Audit committees around the world say it is becoming increasingly difficult, given the committee’s workload and expertise, to oversee major risks in addition to financial reporting, according to a new survey from KPMG of 1,500 audit committee members in 34 countries. CFO succession and risk oversight are also key challenges as their companies navigate increasingly complex regulatory and operating environments.
The survey found that while many audit committees have primary responsibility for a number of critical risks facing the company – legal/regulatory compliance, anti-bribery/corruption, financial, and/or IT and cyber security risks – 43 percent said it is becoming “increasingly difficult” to oversee those risks. About one in four said their board has recently reallocated or rebalanced risk responsibilities, created a new committee to address specific risks, or may consider doing so in the near future.
“Audit committee agendas are not getting any lighter”. “Overseeing financial reporting and audit, and ensuring those activities have the right resources and talent, is a job in itself. This survey suggests that it’s time to step back and assess whether the audit committee’s risk oversight responsibilities are appropriate.”
Talent in the finance organisation and the quality of information around key risks facing the company were also cited as concerns: Globally, only 38 percent of survey respondents said their company has a formal succession plan in place for the CFO; and only about 40 percent said their company has clear performance objectives to evaluate the CFO’s performance.
While audit committees are satisfied with much of the information they receive about key risks facing the company, nearly one in three said information about cyber security, emerging technologies, and the company’s growth and innovation plans “needs improvement.”
U.S. responses to the survey were generally in line with those reported globally: Forty-one percent report that their company has a succession plan in place for the CFO, and respondents ranked the quality of information about cyber security and the pace of technology change lowest. Audit committees in the U.S., however, reported having greater responsibility for IT/cyber security, financial, and anti-bribery/corruption risk than global averages.
“An overloaded audit committee is a less effective audit committee,” said the head of KPMG’s Audit Committee Institute (ACI). “These survey findings should serve as a catalyst for boards and management teams to assess the adequacy of their governance processes in critical areas.” Noting that the audit committee’s perspective on business and regulatory risk sheds important light for the entire board, “talent, technology, and quality information about the company’s risks and long-term performance are clearly top of mind for audit committees, and should be for the full board.”
Other key global findings include:
- The top challenges facing their companies: Regulation, uncertainty and volatility, and operational risk—followed by talent, technology change and business model disruption, cyber risk, and innovation.
- Only 62 percent said they are satisfied the company has identified “leading indicators” that show where the company is headed and whether its strategy is on track.
- “Customer focus/satisfaction” and “operational efficiency” were cited as the non-financial drivers of long-term value that are most important to the successful execution of the company’s strategy.
- Most respondents said that, over the past several years, their companies could have been better prepared to respond to: significant regulatory change, ethics and compliance issues, business model disruption, and major technology developments.
- More than 80 percent said internal audit’s role should extend beyond the adequacy of financial reporting and controls, to include other key risks facing the business; however, only 50 percent said internal audit currently has the skills and resources to be effective in the role they envision.
KPMG’s 2014 Global Audit Committee Survey can be downloaded through this page.