Oversight of accounting judgments and estimates and Sarbanes-Oxley Section 404 compliance are the top two priorities for many audit committees this year, suggests the Public Company Audit Committee Member Survey by KPMG's Audit Committee Institute (ACI) and the National Association of Corporate Director.

But the oversight of information technology risk has emerged as a high priority, as well. In fact, only 15 percent of the 282 audit committee members surveyed were "very satisfied" with their oversight of IT and about one in five said their IT risk oversight needed improvement.

"With IT supporting vital information about a company's finances, operations and competitive position and with IT investments consuming a substantial portion of corporate budgets more audit committees are recognizing that information and the technology driving it could pose significant risks to the company's financial reporting and compliance efforts," said Ed Smith, ACI's executive director.

Some 90 percent of respondents said the audit committee should devote more agenda time to IT risk oversight. "Given the increasing importance of information, watch for IT risk to be an ongoing priority for many boards and their audit committees," Smith said.

He noted, however, that given audit committees' ever-expanding agenda, IT risk oversight may need to be shared by other members of the board.

"The ACI survey findings demonstrate a huge gap between the importance that audit committees place on IT risk and how much time they spend focused on it during their already busy meetings," Smith said. "Since audit committees generally have only basic IT experience, there may be a reluctance to invite chief information officers and chief technology officers to their meetings, in part, because there is a lack of common vocabulary."

Smith noted that only 9 percent of audit committee members are "very satisfied" that they devote adequate agenda time to the issue.

Oversight of risk management is also an issue that many audit committee members are still not very comfortable with. Less than a quarter of respondents said they are "very satisfied" with the board's and/or audit committee's oversight of risk management, and about the same number said it "needs improvement."

According to the survey, despite ongoing challenges posed by complex accounting standards and Section 404 compliance, many audit committee members today are confident in their oversight of these fundamental elements of financial reporting. About 80 percent of audit committees are "very satisfied" with their oversight of management's accounting judgments and estimates (a 10-point increase over last year), and some 60 percent said they are "very satisfied" with the amount of time the audit committee spends discussing this issue.

On the oversight of Section 404 compliance, some 70 percent of respondents indicated they are "very satisfied" with the audit committee's oversight in this area, up from 64 percent last year.

By and large, audit committee members also say they have grown more satisfied over the past year with the support they receive from management and auditors, which ACI's Smith points to as a particularly important finding. "As oversight issues become more nuanced and complex, the support the audit committee receives from management and auditors becomes more important than ever to the committee's efficiency and effectiveness."

In addition to these priorities, survey respondents cited legal/regulatory compliance, effectiveness of the internal and external auditors, business strategy, taxes, and fraud risk as being important agenda items for the audit committee.

Among other key survey findings:

• While a substantial number of respondents (44 percent) said they are "very satisfied" that the oversight activities of the audit committee and other board committees are appropriately coordinated and communicated, another 46 percent were only "somewhat satisfied." One in 10 said coordination and communications "needs improvement."
• Many survey respondents (67 percent) said they are "very satisfied" with the approach used to establish their committee's agenda/work plan. Yet, in a related finding, there is still concern that compliance activities detract from the audit committee's overall effectiveness. Some 15 percent said they are "very concerned" about this and 57 percent are "somewhat concerned."
• As in 2005-2006, many respondents said their pre-meeting materials could be improved by better prioritization of issues, more comparisons to industry statistics for benchmarking purposes, and more succinct information.
• Satisfaction with the audit committee's self-evaluation process fell slightly, with only 28 percent of respondents indicating they were "very satisfied" that their self-evaluation approach enhances the committee's effectiveness, compared with 37 percent in 2006.
• Some 45 percent of respondents were "very satisfied" with the effectiveness of the company's internal audit function, while the same number was only "somewhat satisfied" and 9 percent were "not satisfied."

See also:

• Securities and Exchange Commission
• Sarbanes-Oxley Act