Introduction and context

Transcription

1

2 Introduction and context In 2014, the KPMG Audit Committee Institute (ACI) conducted a survey of more than 1,550 global AC members, identifying their key priorities for Comparing the global and results, the 2015 survey findings offer insights that ACs can use to sharpen their committee s focus, benchmark its responsibilities and practices, and strengthen its oversight going forward. Number of responses 1, Type of company Public = 62% Private = 24% Not for profit = Government = Public = 97% Private = Size of company (average revenue) < $250 m (32%) < $250 m (3) $250 - $500 m (15%) $250 - $500 m (1) >$500m (5) >$500m (48%) Top 3 sectors represented Banking (18%) Industrial (14%) Retail (10%) Real estate (2) Retail (1) Manufacturing (1) Industrial (1) Portion of AC chairmen 54% 68% Page 2

3 Overview of results The results of the survey can be grouped as follows: Top Challenges and Concerns Risk and Information Quality Audit Committee Agenda and Workload Oversight of Auditors Audit Committee Effectiveness Audit Committee Mechanics Page 3

4 2015 KPMG LLP (Registration No: T08LL1267L), an accounting limited liability partnership registered in under the Limited Liability Partnership Act (Chapter 163A) and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. All rights reserved. 4

5 Top Challenges and Key Concerns salient points In 5 out of 12 categories of risks causing the greatest challenges, ACs were more concerned (than ACs). The risk areas included legal / regulatory compliance, operational risk / control environment, talent management and development, pace of technology change and cyber security. In 12 out of 15 categories of matters to consider, ACs want to spend more time (than ACs). >half ACs want to spend more AC agenda time devoted to the following areas: Oversight of risk process Adequacy of internal controls around operational risks Cyber security including data privacy and protection of intellectual property Legal/regulatory compliance Pace of technology change Adequacy of internal controls around financial i reporting Talent development / succession planning for CFO and finance organisation Discussions with management regarding the adequacy of the company s disclosures Accounting judgments and estimates Page 5

6 27% Talent management and development Key non-financial reporting risks creating greatest challenges to companies Growth and innovation (or lack of innovation) ACs are most concerned about uncertainty/volatility and impact of government regulation/policy. ACs are most concerned about legal/regulatory compliance, operational risk/controls, talent 21% management and pace of technology change. Uncertainty and volatility (economic, regulatory, Uncertainty political) and volatility (economic, regulatory, political) Government regulation / impact of public Government policy initiatives regulation/impact of public policy initiatives Legal / regulatory compliance Legal/regulatory compliance Operational Operational risk risk/control / environment environment Talent Talent management management and and development development Growth and innovation (or lack of Growth and innovation (or lack of innovation) innovation) 28% 34% 3 30% 27% % 44% 41% 41% 52% Pace of technology change (e.g., emerging g technologies, mobile, social media, data analytics, cloud computing) Possible disruption to the business model Possible disruption to the business model Cyber Cyber security security including including data data privacy privacy and and protection of of intellectual property property systemic risk (pandemic, social unrest, unrest, geopolitical instability ) Supply chain risk Tax risk Supply chain risk Tax risk 7% 7% 1 20% % 41% 41% Pace Pace of technology of technology change change (e.g., (e.g., emerging technologies, mobile, social media, media, data analytics, data analytics, cloud cloud computing) 21% 41% Other Other 4% Possible disruption to the business model 20% Cyber security including data Q1. Which of the following risks (aside 1 from financial reporting risk) pose the greatest challenges for your privacy and protection of intellectual company? (select property three) 22% systemic risk (pandemic, social unrest, geopolitical instability ) Page 6

