Insights

Fresh thinking and actionable insights that address critical issues your organization faces.

Learn more

Resources

Services

KPMG's multi-disciplinary approach and deep, practical industry knowledge help clients meet challenges and respond to opportunities.

Services to meet your business goals

Technology Alliances

KPMG has market-leading alliances with many of the world's leading software and services vendors.

View all Alliances

Industries

Helping clients meet their business challenges begins with an in-depth understanding of the industries in which they work. That’s why KPMG LLP established its industry-driven structure. In fact, KPMG LLP was the first of the Big Four firms to organize itself along the same industry lines as clients.

How We Work

We bring together passionate problem-solvers, innovative technologies, and full-service capabilities to create opportunity with every insight.

Learn more

Careers & Culture

What is culture? Culture is how we do things around here. It is the combination of a predominant mindset, actions (both big and small) that we all commit to every day, and the underlying processes, programs and systems supporting how work gets done.

Learn more
Relevant Results
Sorry, there are no results matching your search.
Autocomplete suggestions are available. Use up and down arrows to review and enter to select.
See more results

Advice to AC members is to ask lots of questions

Panelists addressed the myriad challenges facing audit committees at the 2023 AICPA & CIMA Conference.

There are many challenges at the global, national and local levels that put companies’ financial reporting, compliance, risk and internal control environments to the test – ranging from global economic uncertainty, regional conflicts with far-reaching effects, new major regulatory mandates, and the emergence of generative AI. 

The theme of the session on the regulatory landscape and governance at the Conference on Monday afternoon was how audit committees can tackle these challenges.

How can audit committees tackle the many challenges they face? My advice is ask a lot of questions. Question management, internal auditors and external auditors on a regular basis so that committee members are satisfied these stakeholders understand their respective roles in the financial reporting process – and are fulfilling their responsibilities.

John Rodi

Partner, KPMG Board Leadership Center Leader

Risk assessment is comprehensive, iterative and continual

Comprehensive risk assessment – a prevalent theme at this year’s Conference – is an important agenda item for audit committees. Panelists keyed in on several practical suggestions for audit committees to action.

In an August 2023 statement, SEC Chief Accountant Paul Munter mentioned the importance of taking a holistic approach to risk assessment by looking at entity-level risks in addition to risks that directly impact financial reporting. Panelists stressed the importance of overseeing that management implements a holistic approach by timely identifying and disclosing such risks, as appropriate, and designing and implementing appropriate processes and controls.

Robust risk assessment

A company’s risk assessment process must account for the myriad of risks impacting financial and operating results, which can change rapidly in this fast-moving world. Therefore, it is imperative for an audit committee to ensure that management’s risk assessment process is robust.

Panelists noted that oversight of this process can be daunting for an audit committee, but they offered helpful suggestions for managing this responsibility, including a number of questions to ask management.  

Ask: Which executives are responsible for identifying material financial, liquidity and operating risks?

Ask: How is management mitigating these risks?

Ask: Does management have an incident response plan that can be used for a wide range of incidents or crises?

New ESG regulatory mandates are growing

Newly released and anticipated regulatory mandates will dramatically increase climate, sustainability and other ESG disclosure requirements for US companies. While companies await final SEC climate rules, the landscape is moving and companies are preparing to comply with a number of sustainability mandates, including: 

  • California climate legislation signed into law in October 2023 – including carbon offset disclosures that are required for January 1, 2024
  • European Sustainability Reporting Standards issued under the EU’s Corporate Sustainability Reporting Directive, which require comprehensive sustainability reporting of impacts, risks and opportunities to a broad range of stakeholders
  • IFRS Sustainability Disclosure Standards issued by the International Sustainability Standards Board, which require comprehensive sustainability reporting of risks and opportunities to primary stakeholders such as investors.

Just determining which standards apply, applicable effective dates and the level of interoperability of the standards requires significant planning. Beyond these preparatory activities, actually complying with the mandates will be a major undertaking. Board oversight of this process is critical, particularly because cross-functional management teams will be needed – e.g. management’s disclosure committee and an ESG team/committee.  

A separate ESG panel on Day 3 of the Conference is expected to cover operational challenges of sustainability reporting.

See our ESG reporting resources here.

New cybersecurity disclosure mandate from the SEC

The SEC’s rules require several new and enhanced disclosures on cybersecurity risk management, strategy, governance and incident reporting. Companies must disclose new information in two broad categories.

Material cybersecurity incidents

Companies must disclose a material cybersecurity incident on Form 8-K within four business days of concluding that the incident was material. The materiality assessment must be made without unreasonable delay after discovering an incident.

Ask: Is management’s cyber incident response plan up to date and is management capable of timely assessing the materiality of cyber incidents?

Kurt Kuehn, Henry Schein Inc. Board member, warned that it may be very challenging to assess materiality within a reasonable time after an incident occurs. However, Kuehn suggested airing on the side of disclosing because transparency is key.

Cybersecurity risk management, strategy and governance disclosures

Detailed and extensive disclosures on these topics are required in annual reports on Form 10-K.

Ask: Does management have the right team assembled to reassess the company’s existing risk management and governance processes, ensuring compliance with these weighty disclosure requirements? 

The audit committee should consider what resources and processes management’s disclosure committee needs in developing and maintaining cybersecurity-related disclosure controls and procedures and internal control over financial reporting.   

Read more about the requirements here.

Generative AI (GenAI)

How to leverage GenAI is a trending topic in C Suites across the globe, as evidenced by the 2023 KPMG US AI Risk Survey. From a finance perspective, survey respondents expect an increase in the use of AI models and expect new audit requirements for AI models by the end of 2026.

The C Suite focus on GenAI likely means that the oversight of this technology will be a priority for many boards in 2024. At a minimum, the audit committee may be tasked with overseeing compliance with differing laws and regulations governing this technology, including the development and maintenance of related internal controls and disclosure controls and procedures. However, it may have broader oversight responsibilities, such as oversight of aspects of the company’s governance structure for developing and using GenAI. 

Oversight of GenAI

Panelists mentioned several issues that boards are considering regarding GenAI. They couched these issues in the form of questions to ask.

Ask: What GenAI does the company currently use and for what purpose?

Ask: What are potential additional uses – e.g. how is our industry using GenAI?

Ask: What risks present themselves in the current and potential use of GenAI?

Ask: How is the use of GenAI being documented – e.g. are the inputs into the process being properly recorded?

Ask: What guardrails are appropriate to put into place regarding the use of GenAI?

Additional technology panels on Day 3 of the Conference are expected to highlight the investor perspectives on GenAI and further insights from preparers and auditors.

Read more about GenAI on our dedicated resource page here.

Accounting Research Online

Access our accounting research website for additional resources for your financial reporting needs.

Access ARO

KPMG. Make the Difference.


Some or all of the services described herein may not be permissible for KPMG audit clients and their affiliates or related entities.

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation. KPMG LLP does not provide legal services.

The information contained herein is not intended to be “written advice concerning one or more Federal tax matters” subject to the requirements of section 10.37(a)(2) of Treasury Department Circular 230.

© 2024 KPMG LLP, a Delaware limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.

For more detail about the structure of the KPMG global organization please visit https://home.kpmg/governance.

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's Privacy Statement.

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Search now!

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Submit

Office locations

View locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Learn more

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.

Contact

Headline