Time for reinvention, especially audit committees.
Board agendas should continue to evolve in 2019. The game-
changing implications of technology/digital innovation, scrutiny of corporate culture, growing demands to address environmental and social issues, and investor expectations for greater board engagement, diversity, and long-term value creation should all drive a sharper focus on positioning the company for the future.
Combined with concerns about mounting trade tensions, resurging debt, high valuations, and political swings — in the United States, UK, and elsewhere — the year ahead will require a careful balance of near-term focus, agility, and long-term thinking.
At the same time, audit committees can expect their company’s financial reporting, compliance, risk and internal control environment to be put to the test in the year ahead.
With that in mind, we’ve highlighted seven items for boards to consider as they focus their 2019 agendas.
• Take a hard look at the board’s composition: Is the talent in the boardroom diverse and aligned with the company’s strategy and future needs? A broad range of issues require board focus and leadership — including succession planning, age and term limits, diversity, individual director evaluations, removal of underperforming directors, and board refreshment, as well as disclosures regarding these issues.
• Recognize that connecting digital disruption with risk management and strategy is more important — and more challenging — than ever. Help management reassess the company’s processes for identifying the risks and opportunities posed by digital advances and assessing their impact on the company’s strategy.
• Help focus the company on long-term value creation and understand the views of all key stakeholders. The shareholder/stakeholder debate may seem philosophical, but we believe it is a discussion every board should have, as it raises practical questions about the company’s strategy and how that strategy should be communicated to investors and other stakeholders — including employees, customers, and communities.
• Make CEO succession and talent development throughout the organization a priority. Are succession plans in place for the CEO and other key executives? Does management have a talent plan that aligns with its strategy and forecast needs for the short and long term?
• Assess, monitor and reinforce culture as a strategic asset and critical risk. Take a proactive approach to understanding, shaping, and assessing corporate culture, including a laser focus on the tone set by senior management and zero tolerance for conduct that is inconsistent with the company’s values and ethical standards.
• Continue to refine boardroom discussions about cybersecurity and data privacy as risk management issues. Discussions should move beyond prevention to detection, containment, and response — and to addressing cybersecurity as an enterprise-wide business issue.
•Reassess the company’s crisis prevention and readiness. Help ensure that management weighs a broad spectrum of what-if scenarios. Is the company’s crisis response plan robust, actively tested or war-gamed, and updated as needed?
For audit committees, which play a critical oversight role in helping companies achieve high-quality financial reporting, we suggest seven areas of focus.
• Take a fresh look at the audit committee’s agenda and workload. The committee’s core responsibilities (financial reporting and related internal controls and oversight of internal and external auditors) and the additional major risks it may oversee—such as cybersecurity and IT risks, supply chain and other operational risks, and legal and regulatory compliance—have become more complex. Reassess whether the committee has the time and expertise to oversee those other major risks or whether any require more attention at the full-board level or a separate committee.
• Sharpen the company’s focus on culture, ethics, and compliance. Monitor the tone at the top and culture throughout the organization with a sharp focus on behaviors, not just results. Help ensure regulatory compliance and monitoring programs are up to-date and cover all vendors in the global supply chain, and clearly communicate expectations for high ethical standards. Focus on the effectiveness of whistle-blower reporting channels and investigation processes through a #MeToo lens.
• Understand how the finance organization will reinvent itself and add greater value in this technology and data-driven environment. Devote adequate time to understanding finance’s strategy for leveraging robotics, cloud technologies, data and analytics, and artificial intelligence and how its talent and skill sets will need to change accordingly.
• Monitor management’s progress on implementing new Financial Accounting Standards Board (FASB) standards as well as Staff Accounting Bulletin 118 adjustments related to U.S. tax reform. The scope and complexity of implementation efforts for the new FASB standards and the impact on the business, systems, controls, disclosures, and resource requirements should be a key area of focus.
• Discuss the new reporting requirements for critical audit matters (CAMs) with the external auditor and reinforce audit quality by setting clear expectations. Develop a protocol for the audit committee to hear the issues the auditor intends to communicate as CAMs, what the auditor intends to say about them, and how the auditor’s statements will compare to management’s disclosures.
• Give non-GAAP financial measures, other key operating metrics, and cybersecurity disclosures a prominent place on the audit committee agenda. Given the recent SEC staff focus on those areas of company disclosure, audit committees should assess whether internal controls and disclosure controls and procedures around those areas have kept pace with changes in the risk environment.
• Focus internal audit on the company’s key risks beyond financial reporting and compliance. Work with the chief audit executive to help identify the risks that pose the greatest threat to the company’s reputation, strategy, and operations and help ensure that internal audit is focused on those risks and related controls.
For complete details on the top issues boards and audit committee should have on their radar for the year ahead, see “On the 2019 board agenda” and “On the 2019 audit committee agenda” at kpmg.com/us/blc.
Dennis T. Whalen is Leader of the KPMG Board Leadership Center. Jose R. Rodriguez is partner in charge and executive director of KPMG’s Audit Committee Institute.