The Audit Committee's Expanding Role: What CPAs Need to Know

The audit committee used to have a clear job: oversee financial reporting, internal controls, and the external auditor. As business complexity grows, however, those days are over.

Today’s audit committees are increasingly being asked (and sometimes told) to take on cybersecurity oversight; enterprise risk management; environmental, social, and governance reporting; and other emerging risks that don’t fit neatly into another committee’s charter. It’s a dramatic expansion that’s reshaping corporate governance, often in ways that create new problems even as boards of directors try to solve old ones.

A new study published by Karneisha Wolfe, assistant professor of accountancy at the University of Illinois Urbana-Champaign, and her co-authors Lauren Cunningham (University of Tennessee), Sarah Stein, and Kimberly Walker (both at Virginia Tech), pulls back the curtain on how many audit committees are handling this evolution. In their research paper, “Redefining Perceived Boundaries: Insights Into the Audit Committee’s Evolving Responsibilities,” the researchers interviewed 29 audit committee members (mostly chairs) from public companies across the United States in various industries and sizes. In accounting research, this type of study is known as “qualitative research,” which is a fundamentally different approach from the statistical analyses that dominate most accounting journals. Instead of examining thousands of companies through databases to find patterns in numbers, the researchers conducted in-depth interviews, asking open-ended questions and letting conversations flow naturally.

“It was fun and insightful to learn about a topic directly from the practitioners who are in the role. I believe that’s one of the key advantages of qualitative research,” Wolfe says.

The researchers evaluated their interviews using a theoretical framework known as “boundary work theory,” which examines how professionals negotiate the invisible lines that define the roles and responsibilities within a team or group—in other words, “who does what.” In settings where multiple groups collaborate toward a shared goal (e.g., committees within a corporate board), these boundaries help distinguish activities and allocate resources, but they’re rarely fixed.

“Collaborative boundary work theory suggests that to achieve a shared goal, boundaries that distinguish each of the smaller teams’ duties need to be established. The responsibilities should be based on the teams’ expertise,” Wolfe explains.

However, in practice, these boundaries don’t always remain clearly defined. As the researchers’ paper notes, “Given the ambiguous nature of the work within interprofessional collaborations, professional boundaries are often fluid such that environmental changes may initiate boundary adjustments; these adjustments can result in new responsibility assignments that may no longer align with professionals’ expertise.”

The audit committee might extend its boundary to absorb new responsibilities, blur its boundary by sharing oversight with another committee, or maintain its boundary and let someone else handle it. Ultimately, each choice has implications for workload, expertise alignment, and governance effectiveness.

The Kitchen Sink Problem

Wolfe explains that because the audit committee’s traditional role expands to different aspects in the organization, the audit committee is often seen as the default committee to assign new duties to when the responsibilities don’t directly relate to other board committees’ expertise. In fact, the researchers found that audit committees extend their boundaries to take on new responsibilities 54% of the time. Sometimes they do this willingly because they have relevant expertise or want the comfort of knowing an important risk is properly overseen. But they may also do it reluctantly, feeling they’re the board’s “default choice” or “dumping ground.” As one research participant put it, “the audit committee is the kitchen sink.”

This matters because the two types of boundary extensions lead to very different outcomes. For example, audit committees that genuinely want new responsibilities tend to actively seek specialized training and upskill their members. However, those that reluctantly accept new responsibilities are more likely to leverage whatever expertise they already have and hope for the best—or worse, they may push substantive discussion back to the full board level.

The Real Cost of Overload

Multiple research participants expressed concern that additional audit committee responsibilities inevitably compromise oversight. Audit committee meetings are already packed, and while committees can add meetings or extend time, there are practical limits to what directors can process, especially when they’re serving on multiple committees or boards.

One risk is that core financial reporting oversight becomes less substantive. As one research participant noted, “I think we ought to just make sure we’re focused on the basics. The primary mandate is making sure the integrity of the financial statements is there and that internal controls are functioning. And, quite frankly, every time another responsibility comes onto the audit committee, you have to give a little less somewhere else.”

