Evolving business practices challenge auditors

David Sinkins – 

Independent audit committees remain the cornerstone of good governance, giving organisations the confidence to make the right business decisions.

However, the ever-changing external environment, including economic conditions
and legislation are making this job harder.

Audit committees around the world have noted that ongoing economic and political uncertainty and volatility, regulatory compliance, and operational risk, pose the greatest challenges for companies in the year ahead.

This is according to a new KPMG survey of 1500 audit committee members in 35 countries, including 145 New Zealand respondents.

Expected changes

New Zealand respondents align with global views as companies here await the outcomes of the significant legislative reforms of the Resource Management Act, new health and safety legislation due to be enacted late in 2015, and the payroll changes due on April 1, 2015.

The latter two will impact all organisations and require both directors and management to fully understand their risks to ensure their control environment remains effective.

For the second year in a row, audit committees have noted that it is increasingly difficult, given their time and expertise, to oversee major risks in addition to financial reporting.

Three out of four surveyed said that the time required to carry out their audit committee responsibilities has increased significantly (24%) or moderately (51%), and half said that the job continues to grow more difficult given the committee’s time and expertise.

The strain

Many audit committees say that they have at least some responsibility for significant aspects of risk oversight, in addition to financial reporting, such as cyber security and technology, global compliance, and operational risks, or the company’s risk processes generally.

Audit committees responded that they cannot do everything.

Overseeing financial reporting and audit is a major undertaking in itself, and the risk environment is straining many audit committee agendas today.

A positive development is that more boards are reassessing or reallocating risk oversight responsibilities to better balance the workload.

Just under half of New Zealand audit committees have recently reallocated risk oversight duties among the full board and its committees, and 27% said that they may consider doing so in the near future.

This is important as a lighter risk agenda for the audit committee can translate into more time for quality discussions and a deeper understanding of the business.

We recommend that an audit committee, in conjunction with the board, reviews its workload at least once a year to ensure the committee is focused on the right issues.

Focus Issues

Asked which issues will require more attention in 2015, survey respondents cited cyber security and the pace of technology change, risk management and operational risk, and regulatory compliance.

Taking into account the pace of economic changes and volatility and the increase in regulatory compliance, it is critical that audit committees seek the right advice.

KPMG has provided assurance and advice to audit committees on a breadth of key specialities including Board Advisory, Governance, and Regulatory & Compliance.

These skilled teams are well versed in assisting directors and management to ensure their audit committees remain abreast of current industry themes and challenges while delivering their strategic and operational risk framework effectively for them to accomplish their business goals; with the end game of making sense of the new and increasingly complex risks in today’s business world.

The Mechanics

The KPMG Global Audit Committee Survey 2015 considered audit committee mechanics.

For New Zealand: 42% of respondents devoted less than 50 hours to audit responsibilities, with the highest being 250 hours. 33% of the respondents devoted less than 10% of their responsibilities outside of the boardroom and corporate headquarters.

Given an audit committee’s responsibility, this is on the low side in ensuring committee members understand their entity’s risks.

About 34% of respondents’ average length of meetings was two hours, with 4% hold four-hour meetings. 56% of respondents held four to six meetings a year.

Ongoing challenges

While audit committees continue to express confidence in their oversight of the company’s financial reporting and audit, the KPMG survey highlights a number of ongoing challenges and concerns globally. They are as follows:

The quality of risk information is falling short – particularly on cyber security and technology risk, talent and innovation, and business model disruption. New Zealand respondents had similar findings and we believe audit committees should discuss these issues in more depth.

The company’s readiness to respond to loss of critical infrastructure – financial systems, telecommunications networks, transportation, energy or power – may require more attention. New Zealand companies appear to be more conscious of this risk.

Among senior leaders of the business, the CIO ranks lowest in terms of quality interaction and communication with the audit committee.

CFO succession planning continues to be a major gap globally. In addition, audit committees are seeking CFOs to provide more in-depth information on financial risk management, capital allocation, tax, and debt. In New Zealand, this may be less of an issue as often other members of the finance team attend audit committee meetings with their CFO.

60% of respondents consider that the internal audit function could deliver greater value to the organisation. We believe there are opportunities to be more future focused and effective by starting with an external review of the internal audit function. This should occur at least once every five years.

External auditors could better support the audit committee by sharing industry-specific insights and views on the quality of the company’s financial management team.

Assessing their overall effectiveness, most audit committees said they would benefit from a better understanding of the company’s strategy and risks; more ‘white space’ time on the agenda for open dialogue; greater diversity of thinking, perspectives, and experiences; and technology expertise on the committee.

David Sinkins is Advisory Director at KPMG. He has more than 20 years of experience, specialising in governance, risk management and internal audit services to the public and private sectors. He chairs the Assurance, Risk and Advisory Committee for the Pacific Island Affairs Ministry. KPMG is a Sponsor of the Indian Newslink Indian Business Awards 2015.

The above article appeared in The Boardroom,’ the magazine of the Institute of Directors New Zealand and reproduced here with the permission of the Institute and KPMG.

About The Author

Related posts