Page 8 - demo
P. 8
8
Redouble the company’s focus on ethics, coordinating with other governance, risk, and compliance
compliance, and culture. functions within the organization to limit duplication
Whether moving quickly to innovate and and, more importantly, to prevent gaps. Help maximize
capitalize on opportunities in new markets, leveraging collaboration between internal and external auditors. As
new technologies and data, and/or engaging with more internal audit moves to a higher value-added model, it
vendors and third parties across longer and increasingly should become an increasingly valuable resource for the
complex supply chains, most companies face heightened audit committee.
compliance risks. Coupled with the complex global Quality financial reporting starts with
regulatory environment—the array of new healthcare, the CFO and finance function; maintain
environmental, financial services, and data privacy a sharp focus on leadership and
regulations—these compliance risks and vulnerabilities bench strength.
will require vigilance. Help ensure that the company’s In our latest global pulse survey, 44 percent of audit
regulatory compliance and monitoring programs are up-to- committees were not satisfied that their agenda is
date and cover all vendors in the global supply chain, and properly focused on CFO succession planning, and
clearly communicate the company’s expectations for high another 46 percent were only somewhat satisfied. In
ethical standards. Take a fresh look at the effectiveness addition, few were satisfied with the level of focus
of the company’s whistle-blower program. Does the audit on talent and skills in the finance organization. Given
committee see all whistle-blower complaints? If not, the rate of CFO turnover and the critical role the CFO
what is the process to filter complaints that are ultimately plays in maintaining financial reporting quality, it is
reported to the audit committee? As a result of the radical essential that the company have succession plans
transparency enabled by social media, the company’s in place not only for the CFO but also for other key
culture and values, its commitment to integrity and legal finance executives—the controller, chief accountant,
compliance, and its brand reputation are on display as chief audit executive, treasurer—and perhaps the chief
never before. Ask for internal audit’s thoughts on ways to compliance and chief risk officers. How does the audit
audit/assess the culture of the organization.
committee assess the finance organization’s talent
pipeline? Do employees have the training and resources
Redouble the focus on key areas of risk they need to succeed? How are they incentivized to
and the adequacy of the company’s stay focused on the company’s long-term performance?
risk management processes generally. What are the internal and external auditors’ views?
Leverage internal audit to the fullest extent
in this respect.
In our 2017 Global Audit Committee Survey (see infra), Make the most of the audit
more than 40 percent of audit committee members think committee’s time together—inside
their risk management program and processes "require and outside the boardroom.
substantial work;' and a similar percentage say that it is To address heavy workloads, many audit committees
increasingly difficult to oversee those major risks. Audit are focusing on ways to improve their efficiency and
Committees need to use all resources at hand in this effectiveness—including refining their agendas and
respect, not in the least internal audit. oversight processes, and reassessing their skills
and composition. Keeping pace requires agendas that
Internal audit is most effective when it is focused on the are manageable (what risk oversight responsibilities
critical risks to the business, including key operational are realistic given the audit committee’s time and
risks (e.g., cyber security and technology risks) and expertise?), focusing on what is most important (starting
related controls, not just compliance and financial with financial reporting and audit quality), allocating
reporting risks. Help define the scope of internal audit’s time for robust discussion while taking care of “must-
coverage and, if necessary, redefine internal audit’s do” compliance activities, and ensuring the committee
role. Is the audit plan risk-based and flexible, and does it has the right composition and leadership. Leading audit
adjust to changing business and risk conditions? What committees recognize that the committee’s efficiency
has changed in the operating environment? What are and effectiveness in the boardroom increasingly hinges
the risks posed by the extended organization—sourcing, on spending time outside of the boardroom—visiting
outsourcing, sales, and distribution channels? What company facilities, interacting with employees and
role should internal audit play in auditing the culture of customers, and hearing outside perspectives—to
the company? Set clear expectations and make sure understand the tone, culture, and rhythm of the
internal audit has the resources, skills, and expertise organization.
to succeed. Challenge internal audit to take the lead in
© 2017 KPMG Central Services, a Belgian Economic Interest Grouping (“ESV/GIE”) and a member firm of the KPMG network of independent member firms affiliated with KPMG International
Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Printed in Belgium.