Risk management is a top concern for audit committees.


        The effectiveness of risk management programs         technology advances and business model disruption,
        generally, as well as legal/regulatory compliance, cyber   cyber threats, and greater regulatory scrutiny and
        security risk, and the company’s controls around risks,   investor demands for transparency. But more than
        topped the list of issues that survey participants view   40 percent of audit committee members think their
        as posing the greatest challenges to their companies.   risk management program and processes “require
        It’s hardly surprising that risk is top of mind for audit   substantial work,” and a similar percentage say that it is
        committees—and very likely, the full board—given      increasingly difficult to oversee those major risks.
        expectations for slow growth and economic uncertainty,



        Q           From your perspective as an audit committee member, which

                    of the following issues pose the greatest challenges to your
                    company? (select up to three)



                          Effectiveness of risk management program                                      41%
                                       Legal/regulatory compliance                                34%

                                      Managing cyber security risk                          28%
                                Maintaining the control environment
                             in the company’s extended organization                         28%
                       Tone at the top and culture of the organization                  24%

                  Maintaining internal controls over financial reporting              22%
                    Ensuring that internal audit is maximizing its value             21%
                         Pressures of short-termism and aligning the               19%
                        company’s long-term and short-term priorities
                        Implementation of new accounting standards           13%
             (e.g., revenue recognition, leases, financial instruments, etc.)
                                                      Fraud risk             13%
                          Talent and skills in the finance organization     11%

              Key assumptions underlying critical accounting estimates    9%

                                           Assessing audit quality       8%
                                         CFO succession planning        7%

            Readiness for the OECD’s country-by-country tax reporting  3%
                                                          Other     3%


                                                                                    Multiple responses allowed


        We are clearly seeing an increased focus by boards    more important than ever that the board be sensitive to
        on key operational risks across the extended global   the tone from, and example set by, leadership; reinforce
        organization—e.g., supply chain and outsourcing risks,   organizational culture (i.e., what the company does, how
        information technology (IT) and data security risks, etc.   it does it, including a commitment to compliance and the
        And, at a higher level, boards are paying more attention   management of risk); and understand the behaviors that
        to the capital “R” risks that may pose the greatest risk   the company's incentive structure may encourage.
        to the company. In today's business environment, it is



        © 2017 KPMG Central Services, a Belgian Economic Interest Grouping (“ESV/GIE”) and a member firm of the KPMG network of independent member firms affiliated with KPMG International
        Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Printed in Belgium.