Helping clients meet their business challenges begins with an in-depth understanding of the industries in which they work. That’s why KPMG LLP established its industry-driven structure. In fact, KPMG LLP was the first of the Big Four firms to organize itself along the same industry lines as clients.

How We Work

We bring together passionate problem-solvers, innovative technologies, and full-service capabilities to create opportunity with every insight.

Learn more

Careers & Culture

What is culture? Culture is how we do things around here. It is the combination of a predominant mindset, actions (both big and small) that we all commit to every day, and the underlying processes, programs and systems supporting how work gets done.

Learn more

Clarifying committee oversight

Boards may need to reassess whether their delegation of risk oversight responsibilities is clear, properly aligned, and coordinated.

The unprecedented events of the past two years have put corporate governance processes, particularly board and committee oversight of the company’s major enterprise risks, to the test. With board stand­ing committees now playing such a vital role in helping boards carry out their risk oversight, there is a premium on clearly delineating the responsibilities of each committee for the various categories of risk, particularly where there are overlapping responsibilities. 

Given the increasing number and complexity of risks companies face today, many boards are delegating specific risk oversight duties to standing committees for a more intensive review than the full board can undertake. Depending on the company size and industry, we see boards delegating to various committees responsibility to support the board’s oversight of mission-critical risks, as well as climate; environmental, social, and governance (ESG); human capital management; cybersecurity and data governance; legal and regula­tory compliance; supply chain; mergers and acquisitions; and more. 

At the same time, many boards are looking to reduce the burden on the audit committee to oversee major categories of risk beyond its core oversight responsibilities (financial reporting, related internal controls, and oversight of internal and external auditors). This is in response to concerns about the committee’s already heavy workload in its core areas of responsibility, and whether it has the expertise to oversee major evolving risks such as cybersecurity, data security, and global regulatory compliance, as well as climate and other ESG risks. 

In this environment, boards may need to reassess whether their delegation of risk oversight responsibilities to each stand­ing committee is clear, properly aligned, and coordinated across committees—particularly when there is overlap. For example, the nominating and governance (or sustainability), compensation, and audit committees likely have overlapping responsibilities in the oversight of ESG issues. Cybersecurity oversight may reside with a technology or other committee, but the audit committee likely has oversight responsibility for some aspects of cybersecurity and data governance. Human capital management issues—from ethics and compliance to talent development and performance incentives—may also touch different committee agendas.

The challenge for the board is to clearly define the risk oversight responsibilities of each committee, with the goal of ensuring “that management has implemented an appropriate system to manage these risks, i.e., to identify, assess, mitigate, monitor, and communi­cate about these risks,” as noted in the Report of the NACD Blue Ribbon Commission on Risk Governance: Balancing Risk and Reward.

A particular area of focus should be the clarification of overlapping risk oversight responsibilities. For a particular category of risk, boards should clarify a standing committee’s versus the audit committee’s oversight responsibility for: 

  • Periodic risk inventories and assessments for the risk category
  • The quality of risk information, data, communication, and reporting (internal and external), including the quality of data and information included in sustainability reports
  • Monitoring enterprise risk management performance
  • Internal and external assurances regarding risk assessments and controls
  • Monitoring internal controls to mitigate the risk and respond if a risk event occurs (the audit committee’s responsibility to oversee internal controls over financial reporting is clear; however, there may be a need for more clarity regarding the role of the audit and standing committees in overseeing the broader internal control environment) 

Even when the board assigns oversight responsibility for a partic­ular category of risk to another committee, the audit committee will continue to have important responsibilities, including oversight of internal audit’s assurance activities for that risk, as well as oversight of management’s disclosure controls and procedures for reporting on the risk in US Securities and Exchange Commission filings.

Oversight of a company’s major enterprise risks is a formidable undertaking for any board and its committees. Critical to meeting that challenge is to ensure that there is a clear delineation of the risk oversight responsibilities of each standing committee, and that the standing committee structure enables effective board oversight of the company’s enterprise risks. 

This article originally appeared in the Spring 2022 issue of NACD Directorship magazine.

Some or all of the services described herein may not be permissible for KPMG audit clients and their affiliates or related entities.

Dive into our thinking:

Clarifying committee oversight

Download PDF

Meet our team

Image of Patrick Lee
Patrick Lee
Senior Advisor, KPMG Board Leadership Center, KPMG US

Receive the latest insights from the Board Leadership Center

Sign up to receive Board Leadership Weekly and Directors Quarterly

Thank you

Thank you for subscribing. We're excited to welcome you to our community. You can now look forward to the latest news, trends, upcoming events, and thought leadership delivered directly to your inbox.

Subscribe to insights from KPMG Board Leadership Center

Board Leadership Weekly - A weekly email providing the latest news, trends, upcoming events, and thought leadership focused on the board and C‑suite from KPMG, the BLC, and other leading sources. 

Directors Quarterly - A compilation of articles, insights, and upcoming events.

Select publications you want to receive and any topics of interest below. Select all that apply.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's Privacy Statement.

An error occurred. Please contact customer support.

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's Privacy Statement.

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Office locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.