Whether on the audit committee or the risk committee, members know it’s important to see where their organization has been, where it’s going, and what issues are on the horizon. Understanding how the organization is addressing these key areas can help focus efforts and guide next steps.
The environmental, social, and governance (ESG) landscape is constantly shifting. Regulations from the Securities and Exchange Commission (SEC) are still forthcoming, which means now is the time to consider how these regulations could affect an organization’s ESG journey. Audit and risk committee members can review their organization’s overall ESG strategy to spot any potential issues and make suggestions for regulatory compliance. Questions to ask:
“1Q22 Emerging Risk Report,” Gartner, March 2022.
While many risks exist related to cybersecurity, two major concerns stand out. The first is the influence of international pinging and how it’s affecting organizations. Audit and risk committees will want to evaluate the processes their organizations have in place to identify the IP addresses pinging them and understand the implications of those pings. And if those processes aren’t in place, they’ll want to encourage their organizations to create them. With the increase in remote work, it’s also important to consider the implications of network security. While an organization can control (to a certain degree) the level of security inside its offices, it can’t always know the level of security its work-from-home employees have in place. While some industries, such as banking, use a virtual private network to help mitigate this risk, that’s not true for every industry – so audit committees should understand and plan for those risk factors.
of surveyed companies experienced at least one successful cyberattack in 2021.
“2021 Cyberthreat Defense Report,” CyberEdge Group, 2021.
Audit and risk committees need to know what they don’t know – and with the constant changes in regulatory compliance, that can be a daunting task. Between shifting regulations, policy rollbacks, changing accounting standards, emerging technologies, and more, there’s a lot to consider – with implications of associated risks for the organization. Audit committees can be small and insulated in many organizations, which makes it even more important to keep up on these changes and get insight into what’s happening on an organizationwide level. While members of audit and risk committee are limited to a monitoring and evaluation role over management decisions, they do need to understand the policies and procedures management is considering so they can properly assess risk.
of surveyed senior executives considered their organizations to be in recovery mode.
“Speed, Agility, and Multi-disciplinary Working: What Clients Want Post-COVID,” Source Global Research, June 2022.
Just because organizations haven’t faced these issues yet doesn’t mean they won’t. If an issue is affecting competitors, it could be (and in fact, probably is) happening to them. Every time audit and risk committee members hear about a risk that has affected a competitor, they should ask themselves – and others in the organization – “Why hasn’t this happened to us? What’s different about how we’re approaching this risk?”
