Audit committee members weigh in on priorities, risk management, and corporate and board culture
Grant Thornton LLP’s annual Governance, Risk and Compliance Survey
of chief audit executives (CAEs) expanded this year to include responses from audit committee members. By casting a wider net for perspectives, the survey, now in its fifth year, sought to better understand each group’s respective priorities and concerns. It also underscored opportunities for audit committees to play an even stronger role in matters of governance, risk management and compliance.
In many areas, the priorities of audit committee members and CAEs were largely in sync; in others, they diverged. For instance, asked to rank their focus on four types of risks, audit committee members cited financial as their top priority, followed by compliance, operational and strategic in that order. It’s not surprising that audit committees would be most concerned about risks related to financial controls, especially as it relates to the integrity of financial statements, considering that’s where they have the most responsibility, accountability and exposure.
On the other hand, CAEs ranked their risk focus as follows: compliance, operational, financial and strategic. For both groups, the impact of regulation remains top of mind. Nearly two-thirds (63%) of audit committee members said they view regulation as a risk area that could affect their organization’s growth. As the compliance burden continues to grow for internal audit and their organizations, it also grows for audit committees.
The compliance burden is so great, in fact, that internal audit departments may be using a disproportionate amount of resources on compliance activities. More than one-quarter (26%) of internal audit departments said they had increased their focus on compliance in their internal audit plans. Yet, one-third had not received additional budget to allow for the increased cost and time associated with regulatory compliance.
Even more significant is that the compliance focus has shifted attention from operational and consultative projects and enterprise risk management (ERM) — areas crucial to business growth and well-being. This isn’t news to CAEs, of course: 38% said the focus on regulatory compliance hinders them from devoting resources to higher-value activities, such as “identifying improvement opportunities,” which is the area where internal audit believes it can deliver the most value.
Considerations for audit committees
- Clarify audit committee expectations regarding internal audit’s scope and performance and seek to align priorities.
- Support the organization in leveraging compliance activities to derive greater value through tools and strategies (e.g., the use of data analytics and streamlined compliance testing across multiple requirements).
- Aim for optimal composition of the audit committee to ensure it has the necessary resources and experience to address critical issues.
- Consider forming a separate risk committee to ensure appropriate risk coverage across the board.
- Support the CEO in shaping a corporate culture of good governance.
Continue reading >> Download the PDF of this article
Read the complete GRC Survey report
- Maximize audit committee resources: internal audit, senior management and external auditors. Seek input from each key group as needed to compare perspectives.