The latest enterprise risk management news from around the world

Report highlights the expanding role of audit committees

Details
Published: Tuesday, 25 January 2022 08:56

The ‘Audit Committee Practices Report’, a collaborative report developed by Deloitte’s Center for Board Effectiveness and the Center for Audit Quality, shows how audit committees are increasingly taking responsibility for enterprise risk management and for cyber security. Audit committees are being challenged by increased complexity in their core responsibilities, as well as scope creep across other areas within their organizations, says the report, which is based on a survey of 246 audit committee members from predominantly large (greater than $700 million market cap), US-based public companies.

Key highlights from the report include:

Enterprise risk management

When asked who was responsible for oversight of enterprise risk management (ERM) within their organizations, 42 percent of respondents said the audit committee, 33 percent said the board, and 20 percent said the risk committee. Of those respondents indicating that their audit committee was responsible for overseeing enterprise risk management, 32 percent expect to spend more time on ERM oversight compared to last year, possibly as a means of managing the growing number of emerging risks. The list of external factors impacting organizations’ risk profiles continues to expand and includes risks related to the geopolitical arena; the regulatory environment; supply chain; climate change; and diversity, equity, and inclusion; among others.

Cyber security and data privacy security

53 percent and 48 percent of respondents said that the audit committee is responsible for overseeing cybersecurity and data privacy security, respectively. 69 percent of those with cyber security oversight responsibility anticipate spending more time on it in the coming year compared with the past year, and 62 percent see cyber security as one of the top risks to focus on in the coming year. The majority (60 percent) of audit committees are including cyber security on their agendas quarterly. 35 percent of respondents stated their audit committee has cyber security expertise, with 41 percent acknowledging a need for additional expertise is this area.

Obtain the report.



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

Cyber Response Guide
The Impact Tolerance Guide

Additional Resources

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.