KPMG hosts 20th Audit Committee Forum on Oversight of Business Risks

The panel discussion moderated by Suren Rajakarier

Prasenna Balachandran presenting to the forum

Audit committees continue to express confidence in their oversight of core responsibilities—financial reporting integrity and audit quality. Yet, it’s clear from a KPMG global survey of more than 200 audit committee members that technological innovation, digital disruption, and the complexity of business are exerting greater pressure and sharpening the focus on risk management and the internal control environment.

Some key takeaways emerged from the survey results:

• Cybersecurity continues to be a top concern.
• Few are confident that their company’s current enterprise risk management processes capture “disruptive risks.”
• Internal audit can maximise its value by maintaining flexibility to adjust the audit plan in response to changing business and risk conditions.
• Few audit committee members say that companies should continue to provide quarterly earnings guidance.

With this backdrop the Audit Committee Forum hosted at KPMG Sri Lanka discussed the Impact of Business Risks on the Role of Board Audit Committees (BAC). The session included a presentation by Prasenna Balachandran (Chief Risk and Control Officer – Hemas Holdings PLC) on ‘Enterprise Risk Management at Hemas’ and a presentation by Suren Rajakarier (Partner and Head of Audit KPMG Sri Lanka) on the ‘Impact of Business Risks on Board Audit Committees’.  

These were followed by a panel discussion with the participation of Anthony Jeyaranjan (Audit Committee Chair Lankem Ceylon) and Saktha Amaratunga (Audit Committee Chair Hemas Holdings). The participation by Audit Committee members of listed companies was an encouraging feature.

Prasenna Balachandran highlighted that an effective Enterprise Risk Management (ERM) framework should ensure that an organisation is sufficiently robust to survive black swan events (unpredictable and can cause catastrophic damage) and manage grey rhino events (probable and impactful yet often neglected) and on how a company needs to be risk proofed in order to align itself with the company’s long term and short term goals.

He also emphasised on the importance of establishing a Risk Oversight Committee within companies (especially non-financial sector companies) that don’t have a board level risk management committee to address risk with adequate measures. The Risk Oversight Committee should address issues such as system implementation, cyber security, regulatory or other operational risks and present appropriate information to the board on risk matters impacting the business. 

Suren Rajakarier shared his insights with the forum on what ‘Audit Committees may have to address in relation to financial and business risks’. He emphasised on the need to have rigorous management review processes in place and how important it is for the audit committee to possess knowledge of core risk management principles in order to effectively assess performance of internal controls.

Rajakarier shared real life examples on fraud which included elements such as shell companies, non-existent bank deposits, fake receivables and investments, understated liabilities, weak board composition coupled with a dominant CEO, etc. at the failed Parmalat Inc in Italy.  He discussed the possible actions of ‘What can audit committees do in terms of identifying early warning signals in such cases?’

In another case study, he highlighted how at Tesco, overstating sales to gain higher market share resulted in the imposition of penalties by the regulator. Thus highlighting the importance of including revenue recognition as a high-risk area and its inclusion as a key audit matter (KAM) by the external auditors in their audit report. KAMs bring transparency of significant issues to the BAC and puts more responsibility on the auditor to disclose how they’re addressed during the audit.

Rajakarier concluded his presentation highlighting how important it is for the audit committee and the internal audit function to have a two way communication and align its objectives with business risks associated with corporate strategies. 

The presentations were followed by the panel discussion moderated by Suren Rajakarier. The panel discussion focused on how audit committees can maintain their independence while providing oversight on business risks associated with strategic objectives and also focus on controls around financial reporting being their traditional role. 

Some of the key learning outcomes from the panel discussion could be summarised as:

• Since the risk landscape has expanded beyond financial risks, the BAC scope should in turn be broadened to include other areas of risk. 
• Risks should be assigned to an ‘owner’ in order to track progress and maintain accountability. Assigning an owner would ensure that the Audit Committee maintains its independence through its oversight role while management takes necessary steps to address the identified risks and functions as the first line of defence. 
• BAC members in certain global companies are even required to visit markets and engage with stakeholders.
• A proactive approach by BACs would be focus on long term sustainability with a greater focus on the impact on stakeholders. Risk could be the ‘new normal’ for BACs in the foreseeable future.  
• Multinational organisations even consider risks such as talent and organisational culture. In addressing such broad areas, it is important to have skilled and capable board members.
• The importance of BAC members exercising caution, particularly if the company has a strong and charismatic leader was mentioned. It was also noted that the issue lies in BAC members who are either not strong or competent enough to challenge the management.

KPMG’s Audit Committee Institutes (ACIs) provide audit committee and board members with practical insights, resources, and peer exchange opportunities focused on strengthening oversight of financial reporting and audit quality, and the array of challenges facing boards and businesses today – from risk management and emerging technologies to strategy and global compliance. 

KPMG in Sri Lanka facilitates the Audit Committee forum which seeks to bring together Audit Committee Members to discuss key issues and challenges in a way that is meaningful and relevant to them and helps them become more effective in their roles.