Skip to main content
Poole College of Management
Enterprise Risk Management Initiative
ERM Leadership and Governance

What Are Audit Committees Really Thinking About?

November 27, 2017 3-min. read

With a constantly changing business world, audit committees have an abundance of challenges facing their companies in the upcoming future. Among these challenges are slow growth, economic and political uncertainty, technology advances, cyber threats, and regulatory scrutiny; however, it is important to note that these challenges vary by company and geographic location. KPMG’s Audit Committee Institute conducted a survey of 832 audit committee members across the United States to determine what specific risks were currently on the radars of audit committees.

Top Six Risks

At the conclusion of the survey, KPMG was able to determine six major risks that audit committees across the country were focused on.

1. Risk Management

More than 40% of audit committee members believed that their risk management programs “require substantial work.” The effectiveness of these programs topped the list of issues that survey participants view as the greatest threat posing their companies. Risk management programs are substantially important due to the volatility and uncertainty of risks within the business and risk environment

2. Internal Audit

This division is most effective when it is focused on the critical risks and controls of businesses. The board of directors should challenge the internal audit group to take the lead in coordinating with other risk and compliance functions in order to limit duplication and ultimately prevent gaps. Furthermore, it is vital for their audit plan to be flexible to adjust to ever changing business and risk conditions.

3. Tone at the Top

One in four audit committee members ranked tone at the top and culture as a significant challenge facing companies today. In addition, aligning the company’s short- and long-term priorities poses as a huge struggle for senior management. Not only are participants unhappy with the tone at the top of the organization, but they are also unhappy with their own audit committee agendas concentrating so much time on these particular issues.

4. CFO Succession Planning

The emphasis focused on the succession planning of the CFO and the strength of his or her finance team has proved very weak for many corporations. Roughly forty-four percent of audit committees are dissatisfied with their CFO succession planning agenda. They also do not believe that their finance division is at the level of talent and skill that should represent the organization. With an increasing demand on finance groups, audit committees have found an urgency to devote more time and resources for the succession planning for the CFO and other key finance executives.

5. Key Financial Reporting Issues

Two major accounting changes are on the horizon and few audit committees believe their companies are prepared for implementation. With the new revenue recognition and lease accounting standards having such significant and complex impacts on businesses, implementation efforts should be a key area of focus. Additionally, participants indicated the importance of the need for increased attention to any non-GAAP financial measures because of their influence on regulators across the world. Approximately thirty-one percent of audit committees discuss with management the process by which management properly develops non-GAAP financial measures.

6. Audit Committee Effectiveness

The key for an audit committee to remain effective relies on its understanding of the business and industry. Knowledge of the business and key risks prove to substantially improve the committee’s oversight. With the increased cyber pressures, expertise in technology and cyber security can also add value to the committee.

Cyber Risk – Within their business environments, participants identified organizational culture and outdated technologies as the two major gaps evident in a company’s ability to manage cyber risks. Audit committee members are no longer focusing solely on prevention; the discussion has now pushed to detection. In order to better a business’ risk management program, specifically in regards to cyber risk, the board must make the company’s cyber risk mind-set an enterprise wide issue instead of an exclusive IT one.

Audit committees are constantly worrying about the next big risk that could hit their organizations. With the help of KPMG through their annual Global Audit Committee Pulse Survey, we were able to identify the six most significant risks that are on the radars of these committees and corporations. Enterprises are now able to utilize this data and hopefully implement policies and practices to combat these risks in the future.

Original Article Source:Is Everything Under Control?“, KPMG, 2017

More From Enterprise Risk Management Initiative

photo of woman with e-tablet.

Techniques to Prioritize and Monitor Risks
5 Questions to Identify Potential Risks on the Horizon

Processes to Identify Risks
2024 The State of Risk Oversight Report featured image

2024 The State of Risk Oversight: An Overview of Enterprise Risk Management Practices - 15th Edition