Blurred Lines

Some boards try to solve the overload problem by having audit committees share oversight responsibilities with risk committees. This creates what the researchers call “blurred boundaries,” where both committees see the same materials on a given topic, discuss it, and report to the full board. Their theory is reasonable: share the workload, leverage different expertise, and avoid overburdening one committee. But the reality of this practice is more complicated than that. That’s because blurred boundaries create two opposite risks:

1. Oversight gaps: If both committees assume the other is handling detailed follow-up, issues can fall through the cracks.
2. Duplication: If both committees cover the same ground, it’ll waste time and frustrate management by having them prepare for and present to multiple committees.

Therefore, to make blurred boundaries work, active coordination is required by committee members. That means both groups should hold joint committee meetings, have regular calls between committee chairs to coordinate agendas, and create a formal documentation process, spelling out who’s responsible for what specific aspect of a shared risk area.

The Trust Factor

Importantly, trust is an essential feature of audit committee work. When audit committee members have strong relationships with management, they hear about problems sooner, get more candid answers, and have difficult conversations more productively.

Unfortunately, the shift to virtual board meetings during the COVID-19 pandemic decreased audit committees’ opportunities to build trust with management, potentially impacting oversight effectiveness. Before the pandemic, many audit committees held informal dinners with chief financial officers (CFOs) and other key executives the night before committee meetings. Rather than focusing on a formal agenda, these were relationship-building opportunities where audit committee members and management could discuss concerns about talent development in the finance function, hear what was really on the CFO’s mind, and develop the kind of trust that makes people share problems rather than hide them.

Virtual meetings eliminated most of these opportunities. Although audit committees have tried to adapt with brief virtual check-ins, multiple research participants noted that these don’t replicate the same dynamic.

What This Means for CPAs

Whether you serve on an audit committee, advise one as an external auditor, or work with one in a corporate finance role, the researchers’ findings have practical implications for certified public accountants (CPAs). The evidence from their research suggests that how audit committees take on new responsibilities (whether willingly or reluctantly, with adequate resources or making do, or with clear boundaries or muddled ones) matters as much as whether they take them on at all. That’s something every CPA involved in corporate governance should be thinking about.

With this in mind, here are four strategies that CPAs can use to take on expanding audit committee responsibilities effectively.

1. Recognize that boundary decisions are strategic choices with real consequences. When boards are deciding where new oversight responsibilities should live, the easy answer isn’t always the right answer. Defaulting to the audit committee can create problems down the road. It’s better to have an uncomfortable upfront conversation about capacity and expertise than to create a governance gap disguised as a solution.
2. Demand coordination mechanisms. If on an audit committee with blurred boundaries, don’t rely on informal understanding or assume the other committee is handling things. Joint meetings, documented responsibility matrices, and regular communication between committee chairs are essential.
3. Fight to preserve relationship-building opportunities. Even with hybrid meeting formats, audit committees need unstructured time with key executives. If your board meetings have gone fully virtual or mostly virtual, this may be a red flag. The efficiency gains may be creating hidden costs and compromising important relationship building that only happens in person.
4. Be honest about expertise gaps. Many audit committee members were appointed for their financial expertise but now oversee cybersecurity, climate risk, and other technical areas far outside traditional accounting. That’s not a personal failing—it’s a structural mismatch. Effective audit committees acknowledge these gaps and address them through targeted training, expert consultants, or reconsidering whether they’re the right committee for the job.

Overall, as audit committees continue to take on new and complex duties, CPAs can play a critical role in making sure those responsibilities enhance the board’s ability to govern well.

Related Content:

• Does Blockchain Technology Use Increase Audit Risks? As blockchain technology grows, new research examines whether firms that use it are setting themselves up for greater audit risk.
• Can Social Media Enhance an Audit? Research examines how social media posts can help auditors understand a company’s financial health, risks, and future performance.