Audit committee members are becoming increasingly concerned by cyber threats but the quality of information they receive has declined over the last year, according to a new survey by KPMG.
KPMG’s Audit Committee Institute survey of nearly 1500 audit committee members worldwide, including over 120 in the UK, found that cyber is one of the areas audit committees feel least comfortable about.
Globally, 45% of respondents did not feel that their committee devoted enough agenda time to the issue. But this rose to nearly six in 10 (58%) in the UK.
Indeed, KPMG’s survey found that concern about cyber has doubled amongst UK audit committees in the last year. Whereas a year ago a quarter of UK respondents (24%) were not satisfied with the quality of information received about cyber risks, now nearly half (47%) believe that cyber information needs improvement.
Half of UK audit committee members said it is “increasingly difficult”, given the audit committee’s expertise and heavy agenda, for the committee to oversee major risks such as cyber in addition to financial reporting.
“Given the rapidly growing public, political and media profile of the cyber threat, it is very worrying that audit committee members feel more concerned now about the issue than they did a year ago,” said Stephen Bonner, partner at KPMG.
“It shows that either companies are losing the battle against cyber criminals, or they are still not yet fully engaging with the threat. It is a difficult issue that takes many executives and non-executives out of their comfort zone. However, it is simply too big and fast-growing a risk for companies to tackle half-heartedly.”
>See also: The 2014 cyber security roadmap
KPMG’s survey found that cyber was not the only non-financial risk that audit committees are concerned about. High on their list also were innovation risks and tracking the non-financial ‘leading indicators’ of a company’s performance, such as talent management and brand perception.
“Audit committee agendas are not getting any lighter,” said Timothy Copnell, head of KPMG’s UK Audit Committee Institute. “Overseeing financial reporting and audit, and ensuring those activities have the right resources and talent, is a job in itself.
“This survey suggests that many audit committee agendas may be reaching a tipping point, and that it’s time to step back and assess whether audit committees are able to exercise even their fundamental responsibilities in an appropriate manner.”