4 minute read
Reportage
Risk in Focus 2022: The latest Chartered IIA analysis of hot topics for internal auditors
focuses on the challenges of auditing amid rapid change, based on findings from 13 European countries. Themes include the lasting consequences of Covid-19. Large sections of the workforce are seeking new employment or migrating into different sectors, triggering staff shortages and high vacancy rates. Workforce and labour market disruptions have implications for culture, while businesses are also contending with critical supply chain issues and inflation risks. In addition, those who ignore the sustainability agenda will risk extinction. The report is intended to inform internal audit’s thinking and provide a benchmark for chief audit executives (CAEs) to contrast and compare their risk assessments.
Advertisement
What are the top five risks your organisation currently faces?
1. Cyber security and data security 82%
2. Changes in laws and regulations
46% 3. Digital disruption, new technology and AI 45% 4. Human capital, diversity and talent management 40% 5. Business continuity, crisis management and disasters response 38% 6. Financial, liquidity and insolvency risks 33% 7. Macroeconomic and geopolitical uncertainty 32% 8. Climate change and environmental sustainability 31% 9. Supply chain, outsourcing and “nth” party risk 30% 10. Organisational culture 27%
0 1 1
1 1 0
1 1 0 1 0 1 0 1 1 1 0 1 0 1 1 1 0 What are the top five risks that your 1 10 10 01 0110 organisation will face three years from now? 1. Cyber security and data security 77%1 11 01 10 0101
2. Digital disruption, new technology and AI
62% 3. Changes in laws and regulations 47% 4. Human capital, diversity and talent management 44% 5. Climate change and environmental sustainability 44%
GOING UP
• Climate change and environmental sustainability • Human capital, diversity and talent management • Business continuity, crisis management and disasters response • Organisational culture 1 0 1 • Health, safety and security 1100 1 GOING DOWN1 1 10 10 1 0 • Financial, liquidity and 1 0 0 insolvency risk 01 0 1 1 0 • Changes in laws and regulations 1 1 1 • Digital disruption, new 101 technology and AI • Communications, reputation and stakeholder relationships • Fraud, bribery and the criminal exploitation of disruption
0 1 1 1 0 0 1 0
311%
– the increase in the ransom paid by victims to have their data and systems decrypted by perpetrators in 2020.
41% increase in the proportion of CAEs who view climate change and environmental sustainability as a top-five risk since last year’s survey.
CAE, Switzerland, insurer and constituent of the Swiss Market Index
Climate change and environmental
sustainability is a moving target that companies will have to make continuous efforts to mitigate for decades to come. This should therefore be considered a “forever risk” that is likely to move up the risk rankings over time.
82%of CAEs said that cyber security and data security are among their top five risks, putting it ahead of any other risk type. 34% of CAEs said it is their single biggest risk. 150%– the increase in the volume of ransomware attacks in 2020. Of these: 56% recovered their data via system backups. 26%paid a ransom to have data returned. 90%global growth in ESG regulations and laws since 2016. 46%of CAES said changes in laws and regulations was in their top five risks – but only 8% saw it as their top risk. 45%of CAEs put digital disruption, new technology and AI in their top five risks – 8% said it was their top risk.
40%of CAEs put human capital, diversity and talent management among their top five risks, a rise from 35% in 2021 and 27% in 2020. 27% of CAEs viewed organisational culture as a top five risk – seven percentage points higher than last year. 38%of CAEs said business continuity, crisis- management and disasters response was a top five risk (34% last year). 1 1 0 1 1 1 0 1 1 1 1 0 1 1 1 0 0 1 0 0 1 0 1 0 0 1 0 1 0 0 1 0 0 1 ! 1 1 0 0 1 1 1 0 1 1 33%of European CAEs viewed financial, liquidity and insolvency risk as one of their top five risks – a fall from the 42% who said the same a year ago. However, 10% saw this as the single biggest risk to their organisation. 32%of CAEs said that macroeconomic and geopolitical uncertainty is one of their top five risks, while 10% said it is their top risk. 31%of CAEs said climate change and environmental sustainability is a top five risk (compared with 22% of CAEs last year). 30%of CAEs said supply chains, outsourcing and “nth” party risk is a top five risk (down one place from last year). 22% of CAEs put health, safety and security in their top five risks (up two places from last year).
