Audit Committee Members See 'IT Risk' Shortcomings, 'Lack of Innovation' Posing Threats to Companies: KPMG Survey

NEW YORK, Oct. 24, 2011 /PRNewswire/ -- The majority of corporate audit committee members surveyed are increasingly concerned about information technology (IT) risk – and a larger majority worry over how a "lack of innovation" could negatively affect their company's growth – according to a study by the Audit Committee Institute (ACI) of KPMG LLP, the audit, tax and advisory firm.

The KPMG survey revealed that the speed and impact of IT developments – from the influence of the Cloud to social media and mobile technologies – are causing directors to probe more deeply into "defensive" IT risks, including data privacy and security, cyber risk, and regulatory compliance.

Importantly, directors are also sharpening their focus on an underlying strategic IT risk: the failure to understand IT as a critical business driver and to leverage technology as part of the company's strategy and business model.

The survey polled 240 audit committee members serving boards of at least one U.S. public company.

More than half (58 percent) of corporate audit committee members say they need to devote more time to the oversight of IT risk and emerging technologies, while 70 percent pointed to "lack of innovation" as a potential threat to their businesses, according to the annual "2011 Public Company Audit Committee Member Survey," conducted by the ACI with the National Association of Corporate Directors (NACD).  

"Boards and audit committees are sharpening their focus on their companies' increasing vulnerabilities in IT and technology," said Jim Liddy, KPMG's U.S. vice chair - Audit.  "This data is valuable because it confirms what KPMG is hearing directly from clients who are confronting the risks brought on by rapid technology change and its implications for strategy, cyber security, and compliance.

"Directors also recognize that linking risk and strategy continues to be a challenge for their companies," Liddy said, noting that corporate strategy was ranked third-highest among the issues where audit committees say they want to devote more time over the next year.

The study also found that audit committee members are not happy with the quality of the information they receive regarding IT risk – fewer than half (41 percent) expressed satisfaction. Survey respondents also indicated that they want to hear more frequently from the chief information officer (CIO), mid-level management, and the chief risk officer (CRO).  

In addition, only 34 percent of respondents indicated they were satisfied that they hear dissenting views about the company's risk environment and related controls.

"The quality of information regarding IT risk was ranked lowest of all categories," said Mary Pat McCarthy, vice chair and executive director of KPMG's Audit Committee Institute.  "This reflects the ongoing challenge, and the critical importance, of effective communications with the CIO – in plain-English and business context."

Among the study's other findings:

• 42 percent said they were not fully satisfied that the company has identified growth-related risks and implemented controls to monitor them.
• 42 percent said their company's risk management program still "requires substantial work."
• Of the types of systemic risks posing the "greatest threat" to their companies, most were concerned about economic and financial risk, at 87 percent, "cyber risk" (assault on global IT infrastructure), at 41 percent, "geopolitical risk," 39 percent, and supply chain risk, 32 percent.
• 8 percent said they were satisfied that the company is "ready to respond" in the event that a crisis "goes viral" through social media networks (and 23 percent were "not sure").
• 22 percent reported that the company's crisis-readiness and response plans were "robust and ready to go."
• 62 percent of respondents said their board or audit committee had not received briefings on the company's plans for employing the Cloud.
• 77 percent said their audit committees or boards had not yet discussed the company's policy concerning use of social media to reach customers and investors.
• 92 percent of respondents said they were satisfied with the level of open and frank information flow between the chief financial officer or finance organization and the audit committee.
• 95 percent said their audit committee was effective in its oversight of the company's financial reporting's accuracy and integrity.
• 96 percent reported satisfaction with the quality of information the audit committee receives about disclosures.
• 90 percent reported satisfaction with the support that the audit committees received from the external audit firm's resources, technical specialists, and national office.

About KPMG's Audit Committee Institute

Established in 1999, KPMG's Audit Committee Institute (ACI) provides information, resources, and knowledge sharing opportunities – both online and through a variety of forums – to help audit committee members, directors, and senior management enhance the effectiveness, integrity, and oversight of the financial reporting process. ACI forums include the Audit Committee Roundtable Series, the Annual Issues Conference, and Quarterly Audit Committee Webcast. Learn more about ACI at www.auditcommitteeinstitute.com, 1-877-KPMG-ACI, or [email protected].

About KPMG LLP

KPMG LLP, the audit, tax and advisory firm (www.us.kpmg.com), is the U.S. member firm of KPMG International Cooperative ("KPMG International").  KPMG International's member firms have 138,000 professionals, including more than 7,900 partners, in 150 countries.

Contact:
Pete Settles
201-505-6065
732-546-4212 (cell)
[email protected]

SOURCE KPMG LLP

WANT YOUR COMPANY'S NEWS FEATURED ON PRNEWSWIRE.COM?

440k+
Newsrooms &
Influencers

9k+
Digital Media
Outlets

270k+
Journalists
Opted In

GET STARTED