Page 14 - demo
P. 14
Risk management is a top concern for audit committees.
The effectiveness of risk management programs technology advances and business model disruption,
generally, as well as legal/regulatory compliance, cyber cyber threats, and greater regulatory scrutiny and
security risk, and the company’s controls around risks, investor demands for transparency. But more than
topped the list of issues that survey participants view 40 percent of audit committee members think their
as posing the greatest challenges to their companies. risk management program and processes “require
It’s hardly surprising that risk is top of mind for audit substantial work,” and a similar percentage say that it is
committees—and very likely, the full board—given increasingly difficult to oversee those major risks.
expectations for slow growth and economic uncertainty,
Q From your perspective as an audit committee member, which
of the following issues pose the greatest challenges to your
company? (select up to three)
Effectiveness of risk management program 41%
Legal/regulatory compliance 34%
Managing cyber security risk 28%
Maintaining the control environment
in the company’s extended organization 28%
Tone at the top and culture of the organization 24%
Maintaining internal controls over financial reporting 22%
Ensuring that internal audit is maximizing its value 21%
Pressures of short-termism and aligning the 19%
company’s long-term and short-term priorities
Implementation of new accounting standards 13%
(e.g., revenue recognition, leases, financial instruments, etc.)
Fraud risk 13%
Talent and skills in the finance organization 11%
Key assumptions underlying critical accounting estimates 9%
Assessing audit quality 8%
CFO succession planning 7%
Readiness for the OECD’s country-by-country tax reporting 3%
Other 3%
Multiple responses allowed
We are clearly seeing an increased focus by boards more important than ever that the board be sensitive to
on key operational risks across the extended global the tone from, and example set by, leadership; reinforce
organization—e.g., supply chain and outsourcing risks, organizational culture (i.e., what the company does, how
information technology (IT) and data security risks, etc. it does it, including a commitment to compliance and the
And, at a higher level, boards are paying more attention management of risk); and understand the behaviors that
to the capital “R” risks that may pose the greatest risk the company's incentive structure may encourage.
to the company. In today's business environment, it is
© 2017 KPMG Central Services, a Belgian Economic Interest Grouping (“ESV/GIE”) and a member firm of the KPMG network of independent member firms affiliated with KPMG International
Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Printed in Belgium.