The survey "Keeping pace with disruptive risk and digital transformation" shows that despite regional differences, ultimately the task is the same: maintaining financial reporting integrity and audit quality.
Audit committees continue to express confidence in their oversight of core responsibilities – financial reporting integrity and audit quality – according to KPMG’s 2019 Audit Committee Pulse Survey. Yet, keeping pace with disruptive risk and digital transformation poses a growing challenge.
Technological innovation, digital disruption and the complexity of business are exerting ever greater pressure on audit committees to sharpen the focus on risk management and the internal control environment.
Indeed, mounting regulatory compliance risk and transformative technologies – data analytics, artificial intelligence (AI), automation and blockchain – are increasing the demands on the finance organization, internal audit teams and enterprise risk management (ERM) systems.
As companies and their boards grapple with a fast-changing world – globally connected, data-driven, and often opaque – audit committees continue to play a pivotal role in assessing risk management processes and internal controls.
Not surprisingly, the survey finds many audit committees still shouldering heavy risk agendas – financial risk, legal/regulatory compliance, cybersecurity, information technology and third-party risks. Does the audit committee have the time and expertise to oversee these major risks?
The survey shows that although these new challenges and considerations can be overwhelming at times, the committees agree on what’s important. The survey identified four key takeaways for European audit committees:
Helping to ensure the finance organization has the talent and skills to maintain high-quality financial reporting.
Nearly two-thirds of respondents reported that their committees are discussing how the finance organization’s talent, skills and leadership must evolve to support the organization’s analytics and strategic capabilities. Maintaining internal control over financial reporting as well as disclosure controls and procedures while ensuring the finance organization has the talent and resources to maintain quality financial reporting is reported to be the greatest challenge.
Regulatory compliance, a focused internal audit and cybersecurity are ranked as the top concerns.
Across Europe, cybersecurity ranked highest in terms of other top priorities on audit committee agendas. Talent and expertise in this area were also cited as critical challenges. In fact, gaps in managing cyber risk virtually doubles versus our survey in 2017 as it relates to organizational awareness and culture.
Few are confident that their company’s current enterprise risk management processes capture disruptive risks.
Slightly more than half of the audit committees describe their company’s risk management system as robust. However, only about a fifth think that their company adequately addresses disruptive risks, such as technological risks. Nonetheless, the survey also found that risk management is inspiring more confidence than two years ago, which indicates that relevant investments have been made.
Maximizing the role of internal audit’s value continues to be seen as a top priority by maintaining flexibility to adjust the audit plan in response to changing business and risk conditions.
Apart from a planning that specifically targets the company’s risks, the flexibility to adjust the audit planning to new risks at short notice is of the utmost importance. Of interest is that nearly a third of audit committee members feel that it would be a good idea to include environmental, social and governance (ESG) issues in the audit or make them the subject of a separate audit.
Audit committee members report that continuously developing a deeper understanding of the business and its risks is essential. According to one audit committee chair, it’s all about having access to the right information at the right time.
Moreover, audit committee members express a need for more "whitespace time" to get up to speed with new developments and share knowledge as well as experience among committee members. They also cite the necessity for a greater willingness to challenge management.
These findings align directly with the three keys to effectiveness that we’ve shared with audit committees over the years: ensure you receive sufficient and appropriate information, conduct open and candid conversations and maintain a sound skepticism.
Keeping in mind that audit committees across Europe have different structures and responsibilities, the following takeaways from the survey are relevant for Switzerland:
Culture is key.
Foster corporate culture to promote compliance – not just in financial reporting matters – but in other areas too.
Get familiar with current developments in financial and non-financial reporting as they may affect Swiss companies sooner than you expect.
During the discussion on the new company law, CSR-reporting requirements (like in the EU) were put on the table. The growing dissemination of so-called non-GAAP measures also requires Swiss audit committees’ attention.
Consider what level of assurance you require on new forms of reporting (such as CSR, for example).
What role will internal audit play? What kind of assurance should external auditors provide?
Challenge the skills and resources of your audit committee constantly.
How does digitalization affect the preparation of financial information and what risks are associated with? Do you need additional/new members of the audit committee and is specific and/or continuous education required?
Despite all the regulatory attempts, the importance of soft factors can’t be stressed enough. The head of the audit committee’ role is critical as is how he/she organizes the committee’s work.
Get more insight: What is keeping audit committees around the globale awake at night? (PDF)