversight responsibilities and explain how they are adapting to disruption and change. During periods of disruption, companies should also consider evaluating and subsequently disclosing the external auditor’s competency in emerging technologies to ensure the external auditor can keep pace with the company’s goals. 

Is there disclosure related to a discussion of Audit Committee considerations in appointing or (re)appointing the external auditor? (Q1) 

This year, we saw stagnation at 50% for the S&P 500, matching 2024's rate. Disclosures for Q1 have been trending upward since collection started in 2014, however now we are witnessing a clear plateau. With rapid changes in technology and emerging risks, audit committees should reveal how their evaluation criteria are changing to ensure external auditors possess the necessary expertise and capabilities to address evolving challenges. 

Is it explicitly stated that the audit committee is involved in the selection of audit engagement partner? (Q8) & Is there a discussion of how the audit committee is involved in the selection of the audit engagement partner? (Q8.1) 

Among S&P 500 companies, 53% disclose audit committee involvement in selecting the external audit partner (Q8), but only 16% explain the selection factors (Q8.1), a slight decline from 2024. Enhanced disclosure around this process would reassure stakeholders of the audit committee's oversight, given the engagement partner's pivotal role in directing the audit team through periods of disruption and risk. 

Conclusion 

Although disclosure rates have improved since 2014, the stagnation evident in 2025 represents a squandered opportunity. As audit committee responsibilities evolve in response to AI adoption, cybersecurity threats, regulatory shifts, and economic uncertainty, audit committees should reassess their disclosure practices. Moving past standard, boilerplate language and providing investors and stakeholders with greater transparency about oversight execution is critical. The Barometer continues to offer guidance and examples for achieving these improvements, helping audit committees demonstrate how their responsibilities are shifting amid disruption and rapid change.