For the past 12 years, I’ve taken year-end as an opportunity to recognize significant events impacting the internal audit profession. I’m pleased to continue the tradition, as 2022 gave us no shortage of worthy headlines. As we look back over the past year, the following headlines influenced internal auditors’ focus in 2022.
We entered 2022 with our hair on fire about inflation. Now, head-spinning macroeconomic developments are taking center stage. With recessionary concerns impacting decision-making, economic uncertainty is creating massive risk for internal auditors and the organizations they serve — risk that will continue long into 2023.
We’ve gone from a too-hot economy to one that’s likely cooling too fast. Many markets hit peak inflation above 10%. Will it be a soft landing in which we can bring inflation down to a nice, even level? Or a rough landing, with high unemployment and a real recession on our hands?
Economic downturns hold both threats and opportunities for internal audit. Even as we face budget and resource pressures, we need to roll up our sleeves, follow the risks, and get to work demonstrating our value. We can learn from past lessons about cost-reduction successes and failures. We can look toward emerging risk areas, as well as evolving second- and third-order risks (e.g., fraud, capital market volatility, supply chain disruption). We can use hindsight, insight, and foresight to help our organizations navigate uncertainty, focusing foremost on the risks that could prevent them from achieving their objectives.
We’re living in an era of climate of political and geopolitical instability that is unprecedented in our lifetimes. The war in Europe continues to disrupt, heightening security risks, challenging diplomacy, and impacting everything from food supply to fuel prices, energy security, and far beyond. The relationships between China, its Asian neighbors, and the U.S. grow more uncertain. The U.S. midterms became a story of the red wave that wasn’t, calling into question the course of legislation, regulations, and compliance risks. Throw in a year in which the U.K. had not one but three new prime ministers, and the formula for global turmoil feels complete.
These unresolved conflicts and questions will not find tidy resolution. The world order is rebalancing geopolitically and financially. This environment offers new risk sources daily, magnifying assessment, management, and monitoring challenges.
Internal auditors must be risk-centric in understanding and responding, taking a proactive approach to assessing related risks. Gather intelligence on challenges and opportunities, and conduct a baseline risk assessment. Take a portfolio view of risks to better understand internal and external implications and interdependencies, including risks that challenge organizational resilience. Integrate systematic geopolitical/political risk management with existing processes.
After years of hinting, the U.S. Securities and Exchange Commission (SEC) finally announced its proposed climate disclosure rule. The legislation, which would require disclosure of financially material climate-related risks (including greenhouse gas emissions) and “climate-related financial metrics” within the audited financial statements, may have the longest-term impact on internal audit since the Sarbanes-Oxley Act (SOX) of 2002. As I often say, today’s legislative and regulatory headlines are tomorrow’s compliance risks — and I absolutely believe the SEC climate rule could generate a SOX-like impac ton internal audit.
This is a vital opportunity for internal auditors to demonstrate their value. Environmental, social, and governance (ESG) risks have regulatory, reputational, ethical, shareholder, and operational implications for most companies. Related challenges and opportunities for internal audit include providing assurance around readiness, including identifying gaps in the planned disclosure process; reviewing controls over the accuracy, completeness, and auditability of data; effectively leveraging technology; and helping companies foster cultures of compliance.
While talent management is another global malaise, it’s a generational crisis within internal audit. AuditBoard’s 2023 Focus on the Future survey of leading internal audit executives identified “difficulty in attracting and retaining quality talent” as the top strategic risk facing internal audit. In a November LinkedIn poll asking respondents which risks/events had most disrupted their organizations in 2022 — choosing between inflation, war in Europe, talent shortage, or environment / climate change — nearly half (47%) selected “talent shortage.”
Internal audit must strive to reimagine recruiting and retention. That includes rethinking benefits packages, offering more varied assignments, and considering candidates from nontraditional backgrounds. CAEs must also invest time in developing the auditors that will help our companies navigate the risks of the future.
The ink is still wet on this one, but FTX may yet rival the most iconic corporate scandals in history. Billions of dollars appear to be either lost or stolen. This should be a wake-up call not only for cryptocurrency, but for the entire global business community. The FTX debacle is a seismic event reminding us that culture and governance still matter, and that unheard problems only get worse.
FTX’s bankruptcy filing and leaked financials revealed, in the words of new FTX CEO John J. Ray III — the restructuring expert who oversaw Enron’s liquidation — “an absence of independent governance” and “compromised systems integrity.” He continued, “Never in my career have I seen such a complete failure of corporate control.” The documents also revealed countless red flags that should’ve led to increased scrutiny, but that too many investors and employees elected to ignore. FTX didn’t have a board, audit committee, or internal audit function.
Good governance can’t happen if a culture doesn’t value it. With its finger on the pulse of culture, internal audit can help identify problems before they become scandals. We can offer the perspectives needed to stay out of the headlines and on the path to achieving business objectives. FTX can help us refocus our organizations on the critical importance of strong internal controls and risk management. After all, even the best business strategies and smartest teams can fail without a culture that values good governance.
Today’s Headlines Are Tomorrow’s Risks
If you’d told me in January that my year-end headlines wouldn’t mention COVID, I wouldn’t have believed you. Still, this year’s headlines reflect a world changed by COVID, reminding us that second- and third-order risks require attention as first-order risks abate. They represent the continuing story of the risk-induced disruption best characterized as risk bedlam. Lastly, they re-emphasize internal audit’s responsibility to educate ourselves, our fellow practitioners, and other stakeholders about emerging risks, and to help our organizations respond in ways that support compliance while protecting and enhancing value.
Richard Chambers, CIA, CRMA, CFE, CGAP, is the CEO of Richard F. Chambers & Associates, a global advisory firm for internal audit professionals, and also serves as Senior Internal Audit Advisor at AuditBoard. Previously, he served for over a decade as the president and CEO of The Institute of Internal Auditors (IIA). Connect with Richard on LinkedIn.