A new report from KPMG's Audit Committee Institute asks this intriguing question, with a focus on the work of the audit committee.
The report indicates that audit committees are concerned that the extent and pace of change in technology is beyond their ability to provide oversight — to challenge management on how they are addressing risks.
Only 6% of attendees at the conference from which the study results are drawn felt that "the company's governance processes and controls — including risk management — are keeping pace with technology change. This is one of the top concerns for audit committee, KPMG says, in 2012.
The authors quote one panelist as saying that "With emerging technologies and globalization posing new challenges and risks almost daily, a 'legacy approach' to managing risk won't work." KPMG goes on to say that "In this volatile and often opaque risk environment, a key challenge for the audit committee is to help mobilize the board (to keep the business on track), mobile management (to rethink its strategy and risks, and stress test the business model), and emphasize that making well-informed decisions may require a more sophisticated approach to manage an increasingly complex array of risks — the economy, technology, globalization, competition, regulatory risk, the speed of change, and more."
Top considerations include:
"Insisting on ongoing, substantive involvement by the board in strategy and risk." Only half the respondents were satisfied with the board's involvement in corporate strategy.
"Understanding the company's significant operational risks — and whether 'business controls' are keeping pace with technology and changes in the business."
"Fostering the right risk culture – including seeking out dissenting views and ensuring that the compliance function has a prominent seat at the table."
"Ensuring that internal audit is properly focused and resourced."
Other interesting observations include:
Only 18% were satisfied with the audit committee's discussions with management about the impact of social media and emerging technologies on customer strategies.
Just 36% of audit committee members felt that their company's data was well-protected, and 76% saw this as an area of concern — even a serious concern.
42% felt an improvement was needed in the willingness and ability of directors to challenge management.
Understandably, being a report by KPMG on audit committee activities, there are also comments on financial reporting and the importance of social responsibility.
- Are these the concerns of your management and audit committee?
- How well are they addressed at your company?
- Do they concern you and your team?