Challenge number one
KPMG recently released its annual Global Audit Committee Pulse survey, which shows that audit committee members around the world perceive risk management as the top challenge and concern for businesses in 2017
KPMG’s Audit Committee Institute (ACI) surveyed more than 800 audit committee members from 42 countries around the world. The purpose of the survey was to offer insights that audit committees worldwide can use to sharpen their focus and oversight; and benchmark responsibilities and practices.
The audit committees have expressed confidence in financial reporting and audit quality, as they have done in the past, however, their concern about risk management is also not something new. As technology develops and becomes more engraved in the way companies do business, there are more risks that need to be taken into account.
“It’s hardly surprising that risk is top of mind for audit committees – and very likely, the full board – given expectations for slow growth and economic uncertainty, advances in technology and business model disruption, cyber threats, greater regulatory scrutiny and investor demands for transparency,” states the survey report.
Surveyed audit committee members identified the effectiveness of risk management programmes as the biggest challenge within the companies they serve. More than 40 percent of surveyed respondents believe their risk management programme and processes “require substantial work”, and a similar number believe “it is increasingly difficult to oversee those major risks”.
The survey further states: “There is an increased focus by boards on key operational risks across the extended global organisation.” These risks include legal and regulatory compliance risk, cybersecurity risk, and managing the control environment risk.
Cybersecurity and technology-related risks were very much the hottest topics in the survey and received a lot of responses, especially within the United States (US). US respondents identified cybersecurity risk as the top risk to their companies. The survey notes that US respondents seem to be more concerned about dealing with a cyber attack than preventing one.
US respondents have identified loopholes in their cybersecurity risk management processes: vulnerability from third parties and keeping technology systems up to date. The survey advised that boards should change their mindset on cybersecurity and create awareness at an enterprise-wide level, rather than just treating it as an IT-level problem.
The survey reveals that companies need to put more focus into their risk management programmes as only 34 percent of audit committees worldwide are satisfied with the effectiveness of their programmes. From the countries surveyed, Singapore (63 percent) is the most satisfied and Korea (0 percent) the least satisfied.
Overall, the KPMG survey report suggests that audit committees should focus more on certain areas to increase the effectiveness of their risk management. One way that committees could do this is to get a better understanding of the business and its risks. It also notes that an internal audit can maximise the value of risk management to the company by focusing on key areas of risk and the adequacy of the company’s risk management processes generally.