Audit committees have long been the mandated nexus of corporate financial reporting, internal controls, and risk management. Even though these committees face a full slate of topical oversight and compliance – financial, internal audit, AI, cyber, ESG, Sustainability, DEI – 2025 has also brought forward a new suite of risks. Namely, trade and tariffs, supply chain resilience, and geopolitical conflict. With so much responsibility across a broad spectrum of issues, have audit committees become the “kitchen sink” of corporate boards?
Key takeaways:
- The scope of audit committees has rapidly burgeoned over the past five years, with the likes of cyber, ESG and climate, AI, and whistleblower protections being added
- Under the second Trump administration, global trade policy upheaval and simmering geopolitical tensions bring new supply chain resilience, tariff and sanction compliance, and geopolitical risks to the fore for audit committees to manage
- Audit committee members at large multinationals will spend on average 250 hours per year fulfilling their duties – signaling room to review the committee’s scope, composition, process, tools, and overall efficacy
- To improve effectiveness, boards will have to consider the scoping across committees as well as increased training for audit committee members
Audit committees have traditionally been the board’s hub for financial reporting, internal controls, and risk management. But in today’s environment, it’s not just about the numbers. In 2025, management teams are increasingly being asked to deliver more—and answer to more—on topics that now fall under the audit umbrella: AI, cybersecurity, ESG, climate disclosures, DEI, trade, tariffs, and geopolitical conflict.
The result? Audit committees are overwhelmed, and much of the heavy lifting is falling to senior management. If you lead finance, legal, compliance, operations, or supply chain, you’re now operating at the center of these intersecting risks.
What’s Changed—and What’s Being Asked of You
Over the past five years, audit committee responsibilities have ballooned. As their mandate grows, they’re relying more heavily on management teams to deliver risk-aware, well-documented decisions across a broader set of domains:
| Expanded area | Key drivers | Typical responsibilities added |
|---|---|---|
| Cybersecurity | SEC cyber disclosure rules, increasing breach risk | Provide audit-ready evidence of cyber controls, incident response, and system integrity |
| ESG & Climate Disclosures | EU CSRD, California Climate Bills | Own reporting processes, ensure audit trails for climate and ESG data |
| AI & Technology Risk | Use of AI in internal systems, algorithmic bias | Establish governance, controls, and testing protocols for finance and reporting automation |
| Whistleblower Protections | SEC programs, cultural scrutiny | Operate protected channels, document retaliation prevention |
| Political & Trade Risk | Sanctions, tariffs, geopolitical shifts | Provide exposure analyses, monitor compliance, update assumptions in guidance and forecasts |
The Trade & Tariff Challenge: Why It’s on Your Plate
The reintroduction and expansion of tariffs—especially targeting Chinese goods, European metals, Mexican agriculture, and EV components—has upended operating assumptions for global firms.
Audit committees expect management to lead on:
- Verifying tariff-related disclosures
- Tracking sourcing changes and cost implications
- Monitoring vendor compliance with trade laws
- Reviewing transfer pricing, duty drawbacks, and customs risks
- Mapping critical mineral dependencies and related ESG impacts
- Ensuring compliance systems are SOX-compliant and cyber-secure
- Preventing transshipment and misclassification
- Supporting financial forecasting with up-to-date tariff assumptions
In short, tariff risk management isn’t a side task—it’s a financial, operational, and reputational risk that must be integrated into enterprise-wide planning.
What Multinationals Are Doing
Here’s how peers are responding:
- Procter & Gamble: Added tariff exposure dashboards to internal audit tracking and cost forecasting tools.
- General Motors: Conduced third-party supplier audits for USMCA origin compliance, particularly for EV batteries.
- Caterpillar: Developed a geopolitical risk register that flags vulnerabilities in key markets like China and Brazil.
- Tyson Foods: Enhanced sourcing audits and customs classifications for export-bound agricultural goods.
- Ford: Embedded cyber checkpoints into ERP trade systems to guard against data manipulation in tariff reporting.
What You Can Do Now
For CFOs, CAEs, CISOs, supply chain heads, and corporate counsel, this moment requires structure and visibility. Here’s what high-performing management teams are putting in place:
- Integrate trade exposure into regular risk reports: Include tariff dashboards in audit committee materials and forecast models.
- Strengthen internal controls over customs and compliance: Validate supplier declarations, harmonized tariff codes, and sourcing claims.
- Track geopolitical developments and scenario plan: Especially in China, Mexico, Brazil, and EU markets subject to retaliation or embargo.
- Ensure data integrity across ERP and customs platforms: Secure audit trails, automate compliance reporting, and close vulnerabilities.
- Contribute to charter refreshes and scoping: Work with legal and audit leads to document changes in management responsibilities.
- Flag capacity and resourcing concerns: Be candid if your team is at risk of audit fatigue or reactive reporting. Prevent burnout—and errors—before they happen.
Questions to Ask in Your Next Leadership Meeting
- Are we producing the level of detail the audit committee needs to meet its new responsibilities?
- Have we mapped tariff and geopolitical exposure across business units, regions, and suppliers?
- Are we audit-ready on ESG, climate, and AI topics—with documented controls and assumptions?
- Do we have a clear escalation path for emerging risks like retaliatory tariffs or sanctions?
- Are we relying too heavily on manual processes where automation and compliance tooling are needed?
- Is our current structure—between risk, finance, compliance, and supply chain—built for this level of complexity?
Bottom Line:
Management teams are the operational engine behind audit committee success. As board expectations rise, your visibility, rigor, and responsiveness are what protect the business—and the board—from risk.
If your team is being asked to do more with the same tools and capacity, it may be time to reevaluate what audit-readiness looks like in 2025.
If your audit committee is asking for more—and your team’s already at capacity—it may be time to reassess how you’re supporting the function. We’re here to compare notes.
