Audit Committees Concerns About IT Risks
KPMG’s Audit Committee Institute surveyed 240 individuals who currently serve on at least on public company audit committee in June and July 2010 to learn about emerging issues that will impact audit committee agendas in the 2011-2012 timeframe. According to their report, 2011 Public Company Audit Committee Member Survey, IT risk ranked at the top of issues that audit committees are seeking to dedicate more attention to over the next year. Only 61 percent of the 240 survey respondents said they were satisfied with their IT risk oversight. Respondents also stated they would like to connect more frequently and vigorously with their chief information officer (CIO).
The call for more quality information regarding IT risk largely stems from the impact such IT developments as cloud computing and social media has on businesses. However, the survey concluded that the quality of this information ranked lowest of all categories. Also reinforced was the importance of dealing with such “defensive” IT risks as:
- Data privacy and security
- Cyber risk
- Regulatory compliance
The survey highlights included the following important issues/questions audit committees are discussing with management:
- Is there good connectivity between the CIO/IT function, the business, and the board/audit committee?
- How effective is the strategic planning process in dealing with the pace of innovation and technology change on the business?
- Do we understand our IT risks? Can we manage them?
Many audit committee members say they want to hear more frequently from the chief information officer (CIO) about IT risk and emerging technologies. About 40 percent are unsatisfied with the audit committee’s process to oversee IT risks.
Visit the KPMG Audit Committee Institute’s website to obtain a copy of the full survey report.
Citation: KPMG Audit Committee Institute. “2011 Public Company Audit Committee Member Survey – Highlights” National Association of Corporate Directors. Oct. 1, 2011.
