KPMG’s Audit Committee Institute has released its 2015 Global Audit Committee Survey, representing the views of over 1,500 audit committee members in 35 countries. The survey contains a wealth of information concerning the attitudes, concerns, and priorities of these audit committee members. KPMG’s introductory “global snapshot” lists seven key findings (which are underscored below) –
Uncertainty and volatility, regulation and compliance, and operational risk top the list of challenges facing companies today. 52 percent of respondents cited “uncertainty and volatility (economic, regulatory, and political)” as posing the greatest challenge to the company; 47 percent cited “government regulation/impact of public policy initiatives;” 33 percent cited “legal/regulatory compliance;” and 30 percent identified “operational risk/control environment.” Interestingly -- in light of the next key finding -- only 16 percent cited cybersecurity as one of the company’s greatest challenges.
Audit committees want to spend more time on risk oversight – particularly cybersecurity and the pace of technology change. Audit committee members were asked to select areas as to which their committee should devote more time in 2015, as compared to 2014. 55 percent of respondents said their committee should devote either “more time” or “significantly more time” to cybersecurity (including data privacy and protection of intellectual property). 50 percent cited “pace of technology change” (including emerging technologies, mobile, social media, data analytics, and cloud computing). The area with the highest percentage (61 percent) of “more time” or “significantly more time” responses was “internal controls around operational risk.”
The quality of information about cybersecurity and technology risk, talent, innovation, and business model disruption is falling short. Only 10 percent of respondents thought that the information they were receiving regarding cybersecurity was “excellent”, while 49 percent said that cybersecurity information needs improvement. The three areas that received the highest “needs improvement” scores were “global systemic risk (e.g., pandemic, social unrest, geopolitical instability)” (62 percent), supply chain risk (62 percent), and uncertainty and volatility (60 percent).
More boards are reallocating risk oversight duties as the audit committee’s workload becomes more difficult. 74 percent of respondents said that the amount of time required to carry out their audit committee responsibilities had increased either “significantly” or “moderately” during the past two years. A narrow majority – 52 percent – were satisfied that their committee had the time and expertise to oversee the major risks on its agenda, in addition to carrying out its core oversight responsibilities. An additional 40 percent thought it was becoming “increasingly difficult” to do so. 29 percent of
respondents said that the majority of tasks related directly to risk management processes were assigned to the audit committee, while 35 percent said risk oversight responsibilities had been reallocated to the full board or to other committees during the past several years.
CFO succession planning is still a major gap, and many audit committees want to dive deeper into finance issues. More than 40 percent of audit committee members said that their committee is “not effective” in CFO succession planning. Nonetheless, opinion was divided as to whether the committee should channel more of its limited time into this area: 36 percent of respondents thought their committee should devote “more time” or “significantly more time” to talent management/succession planning for the CFO and the finance organization. However, 40 percent thought there should be no change, and 6 percent thought there should be less time spent on these issues.
Views on audit reforms are mixed; and while confidence in audit quality continues to be strong, there’s still room for auditors to offer more insight. As discussed in the May 2014 Update, the European Union has recently finalized a package of audit reforms, including mandatory audit firm rotation. 23 percent thought these reforms would improve audit quality, but 40 percent thought they would either not improve quality or would “potentially decrease” audit quality; 37 percent thought the impact on audit quality was unclear. As to their own current auditor, 43 percent of respondents were “very satisfied” that the auditor “delivers exceptional service and value in their interactions with the audit committee” and an additional 47 percent were “somewhat satisfied.” The area in which respondents thought that auditors had the greatest opportunities for improvement was “offering insights/benchmarking on industry-specific issues” (62 percent).
A deeper understanding of the business, greater diversity of thinking, more open dialogue, and IT expertise would most improve the audit committee’s effectiveness. About half of audit committees – 54 percent – view themselves as effective in their oversight of financial reporting and disclosures. The top three things that respondents thought would improve overall effectiveness were “better understanding of the business (strategy and risks)” (43 percent), “greater diversity of thinking, background, perspectives, and experiences” (38 percent), and “more ‘white space’ time on the agenda for open dialogue” (34 percent). 7 percent thought the most effective improvement would be “better chemistry/dynamics,” and another 7 percent thought the biggest improvement would come from removing an “underperforming” director.
62 percent of those responding said that their responses were based on a public company, and 54 percent of respondents indicated that they chaired the audit committee. 38 percent of respondents said that the largest company for which they served as an audit committee member had revenues in excess of $1 billion, while 32 percent said that the largest company had revenues of $250 million or less.
Comment: The survey results reflect the increasing time commitment attendant on audit committee service. As noted above, only about half of respondents were satisfied that their committees had the time and expertise to handle risk-related oversight issues in addition to their core financial reporting responsibilities. As confirmed by both this survey and the NACD governance survey described in the December 2014 Update, boards are increasingly recognizing that audit committees need to be able to focus on financial reporting and auditing and that broader risk responsibility is better assigned elsewhere. In any event, audit committees need to guard against the risk that they will become the default choice for all challenging, risk-related assignments, to the detriment of their ability to oversee financial reporting.