# CFO-board dynamics: building trust with the audit committee
In October 2022, Wells Fargo's audit committee chair, Maria Morris, fielded a question from an institutional investor that haunts every CFO: *"When was the last time your audit committee was surprised?"* Her answer became Wall Street folklore: "If we're surprised, the CFO has already failed." That standard, zero surprises, is the operating principle behind every great audit committee relationship in 2026. And yet, according to Deloitte's 2025 CFO Insights survey, 40% of board directors report that their CFO relationship "falls short of expectations," with the audit committee specifically citing inadequate forward visibility, defensive communication, and over-reliance on the CEO as recurring failure modes.
The CFO is the most frequent non-executive presence in the boardroom, averaging 8.4 audit committee touchpoints per year according to Spencer Stuart's 2025 Board Index, more than any other officer except the CEO. That access is both an asset and a trap. Used well, it makes the CFO indispensable. Used poorly, it makes the CFO replaceable, and in 2025, the average CFO tenure at S&P 500 firms dropped to 4.7 years, a 15-year low. This lesson dissects the mechanics of audit committee trust: how it's built, how it breaks, and what the gold-standard CFOs do differently.
Trust in the boardroom is not a feeling, it is a structural output of three measurable inputs: transparency cadence, technical credibility, and independence signaling. Miss any one, and the relationship degrades within two quarters.
The Wells Fargo principle, no surprises, sounds simple but requires a deliberate operating rhythm. The gold standard, practiced by CFOs like Ruth Porat (formerly Alphabet, now President & CIO) and Hugh Johnston (Disney CFO since late 2023), is the "two-week pre-read protocol"
This isn't just courtesy. It serves three functions: (1) it gives the chair time to digest complex matters without pressure, (2) it surfaces objections privately before they become public boardroom conflicts, and (3) it establishes the CFO, not the CEO, as the primary financial narrator to the board. When Disney's Hugh Johnston joined in December 2023 amid the Trian proxy fight, his first move was instituting weekly calls with audit committee chair Maria Elena Lagomasino. By Q2 2024, audit committee meeting times had shrunk by 35% while substantive coverage expanded, a direct result of pre-meeting alignment.
In 2026, audit committees are drowning in technical complexity: OECD Pillar Two's 15% global minimum tax (now in effect across 138 jurisdictions), CSRD's first wave of mandatory sustainability assurance for ~50,000 EU-operating companies, and the SEC's climate disclosure rules that survived legal challenge in late 2024. The CFO who walks into the audit committee unable to fluently translate these regimes loses credibility instantly.
The benchmark: a CFO should be able to answer, without notes, three questions on any technical regime affecting the company: *What is our exposure in dollars? What is our compliance posture? What is our peer comparison?* When Unilever's CFO Fernando Fernandez briefed the audit committee on Pillar Two impact in early 2024, he came armed with a country-by-country effective tax rate mapmapUsing software to automate repetitive marketing tasks and campaigns, enabling personalisation at scale across channels like email, web, and social.View full definition → showing a €180M annualized impact and a peer benchmarking grid against Nestlé, P&G, and Reckitt. That's the level of preparation that buys trust.
Audit committees want assurance that the CFO will tell them the truth even when the CEO would prefer otherwise. This is the most uncomfortable dimension of the role. The signal isn't sent through declarations, it's sent through structural behavior: requesting executive sessions without the CEO, raising dissenting views in writing, and occasionally disagreeing with the CEO in front of the board on substantive (not theatrical) matters.
The 2020 Wirecard collapse, €1.9 billion of cash that never existed, remains the canonical case study of audit committee failure, but a 2024 retrospective by ESMA revealed something underappreciated: CFO Burkhard Ley and his successor Alexander von Knoop had systematically managed *down* the audit committee's information flow. Critical EY auditor concerns from 2016-2018 were filtered through the CFO's office, with select items omitted from board materials. The audit committee, chaired by Stefan Klestil, never received the unredacted KPMG special audit findings until June 2020, weeks before the collapse.
The lesson for 2026 CFOs: the audit committee's information channel must include a direct line to the external and internal auditors that does not pass through your office. Best-practice CFOs *insist* on this. Adena Friedman (Nasdaq) reportedly tells new audit chairs: "If you ever feel you're hearing the auditor's view filtered through me, that's a failure I want to know about immediately."
Contrast Wirecard with Macy's. In late 2024, the retailer disclosed that a single employee had hidden approximately $151 million in delivery expenses over nearly three years. The discovery was made internally, the audit committee was briefed within 72 hours, Q3 earnings were delayed, and an independent investigation was launched. CFO Adrian Mitchell took personal point on board communication, including three audit committee meetings in eleven days and a direct briefing to the full board within a week.
