2025 Audit Committee Practices Report (US)
Common Threads Across Audit Committees
The Audit Committee Practices Report (US) provides directors— especially audit committee members—and governance professionals with insights into priorities, challenges, and opportunities. Explore leading practices for committee effectiveness.
Key report findings
The Audit Committee Practices Report aims to provide insight into audit committee priorities and challenges, to understand how audit committees are evolving, and to identify emerging trends. Outside of financial reporting and internal controls, the top three priorities of the audit committee over the next year are consistent with last year: cybersecurity, enterprise risk management (ERM), and finance and internal audit talent.
Cybersecurity
Beyond financial reporting and internal controls, 50% of respondents identified cybersecurity as the number one area of focus for their audit committee over the next 12 months. According to our survey, 62% of audit committees have primary oversight of cybersecurity risk, while 23% responded that their full board has oversight.
ERM
When asked who is responsible for oversight of ERM within their companies, our survey respondents indicated: the audit committee (52%), the full board (28%), and the risk committee (19%).
Finance and internal audit talent
Oversight of finance and internal audit talent is the primary responsibility of the audit committee for 92% of our survey respondents. The topic is on the agenda quarterly for 38% of audit committees, semiannually for 18%, annually for 23%, and as needed for 21%.
This report was published by Deloitte’s Center of Board Effectiveness US.
