Page 8 - demo
P. 8

8





                 Redouble the company’s focus on ethics,      coordinating with other governance, risk, and compliance
                 compliance, and culture.                     functions within the organization to limit duplication
                 Whether moving quickly to innovate and       and, more importantly, to prevent gaps. Help maximize
        capitalize on opportunities in new markets, leveraging   collaboration between internal and external auditors. As
        new technologies and data, and/or engaging with more   internal audit moves to a higher value-added model, it
        vendors and third parties across longer and increasingly   should become an increasingly valuable resource for the
        complex supply chains, most companies face heightened   audit committee.
        compliance risks. Coupled with the complex global               Quality financial reporting starts with
        regulatory environment—the array of new healthcare,             the CFO and finance function; maintain
        environmental, financial services, and data privacy             a sharp focus on leadership and
        regulations—these compliance risks and vulnerabilities          bench strength.
        will require vigilance. Help ensure that the company’s   In our latest global pulse survey, 44 percent of audit
        regulatory compliance and monitoring programs are up-to-  committees were not satisfied that their agenda is
        date and cover all vendors in the global supply chain, and   properly focused on CFO succession planning, and
        clearly communicate the company’s expectations for high   another 46 percent were only somewhat satisfied. In
        ethical standards. Take a fresh look at the effectiveness   addition, few were satisfied with the level of focus
        of the company’s whistle-blower program. Does the audit   on talent and skills in the finance organization. Given
        committee see all whistle-blower complaints? If not,   the rate of CFO turnover and the critical role the CFO
        what is the process to filter complaints that are ultimately   plays in maintaining financial reporting quality, it is
        reported to the audit committee? As a result of the radical   essential that the company have succession plans
        transparency enabled by social media, the company’s   in place not only for the CFO but also for other key
        culture and values, its commitment to integrity and legal   finance executives—the controller, chief accountant,
        compliance, and its brand reputation are on display as   chief audit executive, treasurer—and perhaps the chief
        never before. Ask for internal audit’s thoughts on ways to   compliance and chief risk officers. How does the audit
        audit/assess the culture of the organization.
                                                              committee assess the finance organization’s talent
                                                              pipeline? Do employees have the training and resources
                  Redouble the focus on key areas of risk     they need to succeed? How are they incentivized to
                  and the adequacy of the company’s           stay focused on the company’s long-term performance?
                  risk management processes generally.        What are the internal and external auditors’ views?
                  Leverage internal audit to the fullest extent
                  in this respect.
        In our 2017 Global Audit Committee Survey (see infra),                Make the most of the audit
        more than 40 percent of audit committee members think                 committee’s time together—inside
        their risk management program and processes "require                  and outside the boardroom.
        substantial work;' and a similar percentage say that it is   To address heavy workloads, many audit committees
        increasingly difficult to oversee those major risks. Audit   are focusing on ways to improve their efficiency and
        Committees need to use all resources at hand in this   effectiveness—including refining their agendas and
        respect, not in the least internal audit.             oversight processes, and reassessing their skills
                                                              and composition. Keeping pace requires agendas that
        Internal audit is most effective when it is focused on the   are manageable (what risk oversight responsibilities
        critical risks to the business, including key operational   are realistic given the audit committee’s time and
        risks (e.g., cyber security and technology risks) and   expertise?), focusing on what is most important (starting
        related controls, not just compliance and financial   with financial reporting and audit quality), allocating
        reporting risks. Help define the scope of internal audit’s   time for robust discussion while taking care of “must-
        coverage and, if necessary, redefine internal audit’s   do” compliance activities, and ensuring the committee
        role. Is the audit plan risk-based and flexible, and does it   has the right composition and leadership. Leading audit
        adjust to changing business and risk conditions? What   committees recognize that the committee’s efficiency
        has changed in the operating environment? What are    and effectiveness in the boardroom increasingly hinges
        the risks posed by the extended organization—sourcing,   on spending time outside of the boardroom—visiting
        outsourcing, sales, and distribution channels? What   company facilities, interacting with employees and
        role should internal audit play in auditing the culture of   customers, and hearing outside perspectives—to
        the company? Set clear expectations and make sure     understand the tone, culture, and rhythm of the
        internal audit has the resources, skills, and expertise   organization.
        to succeed. Challenge internal audit to take the lead in



        © 2017 KPMG Central Services, a Belgian Economic Interest Grouping (“ESV/GIE”) and a member firm of the KPMG network of independent member firms affiliated with KPMG International
        Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Printed in Belgium.
   3   4   5   6   7   8   9   10   11   12   13