It’s time to close another volume of The Bulletin — our newsletter series that focuses on key corporate governance and risk management issues for organizations. This volume focuses on a variety of topics, including the essential attributes underlying a successful company’s confidence in facing the future, and the importance of improving corporate culture and promoting sustainable development. We hope these discussions help your organization thrive in an increasingly complex business environment. All issues of The Bulletin are available at www.protiviti.com/bulletin.
Our suggested 2016 priorities for the audit committee include updating the enterprise’s risk profile so that it considers current conditions, addressing technology-related risks, evaluating the tone at the top, and ensuring that finance and internal audit functions meet the organization’s needs. We also recommend that companies evaluate and enhance their processes to meet the new revenue recognition accounting standard, attend to issues raised by the Public Company Accounting Oversight Board (PCAOB), and prepare for possible revisions to the U.S. Securities and Exchange Commission’s (SEC) requirements for audit committee disclosures.
The 2016 exposure draft of COSO’s update of the Enterprise Risk Management — Integrated Framework, released for public comment, reflects a markedly different emphasis on ERM. That emphasis includes the significance of risk governance and culture, and setting strategy based on an understanding of the underlying inherent risks as well as the alignment of strategy with the enterprise’s mission, vision and core values.
This issue takes another look at Protiviti’s concept of the future auditor, a practitioner embodying the definition of auditing set forth by The Institute of Internal Auditors: “an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations.” To add value and drive improvement, the auditor should focus more on strategic risks, think beyond the scope of the audit plan, play the role of a consultant, and improve their stature in the enterprise.
This issue focuses on how confidence in a competitive business environment results from a commitment to a vision, as well as from heightened awareness of and adaptation to the environment, awareness of risk, emphasis on learning and creativity, and resilience.
Looking forward to 2017, we advise audit committees to identify risks and consider cybersecurity, privacy and identity, and other issues; attend to risk culture and monitoring the tone at the top and in the middle; ensure the enterprise’s finance function is sufficiently resourced; and support internal audit. We also emphasize the need to monitor progress on adopting the new revenue recognition and lease accounting standards and respond to certain sensitive financial reporting risk areas.
This follow-up to Issue 4 outlines how businesses can approach the future with confidence, including having the qualities necessary to adapt to change. It offers some specific examples of companies that have demonstrated different attributes of confidence, including the Walt Disney Company and IBM.
This issue outlines the future auditor’s enhancement of the relationship with the audit committee on three distinctive but interrelated fronts – risk, value and communications. We offer 20 ideas and suggestions arrayed among these three areas of focus.
This issue discusses the factors that prompted COSO to release its updated ERM framework and how the update raises the bar for ERM implementations. We explore the current state of ERM, explain its shortcomings and outline four themes for improving ERM – implementation with strategy, integration with performance, linkage of risk with decision-making, and establishing a strong foundation with risk governance and culture. In exploring how enterprises can advance their ERM, we use a maturity continuum to illustrate the ERM journey.
Protiviti offers eight issues for audit committees to consider when approaching 2018. Regarding enterprise, process and technology risk issues, we focus on assessing the committee’s composition and focus; understanding potential critical risks to the organization and their impact on financial and public reporting; and monitoring tone at the top and its alignment with the tone at the middle. Regarding financial reporting issues, we suggest that directors monitor implementation of the revenue recognition standard, evaluate whether the organization’s priorities are aligned with certain issues raised by the SEC staff and PCAOB, and focus on upcoming changes in accounting and reporting.
This issue revisits the importance of approaching ERM with a risk-informed perspective, outlining the factors that constitute the foundation of an effective enterprisewide approach: risk governance, risk appetite and risk culture. We examine how a risk-informed approach can advance the maturity of ERM in an organization and discuss ideas around measuring the success of ERM.
Our discussion in this issue covers integrating sustainable development into a business. We outline the evolution of the sustainability concept in the business environment and the importance of, and obstacles to, the use of environmental, social and governance (ESG) investment criteria. In outlining a high-level approach to addressing sustainability, we introduce an ESG continuum to provide a road map for transforming an enterprise’s business model to proactively promote sustainability.
This issue explores the topic of corporate culture, a vital enterprise asset that drives positive outcomes just as it can be a root cause of unwanted outcomes. We emphasize the importance of intellectual curiosity at the top of the organization in understanding all aspects of the corporate culture and comment on the importance of engaging all three lines of defense in gaining that understanding.