7 Pace of technology change (e.g., emerging Key matters that ACs want to spend more/less time on () Adequacy of internal controls around dfinancial i reporting More than half of ACs want to spend more time on Talent more development key matters / compared 37% to global ACs. succession planning for 58% In particular, internal controls over operational/financial risks, overseeing the risk process, legal and regulatory compliance, cyber security, pace of technological change, accounting judgments/estimates, 35% disclosures and talent. Evaluation of internal audit Oversight of risk process Oversight Oversight of risk process of risk process Adequacy of of internal internal controls controls around around operational operational risks risks Adequacy of internal controls around operational risks Cyber security including dt ti t ti f i t llf itt ll t lt data privacy and protection t Legal/regulatory compliance including anti-corruption Cyber security including data data privacy privacy and protection and protection of intellectual of intellectual property property Legal/regulatory Legal/regulatory compliance compliance including including anti-corruption Pace of technology change (e.g., Pace of technology change (e.g., emerging g emerging Pace technologies, of technology mobile, change social technologies, mobile, social media, data media, data (e.g., analytics, emerging cloud computing) analytics, cloud computing) Adequacy Adequacy of of internal internal of controls internal controls around controls around financial around reporting financial reporting Talent development / succession Talent development/succession Talent development planning / planning for CFO and finance for CFO and finance organization organization succession planning for Evaluation of of internal audit audit Evaluation of internal audit Discussions with management regarding the 62% 70% 61% 71% 55% 62% 54% 61% 50% 62% 44% 61% 3 35% 51% 38% 34% 52% Discussions with management Discussions with management regarding gthe adequacy of the regarding the adequacy of company s disclosures Accounting judgments and estimates Accounting judgments and estimates Supply chain and other thirdparty risks Supply chain and other third-party risks Tax risk Tax risk Evaluation of the external auditor Reviewing non-gaap information / disclosures Reviewing non-gaap information / disclosures Reviewing financial filings Reviewing financial filings Evaluation of the external auditor Other 50% 44% 34% 55% 31% 58% Q2. How Accounting much judgments agenda time and should your audit committee devote to the following matters in 2015, compared to 31% 2014? estimates t 3 Note this chart represents data for those ACs that selected significantly more time or more time as options. Data for no change, less time and N/A has Supply chain and other third- 27% not been shown. 2 party risks 27% 25% % 2 21% 1 24% 61% 61% 55% 4 100% Page 7

8 2015 KPMG LLP (Registration No: T08LL1267L), an accounting limited liability partnership registered in under the Limited Liability Partnership Act (Chapter 163A) and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. All rights reserved. 8

9 Risk and Information Quality salient points In risks, 11 out of 12 categories of more ACs (compared to ) stated that the quality of information needs improvement In >half of and ACs, the AC or board does not receive presentations on critical infrastructure, supply chain and industrial espionage risks Fewer ACs stated they have Business Continuity Plans (BCPs) in place (compared to ) for key critical infrastructure risk categories. Even less stated they periodically test BCPs. Only up to 1/3 of ACs stated BCPs included d all critical i suppliers. 90% Approx. of and ACs want to hear more about financial 71% risk management. of ACs (compared to only 51% of global ACs) want to hear more about M&A. ACs have reasonably strong relationships with CFO, External Auditors, Internal Auditors and General Counsel ACs relationships have less developed relationships with the Treasurer, Controller, Tax Director, M&A, CIO, CCO, CRO etc Page 9

10 Growth and innovation (or lack of innovation) Key areas where information received by ACs could be improved 28% Possible disruption to the business model 30% 41% Overall, more ACs stated the quality of information about risks needs improvement. This is particularly the case for cyber security, global systemic risk, talent Uncertainty management, and volatility uncertainty 22% and volatility, disruption to business model and pace of technology (economic, change. regulatory, political) 41% 41% Cyber Cyber security security including including data data Cyber security including data privacy privacy and protection and protection of of privacy and protection of intellectual intellectual intellectual property pectua property property 41% 50% systemic systemic risk (pandemic, risk (pandemic, social social systemic unrest, unrest, risk (pandemic, geopolitical geopolitical social instability ) unrest, geopolitical instability ) instability ) 22% 45% Talent management Talent management and and development development 3 45% Operational risk/control Operational risk/control / environment environment 21% 31% Pace of of technology change change (e.g., Pace of technology change (e.g., (e.g., emerging technologies, emerging technologies, mobile, mobile, mobile, social social media) social media) media) 35% 41% Supply chain risk Supply chain risk Supply chain risk 1 24% Growth and and innovation (or lack of (or Growth lack and of innovation) (or lack of innovation) 30% 38% Government regulation / impact of Government regulation/impact of public policy initiatives Government public regulation/impact policy initiativesof public policy initiatives 15% 24% Possible Possible disruption disruption to Possible to the disruption the business to the business model model business model 28% 41% Tax risk Tax risk 15% 21% Uncertainty and volatility (economic, regulatory, Uncertainty political) and volatility (economic, regulatory, political) 22% 41% Legal/regulatory / regulatory compliance compliance risk risk 15% 1 systemic risk (pandemic, social unrest, geopolitical instability ) 22% 38% Q3. Please rate the quality of the information you receive whether as a member of the audit committee, other committee, or full board about the following Operational risk/control 21% risks and their potential impact on the company: Note this chart environment represents data for those ACs that 31% selected needs improvement as options. Data for excellent, generally good but issues arise periodically and N/A has not been shown Page 10

