Audit committees around the world say that it is becoming increasingly difficult, given the committee’s workload and expertise, to oversee major risks in addition to financial reporting, according to KPMG’s newly released 2014 Global Audit Committee Survey. CFO succession and risk oversight are also key challenges as their companies navigate increasingly complex regulatory and operating environments.

The survey of 1,500 audit committee members in 34 countries found that while many audit committees have primary responsibility for a number of critical risks facing the company – legal/regulatory compliance, anti-bribery/corruption, financial, and/or IT and cyber security risks – 43 percent said it is becoming “increasingly difficult” to oversee those risks.  About one in four said their board has recently reallocated or rebalanced risk responsibilities, created a new committee to address specific risks, or may consider doing so in the near future.

“Audit committee agendas are not getting any lighter,” said Colin Couper, head of Audit at KPMG in Bermuda. “Overseeing financial reporting and audit, and ensuring those activities have the right resources and talent, is a job in itself. This survey suggests that it’s time to step back and assess whether the audit committee’s risk oversight responsibilities and level of resources are appropriate.”

Talent in the finance organisation and the quality of information around key risks facing the company were also cited as concerns. Globally, only 38 percent of survey respondents said their company has a formal succession plan in place for the CFO; and only about 40 percent said their company has clear performance objectives to evaluate the CFO’s performance.

While audit committees are satisfied with much of the information they receive about key risks facing the company, nearly one in three said information about cyber security, emerging technologies, and the company’s growth and innovation plans “needs improvement.”

U.S. responses to the survey were generally in line with those reported globally: Forty-one percent report that their company has a succession plan in place for the CFO, and respondents ranked the quality of information about cyber security and the pace of technology change lowest. Audit committees in the U.S., however, reported having greater responsibility for IT/cyber security, financial, and anti-bribery/corruption risk than global averages.

Neil Patterson, Chairman of KPMG in Bermuda commented that “In an ever-changing risk and regulatory environment, the role of the audit committee is expanding into new areas of risk management, beyond the traditional focus area of financial reporting. A properly resourced and engaged audit committee is a vitally important tool in managing these emerging risks.

He added “This survey indicates that succession planning, technology change and security, and quality information about the company’s risk management and long-term performance are clearly top of mind for audit committees. These areas are no less important for Bermuda public companies.  The survey findings should serve as a catalyst for Bermuda boards and management teams to assess the adequacy of their oversight in these critical areas.”

An electronic copy of KPMG’s 2014 Global Audit Committee Survey is available here

Other key global findings include:

  • The top challenges facing their companies: Regulation, uncertainty and volatility, and operational risk—followed by talent, technology change and business model disruption, cyber risk, and innovation.
  • Only 62 percent said they are satisfied the company has identified “leading indicators” that show where the company is headed and whether its strategy is on track.
  • “Customer focus/satisfaction” and “operational efficiency” were cited as the non-financial drivers of long-term value that are most important to the successful execution of the company’s strategy.
  • Most respondents said that, over the past several years, their companies could have been better prepared to respond to: significant regulatory change, ethics and compliance issues, business model disruption, and major technology developments.
  • More than 80 percent said internal audit’s role should extend beyond the adequacy of financial reporting and controls, to include other key risks facing the business; however, only 50 percent said internal audit currently has the skills and resources to be effective in the role they envision.