DOHA: The findings of a major global Audit Committee Survey, conducted by global audit, tax and advisory firm, KPMG, found risk management and oversight, including crisis readiness, continue to pose significant challenges for companies across the globe.
In the Middle East, only 39 percent are fully satisfied that internal audit delivers the value to the organisation that it should; and nearly 49 percent said the internal audit plan could more effectively focus on critical risks to the enterprise.
The survey captures the views of 1,800 audit committee members in 21 countries on a range of issues — from financial reporting and disclosures, audit quality, and oversight of internal and external auditors, to risk management and crisis readiness, emerging technologies, and audit committee effectiveness.
According to the survey nearly half of survey respondents across the globe said their company’s risk management programme requires substantial work, and the quality of information audit committees receive about critical risks facing the company – particularly cyber security – continues to pose concerns. Many audit committees (49 percent) said they have increased their focus on global compliance in light of stepped-up enforcement of anti-bribery laws.
Jeyapriya Partiban, Partner, Risk Consulting, KPMG in Qatar, said: “Considering how dramatically technology, globalisation, and government regulation are reshaping the business and risk environment, we’re not surprised to see significant concerns about risk and compliance.”
“The challenge today is to ensure that management and the board sees the big picture.”
“Are they focused on the critical risks to the brand, is the board getting high-quality information, does the board have the right composition and committee structure, and are risk oversight responsibilities clear, are some of the questions which needs to be addressed,” said Partiban.
Only one in four said the company’s risk management process “extends far enough into the horizon” and only about half are satisfied that management is effectively managing risks to the company’s growth plans. The quality of risk-related information continues to be a concern –with cyber risk, global systemic risk, and the pace of technology change ranked lowest.
As per the survey findings audit committee has responsibility for oversight of major risks beyond financial reporting, including financial, operational, cyber security and IT, and legal/regulatory compliance risks, as well as the company’s enterprise risk management process.
Nearly all respondents said they are satisfied (84 percent) or somewhat satisfied (15 percent) with the quality of the external audit, although many said external auditors could offer more “industry insights and benchmarking.”
Only 49 percent are fully satisfied that internal audit delivers the value to the organisation that it should; and nearly 40 percent said the internal audit plan could more effectively focus on critical risks to the enterprise.