11 Key risks that could potentially impact the company and are not addressed in company risk management systems Slightly more ACs view supply chain/logistics and industrial espionage risks as significant or critical compared to ACs. However, more ACs view critical infrastructure risks as significant or critical compared to ACs. Fewer ACs compared to ACs incorporate critical infrastructure, supply chain and industrial espionage risks into risk managements systems and reporting and AC/Board presentations. Impact of potential risks on company Method of dealing with risks Critical infrastructure risk (e.g. electricity, gas, IT/telecomm) % 1 58% % 58% 77% Supply chain and logistical risks 21% 42% 28% 1 44% 38% 42% 4 67% 74% Industrial espionage risk 42% 4 12% 28% 50% 1 Insignificant Moderate Significant Critical 48% 38% 57% 70% This risk is included in the company s risk management system and reporting The audit committee or board receives presentations from management regarding this risk Q4&5: Critical infrastructure, supply chain and industrial espionage risks Page 11

12 Key mitigation plans for critical-infrastructure related risks While the most common mitigation stated by and ACs was having a BCP in place, further work is required to improve the periodic testing and inclusion of all critical suppliers in BCPs. IT / telecomm infrastructure Transportation 2 44% 57% 18% 24% 55% 34% 41% 48% 1 30% 4 Financial systems Gas / Fuel 21% 40% 58% 1 27% 55% 24% 41% 48% Electricity 21% 2 31% BCP in place BCP tested BCP includes all critical suppliers Q6. For the following critical-infrastructure related risks, please indicate the company s exposure and readiness in terms of business continuity and disaster recovery plans: Page 12

13 Key functions/personnel that ACs have good communications with Overall, the strongest communications with ACs occur with external audit, internal audit, the CFO, and to some extent General Counsel/Corporate Secretariat. Other functions such as CCO, CIO, CRO, Treasurer, Controller and Tax directors are less prevalent in. This is primarily due to the CFO typically representing the finance areas and separate positions may not exist for C-level roles noted. External auditor Chief financial officer Extern nal auditor Excellent Good, but issues arise periodically Needs improvement N/A or no significant interaction 8% 2% 27% 34% 6 6 Excellent 5 44% Chief fina ancial officer Good, but issues arise periodically 24% 41% Needs improvement 1 N/A or no significant interaction 4% General counsel / corporate secretary Gener ral counsel / co orporate secretary Excellent Good, but issues arise periodically Needs improvement N/A or no significant interaction 8% 14% % 28% 34% 50% Internal audit executive Inter rnal audit exec cutive Excellent Excellent Good, but Good, issues but arise issues periodically arise periodically Needs improvement Needs improvement N/A or no significant interaction N/A or no significant interaction 48% 44% 48% 44% % 38% 1 1 Q 7. Please rate the quality of the audit committee s communications and interactions with the following professionals/functions (or equivalent): Page 13