The market response is instructive. Macy's stock dropped 8% on the disclosure but recovered within six weeks. By contrast, when Hertz disclosed accounting issues in 2014 with comparable disclosure delays of months, the stock lost 30% of its value over the subsequent year. The difference wasn't the size of the error, it was the speed and completeness of board engagement. Mitchell's handling of the Macy's incident is now cited in Deloitte's CFO Insights as a template for trust preservation during financial control failures.
The takeaway: trust isn't built only in good times. It is most decisively built in the first 96 hours of a problem.
Knowledge check
1. According to Spencer Stuart's 2025 Board Index, approximately how many audit committee touchpoints per year does the average CFO have?
2. Per Deloitte's 2025 CFO Insights survey, what percentage of board directors report that their CFO relationship 'falls short of expectations'?
3. The 'two-week pre-read protocol' associated with CFOs like Ruth Porat and Hugh Johnston is primarily designed to address which trust input?
4. Select ALL correct answers regarding the three structural inputs to audit committee trust identified in the lesson:
Sélectionnez toutes les réponses correctes.
5. Select ALL correct answers about the recurring CFO failure modes cited by audit committees in the Deloitte 2025 survey:
Sélectionnez toutes les réponses correctes.
Theory means nothing without operating discipline. Here is the practical infrastructure that high-trust CFOs build in their first 100 days, or, if you're already in seat, what you should audit this quarter.
Beyond the standard quarterly audit committee meetings, gold-standard CFOs run a parallel calendar of four bilateral touchpoints per year with the audit committee chair, structured as follows:
1. Q1, Strategic Risk Review: A 90-minute deep dive on the top 5 enterprise risks, framed in financial impact terms. This is *not* the same as the enterprise risk presentation given to the full board, it should be sharper, more uncertain, and include risks that aren't yet "board-ready."
2. Q2, Auditor Relationship Calibration: A discussion of the external audit firm's performance, fees, scope changes, and any tensions. This is where the chair learns whether the CFO is genuinely independent of the auditor or has gone native.
3. Q3, Finance Function Talent Review: Who's in your top-3 succession bench for controller, treasurer, and head of FP&A? Audit committees in 2026 increasingly view CFO succession and finance function depth as a governance matter, particularly after the SEC's expanded disclosure expectations on key person risk.
4. Q4, Control Environment Stress Test: A walk-through of where internal controls are weakest, what's being done, and what residual risk remains. This conversation should be uncomfortable. If it isn't, you're not being honest.
Every audit committee meeting should be structured around three explicit lists the CFO maintains:
This sounds elementary, but the discipline of forcing every issue into one of three buckets prevents the most common failure mode: items lingering in ambiguous "we're looking at it" status for quarters at a time. Brian Olsavsky (Amazon CFO) reportedly uses a version of this framework, and Amazon's audit committee chair David Zapolsky has cited the predictability of materials as a key reason the committee can run efficiently despite Amazon's complexity.
The single most delicate dynamic in the boardroom is the CFO-CEO-audit committee triangle. The audit committee wants independent input from the CFO; the CEO wants alignment; the CFO wants to keep their job *and* their integrity.
The rule that works, articulated to me by a Fortune 100 audit chair: align with the CEO on commercial and strategic matters; remain independent on matters of accounting, control, disclosure, and capital allocation discipline. When these collide, and they will, particularly around aggressive revenue recognition, M&A goodwill, or stretched guidance, the CFO must be willing to dissent, in writing, in the boardroom.
The most respected CFOs do this perhaps once or twice in a multi-year tenure. The act of dissenting is rare; the *willingness* to dissent is constant. Audit committees can sense the difference.
1. Institute the two-week pre-read protocol with your audit committee chair this quarter. No material item should hit the boardroom without 14 days of chair preview. Track adherence, aim for >90% within two quarters.
2. Build the Four-Meeting Bilateral Calendar with your audit chair before the next AGM. Block the dates now. Strategic Risk in Q1, Auditor Calibration in Q2, Talent in Q3, Controls Stress Test in Q4. These are non-negotiable, even if they need to be virtual.
3. Audit your information channels. Can the audit committee reachreachThe number of unique people exposed to your message in a given period. Unlike impressions, reach counts each person once, no matter how often they see it.View full definition → your external auditor, internal auditor, and chief accounting officer without going through your office? If not, fix it in 30 days. This is the structural antidote to the Wirecard pattern.
4. Master three technical regimes cold. For 2026, that means Pillar Two exposure in dollars, CSRD assurance readiness, and SEC climate disclosure compliance. If you cannot brief your audit committee on each without notes, you have homework before your next meeting.
5. Pre-commit to your 96-hour crisis protocol. Document, in writing, what you will do in the first 96 hours of a material control failure: who calls the audit chair, when the full board is notified, when external counsel is engaged, how external auditors are looped in. The Macy's playbook works because it was pract