Risk management

With continued economic uncertainty and an incoming presidential administration promising sweeping policy changes, audit committee members are bracing for unforeseen risks in 2017 and urging their companies to ramp up risk management programs, according to a new survey by the consulting group KPMG.

More than four in ten (41%) of the 832 audit committee members polled say the effectiveness of risk management programs poses the greatest challenge to their organizations in the next 12 months. Only 38% say their company has a robust risk management system in place, while 42% say their company’ systems require substantial work.

The biggest problem facing audit committee members in 2017 is not knowing enough about the business, according to the data. Most members are seeking a better understanding of how businesses work and their associated risks. Thirty-nine percent say getting to know those risks will most improve the audit committee’s effectiveness, while 31% say their committees would benefit most by having additional expertise, especially pertaining to cybersecurity and technology.

“The audit committee’s job isn’t getting any easier,” said KPMG partner Jose R. Rodriguez, “particularly given the uncertainty, volatility, and complexity of today’s business environment.”

ThinkstockPhotos-518433706For audit committees, time is hard to come by and expertise, a valued commodity. Just over half of respondents say their committees have enough time and know-how to grapple with growing risks. Fifty-one percent say their audit committees have the time to handle risks while simultaneously carrying out other core oversight responsibilities. But less than half (46%) say they have the proper expertise.

Regulatory compliance (34%) along with both managing cybersecurity risks and “maintaining the control environment in an extended organization” (both at 28%) rounded out the top three most pressing challenges for audit committee members to tackle in the coming year.

“These findings reinforce the practices and priorities that are essential for audit committees to keep pace,” Rodriguez said, “starting with having a solid understanding of the business and the critical risks it faces.”


While committee members are unsure about the strength and effectiveness of companies’ risk management systems, they continue to express confidence in financial reporting and audit quality, according to the survey. However, new revenue recognition standards are beginning to worry some committee members. The plurality of respondents (24%) says their boards are still assessing the effects of the new standards and have yet to develop a plan for implementation. (Public companies will have to comply with the new rules beginning in the first quarter of 2018.)

Another challenge cited in the survey is the abundance and heightened scrutiny of non-GAAP reporting in recent months. The survey suggests placing such reporting practices high up on the committee’s agenda. Having robust conversations about how and why non-GAAP reporting is used will help companies steer clear of the watchful eye of the SEC.

The KPMG Pulse survey polled 832 audit committee chairs (55%) and committee members (45%) from small- to large-cap companies during the months of August to October 2016.

Image: Thinkstock

, , , , , , , ,

2 responses to “Audit Committees Face Expertise, Risk Management Challenges”

  1. It is challenging to design and maintain adequate and effective internal control over the extended organization – particularly, when it could straddle different geographies, different medium such as over the cloud, and different ethical, cultural and regulatory landscapes.

  2. One of the biggest risk management challenges is, as most of us are aware of, is cyber security. Where does or will Sarbanes Oxley assign the accountability for expertise and effective execution to reduce cyber security risk as well as address oversight accountability by audit committee ?

Leave a Reply

Your email address will not be published. Required fields are marked *