The FINANCIAL — A new report from KPMG’s Global Audit Committee Institute has revealed that just 35% of Irish members are satisfied with their level of focus on managing cyber security risk. On a global level, even fewer are satisfied (25%) despite the issue being identified as a key challenge by committee members.
The 2017 Global Audit Committee Pulse Survey shows that overall, more than 40% of members believe their risk management programs and processes require “substantial work,” and a similar percentage admit that it’s increasingly difficult to oversee major risks.
While audit committees in general express confidence in financial reporting and audit quality, they rank legal/regulatory compliance, cyber security risk, company controls around risk, and tone at the top and organizational culture as among their top challenges.
“The audit committee’s job isn’t getting any easier, particularly given the uncertainty, volatility, and complexity of today’s business environment,” says Risk Consulting Partner at KPMG, Michael Daughton. “These findings reinforce the practices and priorities that are essential for audit committees to keep pace – starting with having a solid understanding of the business and the critical risks it faces.”
KPMG surveyed more than 800 audit committee members and chairs in 42 countries, providing insights that audit committees around the world can use to sharpen their focus, benchmark responsibilities and practices, and strengthen oversight.
Overall, audit committees are largely satisfied that their agendas are properly focused on maintaining internal controls over financial reporting and key assumptions underlying critical accounting estimates. However, they see room for improvement when it comes to focusing on CFO succession planning, talent and skills in the finance organization, tone at the top and culture, and aligning the company’s short- and long-term priorities.
Nearly 4 in 10 said the committee’s effectiveness would be most improved by having a “better understanding of the business and key risks,” while nearly a third said additional expertise related to technology or cyber security would be helpful.
The report highlights six key takeaways:
Risk management is a top concern for audit committees.
Internal audit can maximise its value to the organization by focusing on key areas of risk and the adequacy of the company’s risk management processes generally.
Tone at the top, culture, and pressure for short-term results are key challenges – and may need more attention.
CFO succession planning and bench strength in the finance organization continue to be weak spots.
Two key financial reporting issues may need a more prominent place on audit committee agendas: Implementation of new accounting standards and non-GAAP financial measures.
Audit committee effectiveness hinges on understanding the business.