Krista Parsons is a Managing Director and Audit Committee Programs Leader, Maureen Bujno is a Managing Director, and Kimia Clemente is a Senior Manager at the Center for Board Effectiveness at Deloitte & Touche LLP. This post is based on a Deloitte memorandum by Ms. Parsons, Ms. Bujno, Ms. Clemente, and Nidhi Sheth.
The audit committee’s role in risk oversight
Predicting the future is difficult, particularly in times of change and uncertainty. However, it seems safe to predict that the 2023 agendas of many audit committees will be risk-centric.
Of course, risk oversight is among the most important—if not the most important—of the audit committee’s responsibilities. While the audit committee is not responsible for overseeing all of a company’s risks, it is often responsible for oversight of the company’s risk oversight policies and processes, principally the enterprise risk program. This program, which management leads, entails identifying key risks across the organization, from financial risks to workforce risks and from risks due to raw material shortages to risks arising from natural disasters and other crises. In other words, except in cases where a company has a risk committee,[1] the audit committee oversees the process of evaluating and managing risks that could pose a threat to the company’s viability and success. According to the latest Audit Committee Practices Report published by Deloitte and the Center for Audit Quality, 43% of the total respondents surveyed said that the audit committee has primary oversight responsibility for enterprise risk management.
However, the audit committee’s responsibility for risk oversight goes beyond understanding and advising with regard to the creation and implementation of a sound enterprise risk program. The committee is charged with understanding and advising on how management continuously identifies, monitors, and assesses risks and ensuring that material risks are allocated to the full board or the appropriate committee. And the audit committee is itself responsible for overseeing key areas of risk, such as risks that impact financial reporting and disclosure, including internal controls and fraud.