Canadian companies may unwittingly be exposed to cyber risks

KPMG survey reveals audit committee to play key role reducing risk of major company threats

TORONTO, May 27, 2014 /CNW/ - According to KPMG's 2014 Global Audit Committee Survey Report - The Canadian Perspective, the role of audit committees in identifying and assessing risk continues to grow and evolve, expanding beyond traditional areas such as legal/regulatory compliance, anti-bribery/corruption and financial, to now encompass information technology — including cyber security. And this new burden is taking a toll, with 38 per cent of Canadian respondents saying it is becoming "increasingly difficult" to oversee the myriad of responsibilities that are now associated with their role.

While cyber security is considered a growing company threat in the US, only a fraction of Canadian audit committee members seem to agree — 11 per cent perceive it to be a major company challenge, which pales in comparison to the US at 27 per cent. In contrast, when asked if they were satisfied with time spent on cyber security issues by the board, only 31 per cent of Canadian respondents agreed, compared to 55 per cent globally and 57 per cent in the US, leaving much room for improvement in boardrooms around the world. It will be interesting to see if the recent high-profile Heartbleed scare will shift opinion.

Economic/political uncertainty, operational risk, government regulations ranked as top challenges

Of the challenges companies face today, half of Canadian audit committee members surveyed perceive economic and political uncertainty to be the greatest concern followed by operational risk (46 per cent) and government regulations (40 per cent). To tackle these emerging issues, 31 per cent of Canadian companies said their board has recently reallocated or rebalanced risk responsibilities.

Information quality falling short

Given their growing responsibilities, audit committees want to see an improvement in the quality of information they receive on emerging technologies and company growth and innovation plans (especially cyber security). They also want to better understand the company's global systemic risks and supply chain dependencies. Although Canadian audit committees rate much of the information they receive on key risks facing the company (e.g., legal/regulatory compliance, operational risk and public policy developments) as "good" or "generally good", they should reflect on whether there is an increased risk to the company if the information received is not "great". Steps companies can take to improve the quality of risk information they receive, include:

  • Work with management to define or refine the audit committee's (and board's) information needs.
  • Seek out independent sources of information instead of relying exclusively on management.
  • Ensure the board has insight and foresight about the impact of new technologies on the business, the industry and the competitive environment.
  • Ensure management is actively listening to the conversation on social media to better understand the risks, opportunities and changing attitudes and perceptions about the company.

Pace of change slower in Canada

As the role of the audit committee continues to evolve and grow, only half of those surveyed in Canada believe internal audit's role should extend beyond the traditional responsibilities of financial reporting and controls to include other major risks and challenges facing the company. This compares to 66 per cent in the US and 70 per cent globally. Only 28 per cent of Canadian survey respondents are satisfied internal audit currently has the skills and resources to be effective in the role they envision. Steps companies can take to optimize the audit committee's workload, agenda and skills, include:

  • Ensure the committee has the time and expertise for major categories of risk "beyond the core".
  • Consider whether risk oversight responsibilities need to be rebalanced.
  • Leverage additional resources and expertise from internal and external auditors and third-party experts — particularly in the areas of risk and emerging technology.
  • Recognize that internal audit is most effective when it is focused on the critical risks to the business: operational risks and related controls — not just compliance and financial reporting risks.

As the audit committee's role continues to evolve to take on deeper responsibilities for risk, a disconnect is emerging between skills that were traditionally required and those that are now needed to effectively minimize company risk. Boards and management teams across the country must become even more integrated in their approach in order to successfully ward off potential risks.


"Companies across the country must evaluate whether their audit committees are able to meet the growing and changing requirements of the committee's roles. Bridging any gaps in skills and resources will help to ensure they are able to quickly identify both traditional and non-traditional risks threatening the organization."

    - John Gordon, Canadian Managing Partner, Audit, KPMG in Canada


2014 Global Audit Committee Survey - The Canadian Perspective
KPMG Website
KPMG on LinkedIn

About KPMG's 2014 Global Audit Committee Survey Report - The Canadian Perspective

This report is based on responses from approximately 1420 audit committee members in 34 countries, between September and November 2013. All survey respondents serve on the audit committee, or equivalent supervisory board, of at least one company. Of the 145 Canadian respondents, 53 per cent were audit committee chairs and 43 per cent serve on audit committees of companies that earn less than $250 million in annual revenue. Respondents were asked to answer survey questions based on the largest company they represent, by revenue.

About KPMG

KPMG LLP, an Audit, Tax and Advisory firm ( and a Canadian limited liability partnership established under the laws of Ontario, is the Canadian member firm of KPMG International Cooperative ("KPMG International"). KPMG member firms around the world have 155,000 professionals, in 155 countries.

The independent member firms of the KPMG network are affiliated with KPMG International, a Swiss entity. Each KPMG firm is a legally distinct and separate entity, and describes itself as such.

Image with caption: "Audit Committee Survey Infographic (CNW Group/KPMG LLP)". Image available at:


For further information:

Kira Froese
National Manager, Communications
KPMG in Canada


Jetez un coup d’œil sur nos forfaits personnalisés ou créez le vôtre selon vos besoins de communication particuliers.

Commencez dès aujourd'hui .


Remplissez un formulaire d'adhésion à CNW ou communiquez avec nous au 1-877-269-7890.


Demandez plus d'informations sur les produits et services de CNW ou communiquez avec nous au 1‑877-269-7890.