Shifting enterprise risks: New action steps for the audit committee’s year-end agenda

Best moments of the October 20, 2016 session


There is an underlying tension for audit committees. That tension is between traditional items on the audit committee’s agenda and the more dynamic, broadening set of risks affecting the company. A recent Directors Series panel discussed how this broadening set of risks is shaping the corporate landscape, affects the work of the audit committee, and the new actions audit committees need to take in response to these risks.

Deloitte | Directors Series

Reflections on the risk set - Remarks from Tim Penner

Tim Penner

Intact Financial Corporation

“The board needs to take responsibility for making sure management is looking around the bend at what might possibly be coming their way.” – Tim Penner

Tim currently serves on several boards, including the Board of Intact Financial Corporation, SickKids Hospital, MaRS Innovation, Club Coffee, The Beer Store and he is a Director and Past Chair of the YMCA of Greater Toronto.

Download Tim's questions for your board to discuss

Perspectives from a director of a global investor - Remarks from Lynn Haight

Lynn Haight

PSP Investments

“The audit committee has a responsibility to do scenario planning, which really gets outside the box and the committee’s conventional agenda.” – Lynn Haight

Lynn serves on the board of directors of PSP Investments. She is a also member of the Board of Directors and Chair of the Consultative Group on International Agricultural Research (CGIAR) at the World Bank and a member of the Board of Green Shield Canada.

Download Lynn's questions for your board to discuss

Impact of broadening risks on the Audit Committee’s traditional agenda - Remarks from Deb DeHaas

Deb DeHaas

Vice Chairman, Chief Inclusion Officer, and National Managing Partner, Center for Board Effectiveness
Deloitte LLP

“I think about the capacity of the audit committee. How do committees create more time to spend on the items that really matter? Do the committee members have the right skills to focus on the key risks that need to be addressed today and in the future?” – Deb DeHaas

Deb is responsible for Deloitte’s boardroom programs that support corporate boards and directors in fulfilling their governance-related responsibilities.

Download Deb's questions for your board to discuss

Egregious Behaviour, Culture Risk and Governance - Remarks from Jim Goodfellow

Jim Goodfellow

Corporate Director
Canadian Tire Corporation Limited, Canadian Tire Bank

“Audit committees need to go beyond the numbers and facts presented in internal audit and other reports and focus on culture because that’s what will determine the effectiveness of your control systems, risk management and whistleblower programs.” – Jim Goodfellow

Jim is a Corporate Director. He serves on the Board of Canadian Tire Corporation Limited and also provides consulting services on corporate governance, risk governance and financial reporting matters.

Download Jim's questions for your board to discuss

Richard Olfert

Managing Partner, Regulatory, Quality and Risk

Richard also serves as a member of Deloitte Canada’s Executive, on the Global Risk and Regulatory committees and as a director of Nautilus Indemnity Limited, DTTL’s global captive insurer.

Richard Olfert

For more information, get in touch via:

Closing thoughts from Richard

  1. Do a non-traditional deep dive. Find an area of importance to you and the organization, such as its tax planning strategy and understanding the potential jurisdictional risks, or how the organization evaluates the potential for fraud and how management then puts in place controls to detect and prevent and monitor that fraud activity. Once you’ve picked that topic, ask management for an in-depth view on their management processes and get an understanding of the risks that come out of it. Engage in the conversation and only stop asking questions once you’re comfortable.
  2. Follow up on an area where the regulators who oversee your enterprise have given direction. For example, public companies might want to look at non-GAAP measures or the whistleblower program. Ask management for an in-depth view on how the company is following the directive that’s been given by the regulator, not just following the letter of the directive, but assess whether the spirit of the directive is being accomplished.
  3. Insist that non-traditional topics be placed on the audit committee’s agenda since audit committees need to understand the situation and do the right thing, which could mean challenging the status quo. Doing the right thing is hard and it takes courage. Bring courageous thinking to the challenge of how the work of the audit committee can include a broadening set of risks.

Want us to meet with your board to discuss these issues further?

Contact us