Only 15% of respondents were very satisfied with their committee’s IT risk oversight, and 90% said they should devote more agenda time to it.
“The ACI findings demonstrate a huge gap between the importance that audit committees place on IT risk and how much time they spend focused on it during their already busy meetings,” said ACI Executive Director Ed Smith. “Since audit committees generally have only basic IT experience, there may be a reluctance to invite chief information officers and chief technology officers to their meetings, in part, because there is a lack of common vocabulary.”
But as schedules are stretched by other emerging priorities—including risk management, legal and regulatory compliance, business strategy, taxes and fraud risk—how can committees accommodate the demand?
In the words of your third-grade teacher, learn to share—and in this case—the audit committee should share its oversight with other members of the board. For tips on setting agendas, refer to “ Eight Habits of Highly Effective Audit Committees,” page 46.
Source: KPMG’s Audit Committee Institute and the National Association of Corporate Directors’ 2006-2007 Public Company Audit Committee Member Survey , www.kpmg.com/aci.