Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
Emerging issues for audit committees
American Gas Association
August 17, 2016
With you today
Darin W Kempke
Partner
KPMG National Audit Sector Leader: Energy
3© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International
Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
KPMG global survey: “Calibrating strategy and risk”
If you aren’t constantly assessing strategy
and risk, and adjusting as you go, there’s
no way you’re keeping pace as a business
or a board.
4© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International
Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
KPMG global pulse survey: Five takeawaysBoards continue to deepen their involvement in
strategy – including execution.
Effectively linking strategy and risk continues to elude
many boards.
Better risk information and access to expertise are
(still) top of mind.
Cyber security may require deeper expertise, more
attention from the full board, and potentially a
new committee.
Oversight of key strategic and operational risks could
be more-effectively communicated and coordinated
among the board and its committees.
5© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International
Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Q: In what areas (if any) has the board’s involvement in strategy increased over the past 2 – 3 years?
Monitoring execution
Recalibrating strategy
33% Devoting more time to technology issues, including cyber risk
24% Testing the ongoing validity of assumptions
53%
47%
35%
11% No significant increase – board has been deeply engaged
for years
11% No significant increase – but deeper engagement is needed
5% Unclear
Formulation of strategy alternatives/ consideration of
strategic alternatives
6© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International
Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Q: How satisfied are you that risk and strategy are effectively linked in boardroom discussions?
Somewhat satisfied
Not satisfied
10% More than satisfied
2% Unclear
44%
31%
14%
Satisfied
7© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International
Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Q: What would most improve the company’s risk-related decision making?
A more clearly-defined risk appetite
More effective promotion and assessment of company’s
risk culture
33%Greater consideration of the “upside” of risk-taking (versus
risk-avoidance)
20% A more prominent role for chief risk officer (or equivalent)
53%
41%
35%
3% Other
5% None of the above
Closer linkage of strategy and risk
8© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International
Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Q: What would most improve the board’s oversight of cyber security?
Deeper technology expertise on the board
Full board devoting more agenda time to cyber risk
23%Formation of a new committee (to address cyber and
technology risks)
11% Narrower role for the audit committee
51%
40%
30%
7% None of the above
4% Other
Greater use of third-party expertise
9© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International
Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Q: How satisfied are you with the communication and coordination between the board and its standing committees regarding oversight activities around the company’s key strategic and operational risks?
Somewhat satisfied
More than satisfied
11% Not satisfied
3% Unclear
44%
31%
11%
Satisfied
10© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International
Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Q: What steps has the board discussed or undertaken recently in light of the increasing complexity of the business and risk environment?
Better coordination of risk oversight activities among the
board and its committees
Hearing more third-party/independent views on the
company’s risks
20%Refreshing the board / recruiting directors with
specific expertise
19% Changes to the board’s committee structure/creating
new committee(s)
61%
35%
25%
18%Reallocation of risk oversight responsibilities (to better
balance committee workloads)
6% Other
Improving risk-related information flowing to the board
11© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International
Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
In-depth interviews: recurring themes— Good risk management is an
ongoing business discussion –
dynamic and enterprise-wide
— Risk and strategy go hand
in hand
— Getting the risk culture right starts
at the top, but succeeds (or fails)
in the middle
— Recognize that cyber security is
a critical business risk, requiring
the full board’s attention
— Step back and assess whether
risk oversight roles and
responsibilities are clear and still
make sense
On the 2016audit committee agendas
On the 2016 board agenda
Deepen the board’s
engagement in
strategy
Make talent
development a
strategic priority
Reassess the
company’s
vulnerability
Refine and
broaden
boardroom
discussions about
cyber risk and
security
Promote effective
engagement with
shareholders,
including
the activists
Keep board
composition front
and center
On the 2016 audit committee agenda
Maintain
control
of the committee’s
agenda
Quality financial
reporting starts
with the CFO
Monitor fair value
estimates,
impairments,
& judgments
Assess the
company’s
readiness for the
FASB’s new
revenue
recognition
Reinforce audit
quality
Tell the company’s
story—and the
audit committee’s
15© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International
Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Audit committee reporting
– Focuses on trends and emerging issues
– Reports root causes and consequences of issues with
clarity and impact
– Includes significant risk exposures and control issues as
requested by the audit committee
Enhanced reporting by internal audit
– Documenting arrangements concerning report content
expectations
– Committee member backgrounds and preferences
– Board and audit committee communication style
– Focus on any changes since last meeting
– Knowledge of upcoming organizational changes (M&A,
regulatory, etc.)
