The role of audit committees in identifying and assessing risk continues to grow, expanding beyond traditional areas such as regulatory compliance, anti-bribery and financial, to now encompass IT, including cyber security.
And this is taking a toll, with 38% of Canadians saying it’s becoming “increasingly difficult” to oversee the myriad of responsibilities that are now associated with their roles, finds a KPMG survey.
While cyber security is considered a growing threat in the U.S., only a fraction of Canadian audit committee members seem to agree — 11% perceive it to be a major company challenge, which compares to the U.S. at 27%.
In contrast, when asked if they were satisfied with time spent on cyber security issues by the board, 31% of Canadians agree, compared to 55% globally and 57% in the U.S.
“Companies across the country must evaluate whether their audit committees are able to meet the growing and changing requirements of the committee’s roles,” says John Gordon, Canadian managing partner, Audit, KPMG in Canada. “Bridging any gaps in skills and resources will help to ensure they are able to quickly identify both traditional and non-traditional risks threatening the organization.”
Also, half of Canadian audit committee members perceive economic and political uncertainty to be the greatest concern, followed by operational risk (46%) and government regulations (40%). To tackle these emerging issues, 31% of companies say their board has recently reallocated or rebalanced risk responsibilities.
Steps companies can take to improve the quality of risk information they receive, include:
- work with management to define or refine the audit committee’s (and board’s) information needs;
- seek out independent sources of information instead of relying exclusively on management;
- ensure the board has insight and foresight about the impact of new technologies on the business, the industry and the competitive environment; and
- ensure management is actively listening to the conversation on social media to better understand the risks, opportunities and changing attitudes and perceptions about the company..