Considering the complexity, uncertainty and sheer speed of the business and risk environments today, it was little surprise that when we asked 140 audit committee members recently to identify their top oversight concerns for 2012 (aside from the committee’s ongoing focus on financial reporting, disclosures, and related controls), at the top of the list was the adequacy of “governance processes, controls and risk management— particularly in light of emerging technology, globalization and changes to the business.”
From risks posed by emerging technologies, cyber terrorism and globalization, to leveraging social media and data to shape customer strategy and support real-time business decisions, the speed and complexity of the business environment has pushed governance to the top of many agendas.
At the same time, these challenges— along with expectations for greater transparency and insight into the company’s performance and prospects going forward—are causing audit committees to reassess whether they’re keeping pace themselves: Does the audit committee (and board) have the resources, time, expertise and boardroom culture that allow for healthy engagement on strategy and risk?
The dialogue at our 8th Annual Audit Committee Issues Conference offered important insights for audit committees and boards to consider as they help their companies grow, innovate and manage risk in the months ahead.
Social media and emerging technologies are driving revolutions in information and customer engagement. Emerging technologies and social media are enabling companies to capture and analyze huge volumes of data—to “slice and dice” the information and extract value for real-time (even predictive) insight and to build brand loyalty. These technologies are also reshaping customer strategy, changing the way employees work and collaborate, and improving supply chain efficiency.
These “revolutions,” however, are unfolding fast, and only 18 percent of conference attendees said they are satisfied with their discussions with management about the impact of social media and emerging technologies on the company’s strategy.
Digital risk requires governance and controls. Only six percent of conference attendees said they are satisfied that the company’s governance process and controls— including risk management—are keeping pace with technology change. Given the host of risks posed by emerging technologies—data privacy and security, the impact of social media on the brand, legal compliance and more—governance policies and controls around the use of social media and information/data security, as well as access to IP and “all things digital” are vital. Have our business controls kept pace with technology and globalization and changes in our business?
A “legacy approach” to managing risk won’t work. Said one conference participant: “In this environment—with emerging technologies and globalization posing new challenges and risks almost daily—the ‘legacy approach’ to managing risk won’t work.” A key challenge for the audit committee is to help mobilize the board (to keep the business on track), mobilize management (to rethink its strategy and risks, and stress test the business model), and to emphasize that making well-informed decisions may require a more-sophisticated approach to manage an increasingly complex array of risks.
Does the audit committee/board need more expertise and “fresh thinking?” Most conference attendees thought so: a majority said additional expertise—e.g., IT or M&A—and “bringing fresh thinkers onto the committee” would improve the committee’s effectiveness.
Indeed, the risk environment is likely to become increasingly complex and interconnected— from globalization and systemic risk, to pressures to grow and innovate in a low-growth economy and changes in the operating environment. Navigating this risk environment effectively will require increasingly sophisticated risk governance— which starts with a basic, yet vital, question for every audit committee to consider: Are we keeping pace?
Top Concerns for Audit Committees in 2012
- Governance processes, controls and risk management
- IT risk/emerging technologies
- Uncertainty: economic, political, social
- Data privacy/cyber security
- Fostering growth and innovation
- Board composition/expertise
- Legal/regulatory compliance
- Leadership/culture/tone at the top
- Tax risk
- Interactions with auditors
Dennis T. Whalen is partner in charge and executive director of KPMG’s Audit Committee Institute.