KPMG recently released their Global Audit Committee Survey (See the KPMG survey here). The survey contains the views of 1,800 audit committee members worldwide regarding topics such as financial reporting and disclosures, audit quality, oversight of internal and external auditors, risk management and crisis readiness, emerging technologies and audit committee effectiveness.
The survey highlighted the following concerns of audit committee members:
Audit committee members in many countries around the world are markedly less confident in their oversight of risk:
- While 37 percent said their company’s risk management program is ‘robust and mature,’ 45 percent said that the program requires ‘substantial work.’
- Only one in four said the company’s risk management process ‘extends far enough into the horizon.’
- The quality of risk-related information-particularly about cyber risk, global systemic risk, and the pace of technology change-as well as hearing dissenting views from middle management and others about critical risks facing the company continue to be areas of concern.
- One in three said they are not satisfied with the company’s crisis readiness and response plan.
- Nealry half are only somewhat satisfied that the company’s governance activities are focused on the greatest risks to the brand.
While the risk-related challenges are not new, four game changers continue to raise the bar-and the stakes-on effective risk oversight. Digitization, globalization, increased government regulation, and stepped-up global enforcement are reshaping the business and risk landscape-with significant implications for the audit committee’s agenda and, potentially, its effectiveness:
- In addition to their core responsibilities, many audit committees today have oversight responsibility for the company’s enterprise risk management process as well as other major risks facing the company-including financial, operational, cyber security and IT, and legal/regulatory compliance risk.
- Survey respondents generally gave low ratings to their audit committee’s oversight of risk-including ‘understanding the committee’s risk oversight responsibilities.’
- Many point to the need for ‘additional expertise’ (e.g., IT, M&A, and risk) as a key to improving the committee’s effectiveness.
- One in four said the audit committee’s self-evaluation is not as robust as it should be.”
The survey results interestingly conveys that audit committee members are not confident in their oversight of risk and face continuous challenges in managing this risk. Audit committees continue to have their work cut out for them to ensure proper financial reporting for companies.