Skip to main content
Jan 12, 2017

2017 preview: Audit committees expect difficult year

Risk, compliance and cyber-threats top audit committees’ agendas, according to KPMG

Audit committees are buckling up for a rocky year, citing the effectiveness of their companies’ risk-management programs as their biggest challenge in 2017, according to a new report.

Slow economic growth, political uncertainty, cyber-threats, regulatory scrutiny and investor demands for transparency are all drivers for the concern around risk management, says Jose Rodriguez, executive director of KPMG’s audit committee institute and an author of the report.

This confluence of factors is affecting confidence in companies’ existing risk-management programs. More respondents say their company’s risk-management policies require substantial work (42 percent) than say their company has a robust system in place (38 percent).

Overseeing risk management is still relatively new to many audit committee members. The role of the audit committee has expanded in recent years beyond oversight of financial reporting, disclosures and external auditors (see, September 12, 2011).

KPMG’s survey of more than 800 audit committee members also reveals that they consider legal and regulatory compliance and managing cyber-security risk as other prominent challenges for the year ahead. Although IT and operations teams are responding to cyber-threats with increased sophistication, audit committees are concerned about this being seen as a technology issue only; KPMG’s report notes that it is also a business and enterprise risk.

Respondents point to organizational awareness, keeping technology systems up to date and vulnerability from third parties/supply chain as the most significant cyber-security gaps. Many respondents would also like to add technology or cyber-security expertise to their committee, citing it as one of the top methods for improving their own effectiveness.

The KPMG report also points to upcoming financial reporting changes as an area of increased focus in 2017. FASB has imposed two reporting changes, which will come into effect within the next two years: revenue recognition and leasing standards.

The revenue recognition changes, which aim to create a more universal standard for how revenue is reported, will apply to annual reporting periods for public companies after December 15, 2017 and non-public companies after December 15, 2018. Only 13 percent of respondents to KPMG’s survey say their company has a clear implementation plan for the standard, while 39 percent say their company is still assessing the impact of the new standards or is in the process of implementing a plan.

The leasing standard, which is designed to improve the reporting of leasing activities, is a little further away, with implementation due for public companies on December 15, 2018 and non-public companies on December 15, 2019. So far, 9 percent of respondents have a plan for complying with this change, while 32 percent say their companies are assessing the impact or implementing a plan.