SLID and KPMG host 25th Audit Committee Forum on theme 'Audit Committee Responsibilities during an Economic Crisis'

The 25th Audit Committee Forum of Sri Lanka Institute of Directors (SLID) and KPMG discussed the above topic with experts sharing their insights on how Audit committees can navigate the crisis faced by local companies and help mitigate significant emerging risks. It was about learning from this unprecedented crisis and “Not letting a good crisis go to waste”. The experts in the session were Rachael Johnson - Global Head of Risk Management and Corporate Governance, for the Policy and Insights team at ACCA, Shaktha Amaratunge - INED Hemas Holdings & Carson Cumberbatch, Aruni Siriwardena - Advik Consulting & INED Capital Alliance, Lalith Withana - Agility Consulting & INED Softlogic Insurance and discussion leader, Suren Rajakarier of KPMG.

The Greek government-debt crisis (also known as the Greek Depression) refers to the sovereign debt crisis of the Greek state that started in late 2009. The crisis was a direct result of the structural deficiencies of the Greek economy and the loss of confidence that was a result of questionable accounting practices and misreporting of the Greek economy’s economic performance by successive governments.

In 2001, the Greek budget deficit was more than 3% of GDP and government’s debt in excess of 100% of GDP. Moreover, unsustainable debt levels, excessive public spending, increasing credit expansion, massive tax evasion, and finally, high wages that were not supported by proportional productivity gains, all contributed to the decline in Greek economy’s competitiveness. Sri Lanka’s target budget deficit of 6.8% and debt in excess of GDP may leave us in a worse situation. What can Audit Committees do to guide companies in addressing risks emerging from this environment?

It was noted that the core responsibilities of the Board Audit Committee (BAC) would not change due to the environment but how they should adapt their focus to mitigate any significant risks is important. Though financial reporting encompasses everything that a company does, focusing on specific key risks during a crisis would be important.

KPMG’s Board Leadership Centre has reported from its conversations with audit committee members, that overseeing major risks on the audit committee’s agenda beyond the committee’s core oversight responsibilities (financial reporting and related internal controls, and oversight of internal and external auditors) is increasingly difficult. Aside from any additional agenda items (such as climate and ESG risks), the risks that many audit committees have had on their plates for some time—cybersecurity and IT risks, supply chain and other operational risks, legal and regulatory compliance—have become more complex, as have the audit committee’s core responsibilities.

Our experts covered impact of hyperinflation and forex risks, transport & distribution risks, cyber risks, frauds & misconduct, effective risk management, relevant, accurate and timely data to support decision-making and build reliable and credible scenarios for planning purposes, predictive analysis, cultural & leadership risks, etc and the role of audit committees.

Key points noted by Rachael Johnson, Global Head of Risk Management and Corporate Governance, for the Policy and Insights team at ACCA were:

• The global risk landscape has changed dramatically with pandemic-led disruptions, geopolitical tensions and implications of climate change resulting in the emergence of numerous new risks. These new risks have direct implications on organisations’ business models, supply chains and financial performance and the BACs role has to evolve to effectively address these changes.
• BACs should seek to strengthen due diligence for all onboarding processes ensuring the organisation is well aware of who it conducts business with.
• There should be increased collaboration and communication across the three lines of defense, which can support more informed decision making. Independent risk task forces/committees can also be established to increase risk awareness and nurture a culture of risk consciousness.
• BACs can use scenario and predictive analysis to better understand the impacts of emerging risks. This can be facilitated by relying on high-quality, reliable, forward-looking information than merely historical information.
• In general BACs should also seek to review financial information more frequently, increase scrutiny on accounts payable and receivable, strengthen engagement with the management team and drive increased collaboration across the organization. BACs may integrate its activities with the risk task forces/committees to manage emerging risks and require them to report regularly.
  

ACCA’s publication on ‘Rethinking Risk for the Future’ as referred to by the presenter, provides a wider understanding of the global risk climate and suggests Accountants to take the lead in identifying and managing risks. Every organisation has its own risk journey, but companies large or small cannot ignore global risks, such as the pandemic, climate change and digital disruption. Accountants need to measure these not-so-easy-to-quantify risks and provide boards and senior management with the narratives needed to plan and prepare. Each industry has its own inherent risks, but we have learned how ferocious the chain effects can become. The lack of visibility in supply chains, for example, has proved that risk cannot be departmentalised. It needs to be aligned and put into context for everyone in the organisation to understand and embrace.

The panel discussion focused on the effects of Sri Lankan economic situation on companies and how BACs can navigate such issues:

• On the question of how BACs can practically address all these new risk exposures given time and resource constraints. Shaktha Amaratunge highlighted the importance of having defined risk management processes, management ownership of these processes and oversight by the Board. He also affirmed that risks should be prioritised and allocated to the Board, BAC and subsidiary boards based on importance, for more attention. He also highlighted the importance of evaluating readiness for hyperinflation accounting in Sri Lanka.
• Rachael in her view on BACs’ oversight on risk management said that BACs generally still consider only traditional financial risks while the risk landscape has shifted significantly with the emergence of a range of new social, environmental, and technological risks. She added that BACs should request the management to regularly provide non-financial information which may be relevant for the identification and mitigation of these risks.
• Lalith Withana added that BACs need to be more forward-thinking and that new structures (such as risk management task forces) should be brought in to aid this transformation.
• Aruni Siriwardena noted that organisations often have knee jerk responses to issues and highlighted the importance of implementing proactive measures including due diligence and effective risk mitigation processes. She added BACs should be geared to foresee potential problems and evaluate the resilience of the organisation to economic and other shocks. Limits should also be set for certain expenses (such as investments in cybersecurity) depending on how vulnerable the organisation is to the relevant risk.
• On the matter of how Sri Lankan companies can mitigate risks stemming from the current economic risks, Shaktha stressed on the importance of looking beyond traditional financial risks to evaluate strategic and investment risks. He said that BACs should assess rolling cashflow forecasts, conduct meetings more frequently, and place increased emphasis on fraud risks and supply chain related risks.
• Lalith said that organisations with agile and responsive leadership teams had capitalised on the opportunities presented by the crisis and recorded strong performance. Shaktha added that BACs should be comparing quarter-on-quarter performance (rather than y-o-y) which would provide better insights to organisations’ future performance. 

In his concluding remarks, Suren highlighted the importance of using the current crisis as an opportunity to implement processes to support more robust risk management in the future. He also commented on how ESG related risks should be built into BAC structures and relevant non-financial information should be reported to the Board and BAC on a regular basis. Emphasizing that though BACs primary responsibilities would be to focus on financial reporting risks the emerging risks from this crisis will require more attention from the BAC to help navigate organizations.

KPMG’s Audit Committee Institute is committed to providing valuable insight via discussions with BACs in delivering practical experiences, resources, and exchange knowledge to continuously improve financial reporting and audit quality and is also focused on bringing about emerging technologies that need to be leveraged to overcome challenges in dynamic ecosystems. KPMG Sri Lanka facilitates the Audit Committee forum with the SLID which seeks to bring together Audit Committee Members to discuss key issues and challenges in a way that is meaningful and relevant to them and helps them become more effective in their roles.