How audit committees can meet risk management oversight challenges


Risk management oversight is one of the most challenging areas for audit committees across the globe, according to a new report issued Tuesday by the Center for Audit Quality (CAQ), the Federation of European Accountants (FEE), and the Institute of Chartered Accountants in Australia (ICAA).

The report summarizes the results of round-table discussions in Brussels, Hong Kong, and New York City. Members of the governance and audit committee communities in the respective jurisdictions gave feedback that showed a global consensus on many issues that affect the role of the audit committee and the current state of performance.

Participants in Brussels and New York said risk management is challenging because it is inherently forward-looking, while oversight of the financial reporting process and audit is more retrospective in nature. Participants across the jurisdictions indicated that:

  • Risk oversight must be a continuous process to be effective.
  • Audit committee agendas could be prioritized by risk.
  • Overlap in the membership between the audit and risk committees (if one exists) aids communication on key risk oversight issues.

In addition, participants in Brussels and New York said the audit committee should meet regularly with management, internal audit, and external audit to understand the risks a company faces. Participants in New York said the audit committee should consider input from institutional investors and analysts who could identify issues that the company and its external auditor may not raise.

The entire board is charged with risk management oversight in the United States, although specific risk oversight responsibilities can be delegated to board committees, the report said. Practices are similar in Asia. And in the European Union, the audit committee is responsible for monitoring the effectiveness of the company’s internal control and risk management systems, according to the report.

“The report exposes the fact that audit committees—at companies based in the United States, Asia, and in Europe—are facing and embracing many of the same issues,” CAQ Executive Director Cindy Fornelli said in a news release. “Discussions are taking place in every corner of the globe about identifying leading audit committee practices, ensuring greater consistency in the performance of audit committees across the spectrum of public companies, and enhancing transparency about how they meet their obligations to investors.”

The CAQ is affiliated with the AICPA.

Other areas of global consistency include:

  • Agreement that diversity in the composition of the audit committee is important. Participants said a combination of financial and nonfinancial perspectives on the committee promotes objectivity and skepticism.
  • A strong audit committee chair promotes robust communication between committee members and encourages critical questions of management, internal audit, and the external auditor.
  • Audit committee workloads have increased as a result of a rise in the number of complex issues that require the committees’ attention.
  • A view that the audit committee should assume direct responsibility—while limiting the influence of management—in the oversight and compensation of the external auditor as well as the determination of whether to recommend that the auditor be appointed or retained.
  • A consensus that holding informal discussions with the external auditor outside of formal meeting dates at least once or twice a year is a best practice for audit committees.

Ken Tysiac ( ) is a JofA senior editor.


Tax reform complicates year-end tax planning

Get your clients ready for tax season with these year-end tax planning strategies, which address how to make the most of recent tax law changes, such as the new deduction for qualified business income and the cap on the deductibility of state and local taxes.


What RPA is and how it works

Robotic process automation is like an Excel macro that can work on multiple applications, says Danielle Supkis Cheek, CPA. RPA can complete routine, repetitive tasks such as data entry, freeing up employee time from lower-level chores.