3 need-to-know issues for audit and risk committees to navigate

3 need-to-know issues for audit and risk committees to navigate

Get the big picture on top organizational issues that your audit and risk committees need to know about – and how to handle them, now.

Whether on the audit committee or the risk committee, members know it’s important to see where their organization has been, where it’s going, and what issues are on the horizon. Understanding how the organization is addressing these key areas can help focus efforts and guide next steps.

1. Impending ESG regulations

The environmental, social, and governance (ESG) landscape is constantly shifting. Regulations from the Securities and Exchange Commission (SEC) are still forthcoming, which means now is the time to consider how these regulations could affect an organization’s ESG journey. Audit and risk committee members can review their organization’s overall ESG strategy to spot any potential issues and make suggestions for regulatory compliance. Questions to ask:

  • What processes are needed to measure the identified ESG benchmarks?
  • Which controls will be used to verify that these processes worked?
  • How will measurement occur post-verification?
  • As regulations continue to shift and change, how will companies keep up with those changes in a way that’s proactive?
Impending ESG regulations

ESG implementation challenges will pose a medium risk impact to organizations in the next one to two years. 

“1Q22 Emerging Risk Report,” Gartner, March 2022.

2. Off-site cybersecurity threats

While many risks exist related to cybersecurity, two major concerns stand out. The first is the influence of international pinging and how it’s affecting organizations. Audit and risk committees will want to evaluate the processes their organizations have in place to identify the IP addresses pinging them and understand the implications of those pings. And if those processes aren’t in place, they’ll want to encourage their organizations to create them. With the increase in remote work, it’s also important to consider the implications of network security. While an organization can control (to a certain degree) the level of security inside its offices, it can’t always know the level of security its work-from-home employees have in place. While some industries, such as banking, use a virtual private network to help mitigate this risk, that’s not true for every industry – so audit committees should understand and plan for those risk factors.

Off-site cybersecurity threats


of surveyed companies experienced at least one successful cyberattack in 2021.

“2021 Cyberthreat Defense Report,” CyberEdge Group, 2021.

3. Consistent regulatory changes 

Audit and risk committees need to know what they don’t know – and with the constant changes in regulatory compliance, that can be a daunting task. Between shifting regulations, policy rollbacks, changing accounting standards, emerging technologies, and more, there’s a lot to consider – with implications of associated risks for the organization. Audit committees can be small and insulated in many organizations, which makes it even more important to keep up on these changes and get insight into what’s happening on an organizationwide level. While members of audit and risk committee are limited to a monitoring and evaluation role over management decisions, they do need to understand the policies and procedures management is considering so they can properly assess risk.

Consistent regulatory changes


of surveyed senior executives considered their organizations to be in recovery mode.

“Speed, Agility, and Multi-disciplinary Working: What Clients Want Post-COVID,” Source Global Research, June 2022.

Just because organizations haven’t faced these issues yet doesn’t mean they won’t. If an issue is affecting competitors, it could be (and in fact, probably is) happening to them. Every time audit and risk committee members hear about a risk that has affected a competitor, they should ask themselves – and others in the organization – “Why hasn’t this happened to us? What’s different about how we’re approaching this risk?”

Services and resources for your needs

Whether you’re looking for an audit firm that delivers a customized, risk-based audit approach or you’re seeking insights into the latest issues facing audit committees, our team is here to help. 

Contact us

Our team of specialists can help audit and risk committee members understand the best practices and innovations they can consider to deliver effective oversight. Contact us today to see how we can help your audit committees address these issues – as well as others you might face.
Sal Inserra - Large
Sal Inserra
Partner, Audit & Assurance