Home > Risk > According to a KPMG study, Audit Committees, Risk Management and Internal Audit need to Shape Up!
According to a KPMG study, Audit Committees, Risk Management and Internal Audit need to Shape Up!
Here are some excerpts that caught my attention, with my comments:
- While 37% said their risk management program is “robust and mature”, 45% said the program requires “substantial work” while 14% don’t have a program nor plans to implement one
- Given that few boards have a good understanding of risk management, I suspect that the 37% are highly optimistic in their assessments. The KPMG survey said that 48% of boards are effective in their oversight of risk. I doubt that many boards are as effective as they think they are
- Only 31% felt that their risk management program was dynamic enough to cope with a rapidly changing risk environment
- The quality of risk-related information continues to be an area of concern
- Only 52% were satisfied that management has identified the significant risks to its business/growth plans and has implemented appropriate controls to monitor those risks
- It is interesting to note that KPMG only asked about “monitoring” the risks, not about acting to manage the risks
- 38% were less than confident that their financial statements presented an “understandable” picture of the company’s position
- Fewer than half of the 1,800 respondents are satisfied that internal audit delivers the value to the company it should (45%), and that the internal audit plan properly focuses on the “critical risks to the enterprise” (49%)
- Only 38% perform a formal and comprehensive assessment of the external auditor’s performance
Overall, there is a lot of good content in the study, and I recommend a careful and thoughtful read.
- How does your organization rate in these areas?
- What are you doing about it?