Corporate boards are deepening their involvement in company strategy and refining their oversight of the critical risks facing the company – but there is still work to be done if companies are to meet the challenge set by the 2014 UK Corporate Governance Code according to a new survey from KPMG’s Audit Committee Institute.
Compliance with the Code guidance on risk management and internal control requires inter alia that boards make a robust assessment of the principal risks to the company’s business model and ability to deliver its strategy. However, while many UK audit committee members said their board had increased its involvement in strategy formulation (67%), monitoring strategy execution (62%) and focus on technology issues including cyber security (51%), only half (51%) were satisfied that risk and strategy were effectively linked in boardroom discussions.
“The complexity and global volatility that we’re seeing—swings in commodity prices and currencies, a decelerating China, uncertainty in geopolitical hotspots, technology innovation, and disruptive business models—are clearly impacting the board’s involvement in strategy and risk,” said Timothy Copnell, Chair of the UK Audit Committee Institute. “But there is a danger that many boards are seeing risk management as a ‘bolt-on’ exercise which potentially leaves them exposed to the strategic risks that could affect the company as well as its long term viability.”
Despite the increased focus on cyber security and technology risk as a critical business priority, 39 percent of UK respondents said the full board should be devoting more attention to cyber risk; and the adequacy of cyber and technology expertise – via third parties and/or on the board – continues to be a concern.
Copnell commented “Unfortunately, there remains a dearth of cyber and wider technology expertise on boards. 50% of UK respondents recognise this need very well, but the risk and opportunities are so large, someone on the board has to know the right questions to ask and be in a position to understand the answers.”
The survey responses—from more than 100 senior UK audit committee members (and over 1000 directors worldwide)—suggest that while many boards are clearly stepping up their game, significant challenges remain, including linking strategy and risk, more clearly defining risk appetite and addressing the growing risks associated with cyber security and technology.
KPMG’s survey, “Calibrating Strategy and Risk,” is available here.
Margot Cowhig, KPMG Corporate Communications
T: +44 (0)207 694 4246
M: +44(0)7920 274856
KPMG Press office: +44 (0)207 694 8773
Follow us on twitter: @kpmguk
KPMG in the United Kingdom, is member of a global network of professional firms providing Audit, Tax and Advisory services. KPMG operates in 155 countries and has more than 162,000 people working in member firms around the world. The independent member firms of the KPMG network are affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. Each KPMG firm is a legally distinct and separate entity and describes itself as such. KPMG’s Audit Committee Institute (ACI) champions outstanding corporate governance to help drive long-term corporate value and enhance investor confidence. ACI engages with directors and business leaders across 35 countries, delivering actionable thought leadership on risk and strategy, talent and technology, financial reporting and audit quality, and more: UK Audit Committee Institute