What Audit Committees Are Wrestling With

Discover what is top of mind for audit committees as companies prepare for 2026.

As tariff-related uncertainties dominate the business landscape and boardroom conversations, keeping other critical issues front-and-center will require focused agendas and a wide lens.

To better understand what is top of mind for audit committees as they help their boards and companies navigate the challenges and opportunities of the shifting business and risk landscape, KPMG surveyed more than 600 audit committee members and chairs around the globe. Below are key takeaways from 85 US survey respondents that provide timely insights to help audit committees in the United States benchmark and calibrate their oversight practices and priorities.

Top Concerns

Not surprisingly, the increased complexity of the business and risk environment and the geoeconomic landscape are top of mind (88 percent and 69 percent, respectively) among audit committee members and chairs responding to our survey. The rigor of the control environment (36%) and talent issues in the finance or internal audit functions (25%) are also key areas impacting the audit committee’s agenda in the months ahead.

Cybersecurity (71%) and third-party vulnerabilities (62%) are viewed as top challenges related to a company's digital activities. Ransomware, intellectual property (IP) risk, and data privacy (32%) are of particular concern for audit committee members, as is reputational risk (32%).

With respect to the company’s use of generative artificial intelligence (genAI), when ask what associated risks are generating significant discussion in their audit committee meetings, more than 40 percent of those surveyed cited increased cybersecurity risk, including risks posed by hackers’ use of genAI. Additionally, more than one-third cited cybersecurity, including ransomware and IP risk. Twenty-eight percent cited data privacy and compliance risks posed by various genAI-related and other laws and regulations.

Meanwhile, 27 percent named IP risks, including the risk of unintended disclosure of the company’s IP to an open genAI system and unintended use of third-party IP, as a topic generating significant discussion in meetings.

Risk and Potential Oversight Gaps

The survey data suggest that most audit committees continue to shoulder heavy risk agendas. In addition to financial reporting and related control risks, respondents reported that their audit committees have significant oversight responsibilities for cybersecurity and information technology (75%), management’s enterprise risk management processes (74%), legal and regulatory compliance (72%), and data governance (53%).

Potential gaps in oversight, particularly in relation to cybersecurity, data privacy, and AI (49%), as well as geopolitical risks (36%) and supply chain risks (28%), are top concerns.

The survey findings also suggest that risk management may still be a work in progress for some companies. While 58 percent of respondents believe the company’s risk management and reporting capability is keeping pace with the risk environment, only 26 percent of respondents described it as sophisticated, and 12 percent said it is struggling to keep pace.

Moreover, although 59 percent of respondents said they are confident that there is a clear, common understanding of the company’s mission-critical risks across the board and management, that is significantly lower than the 72 percent response to that same question in KPMG’s 2023 Audit Committee Survey.

Audit Committee Workload

While most survey respondents (44%) continue to believe their committee’s workload is appropriate, 41 percent reported addressing workload concerns by improving the focus of meeting agendas, materials, and management presentations. Eighteen percent reported reassessing the committee’s skills, expertise, and composition. Only 16 percent said the committee is reallocating risk oversight responsibilities among committees.

As a bellwether for the business and the board, the audit committee’s perspective provides important context. These survey findings can help spark timely conversations about the challenges and priorities driving board and committee oversight in the months ahead.

The views expressed in this article are the authors’ own and do not represent the perspective of NACD.

KPMG LLP is a NACD strategic content partner, providing directors with critical and timely information, and perspectives. KPMG LLP is a financial supporter of the NACD.