Q&A talks about key considerations for company boards and audit committees in 2015 with Rich Caporaso, managing partner of KPMG’s Hartford office.
Q: There is an intense focus as regulators and investors scrutinize a board’s contribution to strategy, risk, and compliance. Do boards need to set benchmarks on their strategy and risk? Compliance seems easy enough to regulate but do boards need to quantify in advance the risks they are willing to take?
A: Boards increasingly are playing a critical role in not only helping companies to avoid missteps but also in taking smart risks in order to innovate, grow and remain competitive. In discussions about growth opportunities, boards need to think about how the company measures and rewards innovation success and whether the company’s culture and processes create the right environment for growth through innovation.
Regarding compliance, in this environment of complexity and change, it is very important for the board to be acutely aware of the tone from leadership and to reinforce the culture of the organization, including the culture of compliance.
Q: With the recent negative publicity around massive security breaches at several companies, what consideration should boards be giving to cybersecurity? Is this a boardroom issue?
A: Cybersecurity is most certainly a boardroom issue. It’s critical to approach cybersecurity as an enterprise-wide risk management issue, not just an IT issue. Threats to intellectual property and information systems, not to mention compliance risks and the potential for reputational damage, lawsuits and loss of customers have elevated cybersecurity to a critical business priority for many boards.
Among the considerations: What are the company’s biggest vulnerabilities? Do they have a cyber-incident response plan? Addressing cybersecurity holistically today requires a risk management team that includes a cross-section of the organization — IT, the chief financial officer, risk management, marketing, human resources, auditors and others.
Q: What are some of the changes that can be expected from audit committees in 2015? What are some of the demands they will be facing?
A: In our interactions with audit committees and business leaders in recent months, we’ve been hearing that it has become increasingly difficult for audit committees to oversee major risks (cyber risk, supply chain and operational risks, legal and regulatory risks) in addition to their core responsibilities (financial reporting and related internal controls, and oversight of internal and external auditors).
Additionally, it is critical for audit committees to understand new accounting changes, including the Financial Accounting Standards Board’s (FASB) new revenue recognition standards that will have a major impact on a company’s financial, IT and accounting processes.
This will require audit committees to reassess whether they have the time and expertise to oversee effectively. Meeting the workload challenge will require creating efficiencies that will free up time for more substantive issues. In addition, keeping the audit committee agendas focused on major risks and core responsibilities is essential to committee effectiveness.
Q: And what are some of the governance trends boards will be facing in 2015? How active will shareholders be? Will this inspire boards to take proactive steps in their governance structure to head off challenges?
A: Activist shareholders aren’t going away any time soon. Governance will continue to be at the forefront of a board’s most important responsibilities. In a recent KPMG survey, some 60 percent of respondents said that, as a result of the activist environment, their company has increased its level of engagement with shareholders. Proactive outreach to shareholders on issues including performance, executive compensation and strategy are all important.Â
