Audit committee concerns on cyber and forward-looking risks

Audit committee concerns on cyber risks

Timothy Copnell, head of KPMG’s UK Audit Committee Institute comments about Audit committee concerns on cyber and forward-looking risks.

Also on

press release
  • Concerns over quality of information on cyber risks, technology and innovation
  • Lack of visibility on leading indicators and key non-financial information
  • Lack of formal CFO succession plans in place

Many audit committee members around the world are worried about the quality of information they receive on forward-looking issues such as cyber, technology and innovation risks and non-financial ‘leading indicators’ of a company’s performance such as talent management and brand perception, according to a new survey from KPMG of 1,500 audit committee in 34 countries.

Perhaps not surprisingly, regulation, operational risk, and uncertainty and volatility are rated overall as the top audit committee challenges according to KPMG’s survey.  But issues further down the list – both audit committee ‘basics’ and some less traditionally core issues – underscore the difficulty in exercising effective audit committee oversight.

While there is a high degree of satisfaction with many aspects of the audit committee role, the percentages are not comfortably strong in all areas.  CFO succession planning, information flows and the degree to which audit committees understand the significant issues all show ‘room for improvement’; and most respondents accepted that, over the past several years, their companies could have been better prepared to respond to significant regulatory change, ethics and compliance issues, business model disruption, and major technology developments.

Cyber and other risks

Although audit committees are satisfied with much of the information they receive about key risks facing the company,  the proportion of UK respondents who said the quality of information about cyber security needs improvement has doubled (47 percent compared to 24 percent last year) - and 58 percent were dissatisfied with the agenda time devoted to this issue.

About half said it is “increasingly difficult,” given the audit committee’s expertise and heavy agenda, for the committee to oversee major risks in addition to financial reporting; and moreover 47 percent of respondents weren’t fully confident in their understanding of the critical accounting judgements and estimates – an audit committee fundamental. 

In addition, audit committee members are concerned about a number of other forward-looking issues:

  • Two thirds of UK respondents (68 percent) said that the issue of talent management was not given sufficient agenda time – well above the global figure of 51 percent
  • Just over a quarter of UK respondents said their board has recently reallocated or rebalanced risk responsibilities or created a new committee to address specific risks, or may consider doing so in the near future
  • Less than 40 percent in the UK and globally said their company has a formal succession plan in place for the CFO and over a quarter of UK respondents reported that the evaluation process for the CFO didn’t include clear performance objectives against which the CFO’s performance is rigorously evaluated (a figure that rises to over 40 percent globally).

“Audit committee agendas are not getting any lighter,” said Timothy Copnell, head of KPMG’s UK Audit Committee Institute. “Overseeing financial reporting and audit, and ensuring those activities have the right resources and talent, is a job in itself. This survey suggests that many audit committee agendas may be reaching a tipping point, and that it’s time to step back and assess whether audit committees are able to exercise even their fundamental responsibilities in an appropriate manner.

“The rise in concern over cyber threats is worrying.  Clearly this is a growing and real issue that companies need to tackle head-on, and ensure that their Board and non-executives have robust, real-time information on.”

Leading indicators and non-financial drivers

While recent UK reporting developments have emphasized the importance of communication around strategy and performance, only 55 percent of respondents were satisfied that their company has identified “leading indicators” that show where the company is headed and whether its strategy is on track.

“Customer focus/satisfaction” and “operational efficiency” were cited as the non-financial drivers of long-term value that are most important to the successful execution of the company’s strategy.  Talent management, brand and culture were the next most important drivers - though for these categories only a third monitored metrics and over a half didn’t communicate any metrics to shareholders.


Respondents were split as to the benefits of more granular reporting to investors around the audit committee role and how its duties are discharged.  Less than a third supported disclosure around the effectiveness of the audit process and the significant financial reporting considerations (as suggested by the FRC’s UK Corporate Governance Code), while nearly 40 percent were not in favour of any additional reporting.

“The UK regulatory environment has placed a large burden on today’s audit committees and many boards are looking afresh at how risk oversight is allocated across the board,” said Copnell. “These results show that audit committees are often aware of the stress points and where improvements are necessary, but the challenge will be to translate that awareness into action.  Hopefully these survey findings will serve as a catalyst for boards and management teams to address the adequacy of their governance processes.”

View the KPMG’s 2014 Global Audit Committee Survey


- ENDS -


Notes to editors:

KPMG’s survey was conducted amongst approximately 1,500 audit committee members in 34 countries between September and November 2013.

Media enquiries to:

Mark Hamilton,

KPMG Corporate Communications

T: 020 7694 2687

KPMG Press Office: +44 (0) 207 694 8773


About KPMG:

KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and operates from 22 offices across the UK with approximately 11,500 partners and staff.  The UK firm recorded a turnover of £1.8 billion in the year ended September 2013. KPMG is a global network of professional firms providing Audit, Tax, and Advisory services. It operates in 155 countries and has 155,000 professionals working in member firms around the world. The independent member firms of the KPMG network are affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity.  Each KPMG firm is a legally distinct and separate entity and describes itself as such.

This article represents the views of the author only, and does not necessarily represent the views or professional advice of KPMG in the UK.

Connect with us


Request for proposal



KPMG’s new-look website

KPMG’s new-look website