July 3, 2016 by Kristy Carscallen, Canadian Managing Partner, Audit, KPMG in Canada
While risk analysis and mitigation have long been passions of underwriters, the topic has seldom stirred great interest in the broader investor community, except during high-profile instances like 2008’s global financial crisis, which ignited intense scrutiny of corporate risk taking.
Today, risk management is earning attention, as business disruption is causing everyone from chief executive officers (CEOs) to main street investors to consider what this recently coined business phenomenon might mean for the companies they run or in which they invest.
BUSINESS DISRUPTION BUFFETING AUDIT
It is hard to avoid the topic of business disruption given the near-constant talk about game-changing technology and economic, social and political forces that threaten to overturn traditional business models and unleash aggressive new competitors, threatening long-reigning corporate giants.
This disruption is also having an impact on internal audit committees and how they size up these previously unimaginable new risks and opportunities.
In fact, the business disruption wave means that it is time for corporate audit committees to strengthen their governance and oversight duties, suggests a newly released report by KPMG in Canada. Audit Trends 2016: Targeting Transformation outlines four disruptive trends that are increasing the pressures felt by audit committees to better identify, understand and act on a widening universe of strategic, financial, business, operational and reputational risks.
Report observations are meant for everyone from audit committee members to CEOs and executive committees who depend upon committee oversight and advice, and the investing public who trust that current and future risks are spotted.
FOCUSING ON RISING RISKS
Business disruption bubbles up from many sources, from demographic trends among consumers to a ground-breaking scientific discovery. The report details the top four emerging risks generating new questions for audit committees.
Technology innovation is one of the biggest drivers of business disruption, and it is spawning a vast variety of risks for audit committee members to consider.
On one hand, fast-developing new technologies – from autonomous cars to artificial intelligence – are creating business model risk. Audit committees must provide oversight and governance of whether or not management is making the necessary strategic course changes to adapt to industry-reshaping technology.
On the other hand, as companies embrace new technology in their business and operating models, their technology risks increase. Business-critical issues can emerge, such as data protection and cyber security risk. In addition, as companies invest millions in new technology infrastructure, they are vulnerable to costly technology project risk if these massive IT programs are not well-governed.
Audit committees now find themselves needing to develop or have access to specialization to be able to assess whether or not adequate risk remediation procedures are in place.
Political and economic risk
While many Canadian companies are recognized for embracing globalization and pursuing ambitious overseas opportunities, such diversification creates exposure to global political and economic risks. Issues such as currency fluctuations, local and regional economic conditions and political regime change can quickly reverse the fortunes of a multi-national firm.
Even companies focused solely on the domestic market are now potentially affected by distant foreign political and economic events. A labour strike in Central America could paralyze the supply chain of a Canadian manufacturer or election results in the United States could squash confidence among Canadian consumers.
It all means members of audit committees need to be well-attuned to foreign developments, and ready to analyze the possible direct or indirect impacts of globalization on their businesses.
Rising reporting expectations
Past financial scandals have cast considerable attention upon public companies by investors and regulators. While these stakeholders expect faster and more detailed financial reporting, there are also calls to evolve corporate reporting to better portray the full range of risks.
Audit committees must interpret a wide variety of new operating and performance indicators, as well as review their accuracy and fitness to disclose such detail.
Many audit committees are considering changes such as the International Integrated Reporting Council’s Integrated Reporting initiative. The initiative aims to refocus reporting around a company’s business model and operating priorities, and increase strategic disclosure, to better discuss future business trends and mounting interest in expanded and customized audit reporting.
Evolving, complex regulatory landscape
Finally, it is important to note that just as audit committees are focused on ensuring compliance with domestic and global regulations, they must also monitor regulatory developments in other jurisdictions that could be introduced in Canada. With complex new regulatory standards emerging in Europe, Asia and the U.S. – covering everything from revenue and financial instruments to consumer-oriented rules around privacy and business conduct – audit committees must ensure management is considering these potential future organizational risks.
RISING TO THE CHALLENGE
Although it is easy to conclude audit committees face an overwhelming workload in light of the new risks challenging their mandates, the report also highlights how this critical board function can disrupt itself and rise to the disruption.
Audit committee members should embrace a number of best practices to transform themselves to be able to keep up with today’s disruptive forces. Among them, boards must strengthen the knowledge within the audit committee by increasing director education sessions and recruiting new talent to fill crucial knowledge gaps.
Audit committees must also intensely review and strengthen their key practices, whether by increasing the depth and frequency of risk framework reviews, expanding stress and scenario testing programs, or working more collaboratively with their company’s internal risk functions to verify the suitability of current controls.
In addition, boards should consider the need to engage third-party knowledge and perspectives to make meaning of complex new topics from cyber security to overseas regulatory affairs.
By doing so, audit committees can ensure they are well-equipped to face the next generation of corporate risks.
Business disruption can be intimidating, but audit committees can take important steps to provide essential financial and governance oversight, and bring even greater value to management and investors in a rapidly changing world.
=Kristy Carscallen, Canadian Managing Partner, Audit, KPMG in Canada