14 Key functions/personnel that ACs have good communications with Treasu urer Excellent Good, but issues arise Needs improvement N/A or no significant interaction 7% 8% 7% 34% 24% 20% 34% 67% Chief Risk Office er Excellent Good, but issues arise periodically Needs improvement N/A or no significant interaction 34% 1 24% 25% 12% 2 5 ief liance cer Controller Ch Compl Offi Excellent Good, but issues arise Needs improvement N/A or no significant interaction Excellent Good, but issues arise Needs improvement N/A or no significant interaction 40% 25% 2 8% 10% 27% % 1 10% 1 30% 5 61% Compa any s majo or invest tors Ta ax director Excellent Good, but issues arise periodically Needs improvement N/A or no significant interaction Excellent Good, but issues arise periodically Needs improvement N/A or no significant interaction 27% 25% 1 40% 22% 1 21% % 35% 74% Chief Information n Officer Excellent 2 Excellent 28% 2 Good, but issues arise 2 22% Good, but issues arise periodically Needs improvement 20% % Needs improvement 1 N/A or no significant interaction 52% 42% N/A or no significant interaction Head of investor relations 55% Q 7. Please rate the quality of the audit committee s communications and interactions with the following professionals/functions (or equivalent): Page 14

15 Key aspects of the finance organisation s work that ACs want to hear about Almost all of and ACs (90% and 91% respectively) want to hear more about financial risk management. More ACs want to hear about M&A activity as compared to ACs. Financial risk management 10% 90% 91% Controller 4 54% 4 54% Accounting 7 27% 61% 3 M&A 51% 4 71% 2 Treasury / capital allocation 6 37% 67% 3 Credit decisions 4 57% 41% 5 Tax 60% 40% 5 41% Other 68% 32% I would like the audit committee to hear about this issue in greater dept N/A not a primary audit committee responsibility Q8. Which of the following aspects of the finance organisation s work would you like the audit committee to hear about in greater depth? (select all that apply) Page 15

16 2015 KPMG LLP (Registration No: T08LL1267L), an accounting limited liability partnership registered in under the Limited Liability Partnership Act (Chapter 163A) and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. All rights reserved. 16

17 Audit Committee Agenda and Workload salient points required time & expertise A B C D 5 of ACs observed a significant increase in time to satisfy AC responsibilities as compared to 24% of global ACs. 50% of ACs are finding it increasingly difficult to oversee the major risks on its agenda in addition to carrying out its core oversight responsibilities 50% v 35% of ACs have reallocated/ rebalanced risk oversight responsibilities among full board and board committees, 47% v 21% have created new committees to target a specific category 41% of risk/issues, and v 1 have created risk committees. The most common form of Th least common form non-financial expertise for both and ACs is risk management, legal/regulatory compliance and industry experience. The is of non-financial expertise for both and ACs is M&A, international, tax and technology. Page 17

18 Time and expertise to fulfil key duties and obligations 5 of ACs observed a significant increase in time required to satisfy AC responsibilities as compared to 24% of global ACs. Change in amount of time to meet AC responsibilities (past 2 years) Satisfaction with AC time and expertise 24% 1% 10% 8% 10% 25% 5 52% 37% 40% 40% 50% 51% Decreased No change Increased moderately Increased significantly No Yes but increasingly difficult Yes Q21: To what extent has the amount of time required to carry out your audit committee responsibilities changed over the past two years? Q24: Are you satisfied that your audit committee has the time and expertise to oversee the major risks on its agenda in addition to carrying out its core oversight responsibilities? Note, data may not equal 100% due to rounding Page 18

19 Allocation of risk oversight across Board and sub-committees Full Board is mainly responsible for business model disruption and innovation, while ACs are predominantly responsible for financial risks and regulatory compliance. Use of technology committees are less common. Companies are adopting a variety of committee structures, ranging from a combined Audit & Risk or Finance Committee to an independent Audit Committee and Risk Committee. Risk management process Business model disruption Full Board 2 32% Full Board 64% 60% Audit Committee 1 2 Audit Committee 8% 7% Audit & Risk or Finance Committee 1 1 Audit & Risk or Finance Committee 8% Risk Committee 2 32% Risk Committee 20% Technology Committee Technology Committee 1% Other Committee 2% Other Committee 10% 7% Legal / regulatory compliance Cyber security / data privacy Full Board 2 2 Full Board 28% 31% Audit Committee 35% 45% Audit Committee 14% 22% Audit & Risk or Finance Committee 17% 1 Audit & Risk or Finance Committee 12% 10% Risk Committee 1 Risk Committee 14% 31% Technology Committee Technology Committee 12% 10% Other Committee 10% Other Committee 11% Q23: To which group has the board assigned the majority of tasks directly related to the oversight of the following areas of risk? Page 19

