CFO succession and risk oversight are also key challenges as their companies navigate increasingly complex regulatory and operating environments.
The survey found that while many audit committees have primary responsibility for a number of critical risks facing the company such as legal/regulatory compliance, anti-bribery/corruption and IT and cyber security risks 43 per cent said it is becoming “increasingly difficult” to oversee those risks.
About one in four said their board has recently reallocated or rebalanced risk responsibilities, created a new committee to address specific risks, or may consider doing so in the near future.
“Overseeing financial reporting and audit, and ensuring those activities have the right resources and talent, is a job in itself. This survey suggests that it’s time to step back and assess whether such committee’s risk oversight responsibilities are appropriate,” said John Ditty, head of Advisory at KPMG in Vietnam.
“Although many Vietnamese companies do not have audit committees per se, many have Supervisory Boards, Inspection Committees, Risk Committees or a similar type boards/bodies and the issues and challenges facing audit committees globally are similar to those faced by the equivalent boards/bodies in Vietnam,” he noted.
Talent in the finance organisation and the quality of information around key risks facing the company were also cited as concerns: Globally, only 38 per cent of survey respondents said their company has a formal succession plan in place for the CFO; and only about 40 per cent said their company has clear performance objectives to evaluate the CFO’s performance.
While audit committees are satisfied with much of the information they receive about key risks facing the company, nearly one in three said information about cyber security, emerging technologies, and the company’s growth and innovation plans “needs improvement.”
“An overloaded audit committee is a less effective audit committee,” said Ditty. “These survey findings should serve as a catalyst for boards and management teams to assess the adequacy of their governance processes in critical areas.”
Noting that the audit committee’s perspective on business and regulatory risk sheds important light for the entire board, Ditty added that “talent, technology, and quality information about the company’s risks and long-term performance are clearly top of mind for audit committees, and should be for the full board.”
The survey also found that regulation, uncertainty and volatility, and operational risk were the top challenges facing their companies followed by talent, technology change and business model disruption, cyber risk, and innovation.
Most respondents said over the past several years, their companies could have been better prepared to respond to significant regulatory change, ethics and compliance issues, business model disruption, and major technology developments.
More than 80 per cent of survey respondents also said internal audit’s role should extend beyond the adequacy of financial reporting and controls to include other key risks facing the business; however, only 50 per cent said internal audit currently has the skills and resources to be effective in the role they envision.
What the stars mean:
★ Poor ★ ★ Promising ★★★ Good ★★★★ Very good ★★★★★ Exceptional