Understanding audit committee expectations
16© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International
Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Key information provided to the audit committee by internal auditCommon Practices
— Key changes to audit plan from what
was originally approved
— Significant issues/findings from the
previous quarter’s work
— Dashboard reporting on “audit
activities” and “audit operations”
— Status of any internal transformational
initiatives IA is undergoing
— Special reporting, e.g., whistleblower
hotline, and other relevant reporting
— Status of how previously identified
issues/problems
are being addressed by the business
(i.e., timeliness, completeness, etc.)
Enhanced Communications
— Assessment of the control
environment by business segment
and in the aggregate (point in time
and directional opinion)
— Adequacy of risk management
processes and controls around
key risks, and how compensation
plans impact risks
— Internal Audit’s opinion as to how well
significant business initiatives are
being managed (e.g., large IT
transformations, key
regulatory changes)
17© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International
Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Audit committee’s increasing reliance on internal audit and the CAE— “The eyes and ears of the audit committee”
— Importance of CAE / Audit Committee chair relationship
CAE assisting audit committee chair in
— Preparation of Audit Committee agenda and organization of
committee meetings
— Helping to coordinate risk oversight processes of board and its
standing committees
— Helping to define board / committee information requirements
— Suggesting possible leading practices in key areas of audit
committee oversight
18network of independent member firms
affiliated with KPMG International
Cooperative (“KPMG International”),
a Swiss entity. All rights reserved.
The KPMG name and logo are
registered trademarks or trademarks of
KPMG International.
© 2016 KPMG LLP, a Delaware limited
liability partnership and the U.S.
member firm of the KPMG
• Dashboard report on current activities
• Changes to annual plan
• Status of the annual audit plan
• Critical findings or emerging trends
• Internal Audit staffing, impact of resource
limitations, and costs vs. budget year to date
• Results of special investigations
• Department performance metrics /scorecard
Quarterly Typical Content
Summarize what the committee needs to know
about routine findings, and report separately on
more important matters such as:
• Matters that might affect the fairness of financial
reporting
• Breaches of the company’s ethics policies
• Details of any frauds discovered
• Significant delays in management responding to
or acting on findings and recommendations
Enhanced Content
• Report on the year in review to include themes
or trends identified
• Update of the risk assessment and audit plan
• Report on the results of the internal quality
assurance and improvement program
• Discuss the results of the external quality
assurance review, timing / frequency of the
external assessment and reviewer’s
background
• Review and approve updates to the IA
department charter
Annual Typical Content
The annual report is typically a summary of the
four quarterly reports. Additional items to cover
may include:
• Analysis and summary of the control
environment and identification of emerging risks
or trends
• Statement that all work continues to be
performed in accordance with IIA standards
• Details of changes in personnel and
professional development courses attended
Enhanced Content
Quarterly and annual reporting
Appendix
Survey demographics
20© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International
Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
56%
11%
18%
15%
Audit Committee Member
Director (not on audit committee)
C-level Executive
Other
Survey respondents by title/role
21© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International
Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Survey respondents (continued)
= 20 or more responses
Argentina
Australia
Bahrain
Belgium
Bermuda
Canada
Chile
France
Germany
India
Indonesia
Ireland
Israel
Japan
Korea
Malaysia
Malta
Mexico
Philippines
Poland
Portugal
Qatar
Singapore
Slovenia
Switzerland
Taiwan
United Kingdom
United States
22© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International
Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
About the Board Leadership CenterThe KPMG Board Leadership Center champions outstanding governance to help
drive long-term corporate value and enhance investor confidence. Through an array
of programs and perspectives—including KPMG’s Audit Committee Institute and
Private Markets Group, the WomenCorporateDirectors Foundation, and more—the
Center engages with directors and business leaders to help articulate their
challenges and promote continuous improvement. Drawing on insights from KPMG
professionals and governance experts worldwide, the Center delivers actionable
thought leadership—on risk and strategy, talent and technology, globalization and
compliance, financial reporting and audit quality, and more—all through a board lens.
Learn more at KPMG.com/BLC.
© 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of
independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity.
All rights reserved.
The KPMG name and logo are registered trademarks or trademarks of KPMG International.
The information contained herein is of a general nature and is not intended to address the circumstances of any particular
individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such
information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on
such information without appropriate professional advice after a thorough examination of the particular situation.
kpmg.com/socialmedia