20 Allocation of risk oversight across Board and sub-committees (contd.) Financial risks (cash flow, access to capital, etc.) Talent Full Board Audit Committee Audit & Risk or Finance Committee Risk Committee % 3 5 Full Board Audit Committee Audit & Risk or Finance Committee Risk Committee 2% Technology Committee Technology Committee Other Committee 7% Other Committee 20% 3 Anti-bribery and corruption Innovation Full Board Audit Committee Audit & Risk or Finance Committee Risk Committee Technology Committee Other Committee 14% 10% 1 11% 32% 40% 3 37% Full Board Audit Committee Audit & Risk or Finance Committee Risk Committee Technology Committee Other Committee 4% 4% 11% 7% 7% 1 11% 6 68% Technology risk Operational / supply chain risks (globally) Full Board Audit Committee Audit & Risk or Finance Committee Risk Committee Technology Committee Other Committee 35% 3 15% 7% 11% 14% 14% 2 18% 11% 8% 4% Full Board Audit Committee Audit & Risk or Finance Committee Risk Committee Technology Committee Other Committee 14% 10% 12% 15% 1% 14% 7% 34% 4 45% Q23: To which group has the board assigned the majority of tasks directly related to the oversight of the following areas of risk? Page 20

21 Key ways in which ACs have changed their risk oversight roles Significantly more ACs have reallocated/rebalanced risk oversight responsibilities among full board and board committees, created new committees to target a specific category of risk/issues, and/or have created risk committees as compared to ACs to change risk oversight. This is perhaps an indication of maturity and in line with regulatory changes in. Reallocated/rebalanced risk oversight responsibilities among full board and board committees 35% 50% Created new committee(s) to focus on specific category of issues/risks 21% 47% Risk committee 1 41% Reduced the audit committee s risk oversight responsibilities Compliance/ethics committee Strategic planning committee 5% Technology committee No major changes made but may consider changes in near future No major changes made and unlikely to consider changes in near future 4% 18% 32% Other 4% Q25. In what way has your audit committee s role in risk oversight changed over the past several years? (select all that apply) Page 21

22 Key non-financial expertise that resides in ACs Industry 5 45% Both and ACs have audit committees that have expertise in risk, legal and 31% industry M&A 32% while they have considerably less expertise in the areas of M&As, international, tax and technology. Risk / risk management 48% 61% International 2 2 Legal/regulatory compliance 5 55% Tax 1 2 Industry 45% 5 Technology 1 27% M&A 31% 32% Other International 2 2 No additional expertise on the audit committee 4% Technology 2 Tax 1 Q26: In addition to the requisite financial expertise, what other in-depth experience or expertise currently resides on your audit committee? (Select all that apply) 27% Page 22

23 2015 KPMG LLP (Registration No: T08LL1267L), an accounting limited liability partnership registered in under the Limited Liability Partnership Act (Chapter 163A) and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. All rights reserved. 23

24 Oversight of Auditors salient points TOP A majority of ACs are satisfied or somewhat satisfied with external audit s performance in terms of integrity, knowledge, objectivity resourcing, accessibility of audit partner and resourcing. The top 3 areas for improvement in external audit performance for and ACs relate to: 3 38% AC satisfaction with IA function 50% offering insights/ benchmarking on industry-specific issues helping audit committee stay apprised of accounting/ auditing developments sharing views on quality of the financial management organisation Very satisfied Somewhat satisfied Not satisfied Company does not have Internal Audit Function Page 24

25 Key aspects of external auditor s performance that ACs are satisfied with Overall, and ACs are very or somewhat satisfied that their external audit is honest, competent, visible and accessible. High degree of integrity 2% 4% 20% 1 Demonstrates t objectivity and 30% appropriate 78% 81% scepticism % Knowledge and skills 24% 7 28% 72% Has sufficient and appropriate resources 2 1% 5% 65% 28% 72% 4% 1% 31% Visible and 2 accessible audit partner 6 6 Satisfied Somewhat satisfied Less than satisfied Not satisfied Q11. How satisfied are you that your external auditor: Page 25

