Short of a crisis, the issues on the audit committee's radar don't change dramatically from year to year (and they probably shouldn’t); but sometimes small shifts tell a big story.
In our 2015 Global Audit Committee Survey, it comes as little surprise to see four key concerns carried over from last: economic and political uncertainty and volatility, regulation and the impact of public policy initiatives, operational risk, and cyber-security. Clearly, a slowing global economy, the flare-up of geopolitical hotspots, and the proliferation of major cyber breaches have intensified the spotlight on these issues. (And in the year ahead, audit committees say they want to devote more time to cyber security and oversight of risk.) But for many audit committees today, these headline risks are also driving a slower-moving—yet critically important—trend potentially impacting the audit committee's effectiveness: agenda overload.
Audit committees, by and large, continue to express confidence in their oversight of the company's financial reporting and audit quality. But the accelerating speed and complexity of business and risk are stretching and straining many audit committee agendas, which often include other major areas of risk—compliance, IT, cyber risk, and others. Of the 1,500 audit committee members responding to our global survey, three out of four said the time required to carry out their responsibilities has increased significantly (24 percent) or moderately (51 percent). Half said the job continues to grow more difficult given the committee's time and expertise.
In a positive development, more boards are reallocating risk oversight responsibilities among their committees and the full board—which bodes well for audit committees. A lighter "risk agenda" can translate into more time for quality discussions and a deeper understanding of the business—two factors that survey respondents said would most improve their audit committee's effectiveness.
Survey respondents also cite ongoing opportunities for improvement in a number of critical areas—from CFO succession planning and getting more insight from external auditors (e.g., on the strengths and weaknesses of the finance organization), to improving the quality of risk information and better leveraging internal audit as a vital resource for the audit committee.
Of course, it's difficult to compare data from 35 countries—often with markedly different business environments, regulatory requirements, and corporate governance practices. But our 2015 survey findings offer insights that audit committees (as well as management teams, auditors, regulators, and others) can use to sharpen the committee's focus, benchmark its responsibilities and practices, and strengthen its oversight going forward.
KPMG's Audit Committee Institutes
- Uncertainty and volatility, regulation and compliance, and operational risk top the list of challenges facing companies today. Most audit committees around the world point to economic and political uncertainty and volatility, regulation and compliance, and operational risk and controls as posing the greatest challenges for their companies. Little surprise, given the struggling global economy, ongoing geopolitical turmoil, heightened government regulation, and speed of risk and technology change.
- Audit committees want to spend more time on risk oversight—particularly cyber security and the pace of technology change. In the months ahead, audit committees want to devote more—or significantly more—agenda time to overseeing the company’s risk management processes and operational risk and controls, as well as cyber security and the pace of technology change (particularly acute concerns in the U.S.)
- The quality of information about cyber security and technology risk, talent, innovation, and business model disruption is falling short. Audit committee members rate much of the information they receive as good or generally good, yet many continue to express concerns about the information they receive (at the committee or full board level) related to cyber risk and technology change, talent management, growth and innovation, and possible disruption to the business model. (The CIO ranks lowest in terms of quality interaction and communication with the audit committee.) Exposure to (and readiness for) critical infrastructure failures—financial systems, telecommunications networks, transportation, energy/power—may also require more attention.
- More boards are reallocating risk oversight duties as the audit committee's workload becomes more difficult. Three quarters of audit committee members say the time required to carry out their duties has increased moderately (51 percent) or significantly (24 percent); and half said that, given the audit committee's agenda time and expertise, their role is becoming "increasingly difficult." More than one-third of boards have recently reallocated risk oversight duties among the full board and its committees (up from 25 percent last year) or may consider doing so in the near future.
- CFO succession planning is still a major gap; and many audit committees want to dive deeper into finance issues. Assessments of CFO performance and interactions with the audit committee are generally viewed as effective; yet more than 40 percent of audit committee members say the committee is "not effective" in CFO succession planning (clearly a pressing issue given the accelerating rate of CFO turnover). Many audit committees would like to hear about various aspects of the finance organizations work—financial risk management, capital allocation, tax, debt—in greater depth.
- Views on audit reforms are mixed; and while confidence in audit quality continues to be strong, there's still room for auditors to improve. Across the globe, audit committee views on whether the EU's audit reforms (including mandatory rotation) will improve audit quality vary widely, with the greatest skepticism in the U.S. (only eight percent view such reforms positively). The greatest areas for external auditors to improve their performance: offering insights and benchmarking on industry-specific issues; helping the audit committee stay up to speed; and sharing views on the quality of the financial management team. On internal audit, audit committees are still looking for greater value.
- A deeper understanding of the business, greater diversity of thinking, more open dialogue, and IT expertise would most improve the audit committee's effectiveness. Audit committees say they would be more effective in their role by having a better understanding of the company's strategy and risks; more "white space" time on the agenda for open dialogue; greater diversity of thinking, perspectives, and experiences; and technology expertise on the committee. In terms of assessing their effectiveness, "facilitated, open committee discussion" is thought to be more effective than survey questionnaires and third-party interviews of committee members.
For more information, download the full report below.