There is constant debate around who should own the cyber risk oversight responsibility: the audit committee, the full board, or a dedicated risk oversight committee? Host TK Kerstetter poses the question to Cindy Fornelli (Executive Director, Center for Audit Quality) and Jonathan Foster (Audit Chair, Masonite International Corp.) who agree to disagree with some of his foundational beliefs.

This show also looks at the role of strategy with respect to risk management, as well as asks the question, “What is the outside auditor’s role in cyber risk?” All panelists confirm that, although it is ultimately a full board’s responsibility to oversee risk, in most companies it is currently “owned” by the audit committee.

As cyber risk continues to escalate — and with audit committees having little room in their agendas to deal with such growing concerns — other options for oversight must be considered.

» Don’t miss Part 2 of this series. Watch here.