26 Key aspects of external auditor s performance that ACs are satisfied with External audit plan focused on the significant risks 30% 1% 5% 64% 25% 75% Provides high quality service delivery 4 1% 50% 50% 47% Provides candid and professional views on sensitive issues 38% 1% 7% 54% 38% 5 Delivers exceptional service and value in their interactions with the AC 8% 47% 2% % Satisfied Somewhat satisfied Less than satisfied Not satisfied Q11. How satisfied are you that your external auditor: Page 26

27 Key indicators ACs use to assess external auditor and audit quality The top three areas used by and ACs to assess the external auditor and audit quality are risk identification process and delivery against the audit plan, audit presentations and communications and the ongoing behaviour and challenges posed to management throughout the audit. Review of the risk identification process and delivery against the audit plan 2% 1% 25% 72% 94% Review of audit presentations and communications 30% 4% 6 31% 6 Assessment of ongoing behaviour and constructive challenge to management throughout the audit 3 1% 4% 38% 62% 62% Delivery against factors considered on appointment / tender 14% 4% 50% 47% 47% 32% Important Helpful Less important Not important Q10. In your view, how important are the following in assessing the external auditor and audit quality? Page 27

28 Key indicators ACs use to assess external auditor and audit quality Review of quality if staff, resources, geographic footprint 15% % 5 Survey of management views and other feedback 1% 1% % 5 34% Review of the audit firm s internal quality control procedures / transparency report 4% 4% 1 21% 22% Review of regulatory 35% 3 41% 5 reports on the audit/audit firm 41% 41% 5 31% Important Helpful Less important Not important Q10. In your view, how important are the following in assessing the external auditor and audit quality? Page 28

29 Key areas where external auditors can improve their performance Overall, and ACs stated the top three areas for improvement of the two external auditor s performance are related to providing insights on industry-specific issues, offering views on the quality of financial management and helping ACs stay apprised of accounting/auditing developments. Offering insights/benchmarking on industry-specific issues 62% 50% Working relationship with Internal Audit 1 1 Helping audit committee stay apprised of accounting/auditing developments 44% 50% Succession plans for key audit engagement team members 14% 1 Sharing views on quality of the financial management organization Informal communications (outside of formal audit committee meeting) Reporting on audit progress and any difficulties encountered Support from audit firm s resources rces and technical specialists 2 31% 25% 34% 24% Interaction with Audit Committee Chair Input on the audit committee s agenda and meeting materials Issue resolution (use of firm s national office) 14% 1 1 Working relationship with Internal Audit Succession plans for key audit engagement team members % 1 Q14. In which areas do you see the greatest opportunities for improvement of your external auditor s performance? (select three) Page 29

30 Effective evaluation of the external auditor ACs have more processes in place to evaluate the external auditor as compared to ACs. Audit committee does not conduct an annual evaluation of the external auditor 10% 21% Evaluation is formal but limited in scope 41% 4 Evaluation is formal and comprehensive 3 47% Q9. How robust is your audit committee s annual evaluation of the external auditor? Page 30

31 Value of internal audit function to the company Only 2 in 5 and ACs are satisfied that the internal audit function delivers value to the organisation. Approximately 1 in 10 and ACs are not satisfied that internal audit delivers value. 50% 40% 38% 38% 12% Very satisfied Somewhat satisfied Not satisfied Company does not have Internal Audit Function Very satisfied Somewhat satisfied Not satisfied Company does not have Internal Audit Function Q15. How satisfied are you that your company s internal audit function delivers the value to the company that it should? Page 31

32 2015 KPMG LLP (Registration No: T08LL1267L), an accounting limited liability partnership registered in under the Limited Liability Partnership Act (Chapter 163A) and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. All rights reserved. 32

33 Audit Committee Effectiveness salient points 47% 42% of ACs and of ACs stated that CFO succession planning as not effective. 17% of ACs also stated assessing CFO performance was not effective. The top 3 areas stated by and ACs for improvement related to: Better understanding of the business (strategy and risks) Greater diversity of thinking, background, perspectives, and experiences More "white space" time on the agenda for open dialogue 58% of ACs do not use an electronic board portal compared to 42% of ACs. Page 33

34 Key areas where ACs are less effective Overall, CFO succession planning needs improvement. CFO succession planning 42% 47% Assessing external auditor s performance 8% 10% Staying up-to-date on changes impacting the company 10% (accounting/auditing regulatory, technology, globalization) 17% Prioritizing the agenda to focus on most important issues (versus checklist approach) 8% Assessing CFO s performance 1 17% Challenging management and applying skepticism i 7% 7% Assessing internal auditor s performance 12% 10% Oversight of financial reporting and disclosures 2% Q27. Please rate your audit committee s oversight effectiveness in the following areas. Note this chart represents data for those ACs that selected not effective. Data for highly effective and generally effective has not been shown. Page 34

35 Additional expertise - technology Key improvements that will help to enhance Greater willingness and ability to challenge management 5 of ACs and 4 of ACs stated that having a better understanding of the businesses is the best way to improve AC s overall effectiveness. More in-depth financial reporting and audit expertise 3 31% 31% 28% 27% 25% Better understanding of the business (strategy and risks) 4 5 Additional expertise - M&A, industry knowledge, risk, or other area 2 1 Greater diversity of thinking, background, perspectives, and experiences 38% 44% Deeper engagement by committee members 1 2 More "white space" time on the agenda for open dialogue 34% 41% Bringing "fresh thinkers" onto the committee 2 Additional expertise - technology 3 31% Better chemistry / dynamics 7% Greater willingness and ability to challenge management 31% 28% Removal of an under-performing director 7% More in-depth financial reporting and audit expertise 27% 25% Other 5% 22% Additional expertise - M&A, industry knowledge, risk, or other area 2 1 Q28. What would most improve your audit committee s overall effectiveness? (select three) Deeper engagement by committee members 1 2 Page 35

36 Self-evaluation approaches that are most effective Overall, ACs found facilitated open committee discussion, followed by survey questionnaires completed by committee members and third-party interviews of committee members to be somewhat effective when self-evaluating. A surprisingly large proportion of A/Cs selected the N/A category. 2 40% 7% 27% Facilitated, open committee discussion 15% 60% 5% 20% 1 42% 8% 31% Survey questionnaire completed by committee members 11% 82% 4%4% Third-party interviews of committee members 1 22% 10% 5 20% 40% 10% 30% Very effective Somewhat effective Not effective N/A Q29: Please identify and rate the self-evaluation approach(es) currently used by your audit committee? Page 36

37 Impact of use of electronic board portal on AC/Board effectiveness and efficiency ACs found the use of the electronic board portal less effective than global ACs. A significant proportion of ACs do not use electronic portals. Yes - significantly 1 Yes - moderately No % 2 No - portal is contributing to information overload 2% Not sure 7% 1 Company does not use an electronic portal 42% 58% Q30: Has the company s use of an electronic board portal improved your audit committee s/board s effectiveness and efficiency? Page 37

38 2015 KPMG LLP (Registration No: T08LL1267L), an accounting limited liability partnership registered in under the Limited Liability Partnership Act (Chapter 163A) and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. All rights reserved. 38

39 Key characteristics of ACs (number, roles, time) survey 5 of ACs observed a significant increase in time required to satisfy AC responsibilities as compared to 24% of global ACs. A majority of ACs have 3 members serving on the Audit Committee. The number of committee members serving on l ACs range from 3 to 5. A significant ifi majority of and ACs have no policy regarding the AC members serving on multiple audit committees at any time. Three 45% 6 One Two 7% 11% Four 31% 31% Three Five or more 24% Four or more No Policy Q16: How many members serve on your audit committee? Q17: How many additional audit committees are your audit committee members permitted to serve on at one time? Page 39

40 Percentage of time spent outside the Boardroom There is a similar profile between global and ACs spending time visiting company facilities and engaging employees, with the majority of AC members spending about 10% of their time outside the boardroom and corporate headquarters. 35% % 11% 1 4% 5% 0% 5% 10% 25% 50% 75% Qn 21: As a director, approximately what percentage of the time that you devote to your board responsibilities is spent outside of the boardroom and corporate headquarters e.g., visiting company facilities and engaging with employees? Page 40

41 100 hours 2 Time spent on AC meetings and carrying out AC responsibilities 125 hours While there is a range in length of AC meetings, most ACs spend between 2.5 and 3 hours in 150 hours meetings, higher than the global average of approximately hours. Compared with global ACs, more ACs spend hours carrying out their responsibilities. Length of meetings 175 hours Hours devoted to carrying out AC responsibilities annually 2% 8% 1 hour 11% Less than 50 hours hours 5% 1.5 hours 2 hours 2.5 hours % 28% 50 hours 100 hours 20% 21% hours 250 hours 1% 2% 3 hours 3.5 hours 4 hours 4% 7% 1 31% 125 hours 150 hours 8% 275 hours 300 hours 1% More than 4 hours 175 hours 2% More than 300 hours 10% 200 hours 225 hours 5% Qn 18: What is the average length of your regularly-scheduled, in-person audit committee meetings? Qn 20: Approximately how many hours do you devote annually to carrying out your audit committee responsibilities? 1% Page 41

42 Frequency and form of AC meetings The majority of ACs conduct in-person meetings between 4-6 times a year. This is comparable to the global trend. Most ACs also tend to hold between 1-3 teleconference meetings a year. In-person meetings Teleconference meetings 84% 88% 67% 5 20% 24% 7% 10% 7% 1 2% 1% More than More than 12 Qn 18: Typically, y, how many times does your audit committee meet during the year, in the following forms and circumstances? Page 42

43 Conclusion 2015 KPMG LLP (Registration No: T08LL1267L), an accounting limited liability partnership registered in under the Limited Liability Partnership Act (Chapter 163A) and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. All rights reserved. 43

44 In conclusion. The following outlines the key findings from the survey, from the AC perspective. Compliance, operational risk, talent and technology change top the list of challenges facing companies The Third Line of Defence internal and external audit could do more to support ACs in discharging their duties ACs want to spend more time on risk oversight particularly cyber security and pace of technology change Deeper business understanding, additional expertise and greater ability to challenge management required The quality of information about key risk areas is falling short CFO succession planning is still a major gap, and many ACs want to dive deeper into finance issues More boards are reallocating risk oversight duties as the AC s workload becomes more difficult issues, Limited communication with key functional personnel may hinder valuable insights on capabilities and culture Page 44

45 Survey Demographics 2015 KPMG LLP (Registration No: T08LL1267L), an accounting limited liability partnership registered in under the Limited Liability Partnership Act (Chapter 163A) and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. All rights reserved. 45

46 Survey demographics The following outlines the key findings from the survey, from the AC perspective. Type of entity Size of entity Public company Private company - Family-owned Pi Private company - Pi Private equity 8% 14% 62% 97% Less than $250 million $250 million to less than $500 million $500 million to less than $1 billion $1 billion to less than $1.5 billion 15% 1 11% 8% 32% 3 2 Private company - Venture capital 2% $1.5 billion to less than $5 billion 15% Not-for-profit $5 billion to less than $10 billion Greater than $10 billion 1 Government entity Not applicable 4% AC Chairperson? Yes 54% 68% No 32% 4 Page 46

47 Energy/Natural Resources 8% 1 Survey demographics (cont.) Insurance The following outlines the key findings from the survey, from the AC perspective. Technology/Software 5% Type of industry Healthcare 5% Banking/Financial Services 10% 18% Transportation 4% Industrial Manufacturing/Chemicals 14% 1 Real Estate 4% 2 Retail/Consumer Goods 10% 1 Building Construction Energy/Natural Resources 8% 1 Communications/Media Insurance Pharmaceuticals 2% Technology/Software 5% Higher education 2% Healthcare 5% Other 17% 4% Transportation Real Estate 4% 2 Page 47