Top Audit Risk Areas Internal Audit Should Be Targeting in 2021
The era of digital advancement has increased both opportunity and uncertainty for many organizations around the globe. As a result, the role of internal auditors has evolved — now becoming an essential partner for organizational oversight and risk management.
What Are Key Audit Risks?
Some audit risk areas are so pervasive with such a high potential impact that all auditors must consider how these could affect their organizations. These high-risk audit areas are referred to as key audit risks. Key audit risk areas change as these are influenced by business decisions, competition, and world events. As you plan to audit areas of concern for the year, make sure you consider the top audit risk areas for 2021.
Audit Risk Areas Moving Into 2021
What are audit risk factors organizations face this year? Protiviti’s 2021 Top Risks and Gartner’s 2021 Audit Plan Hot Spots reports both highlight the top risk areas auditors should target. Based on global responses from 1,081 C-Suite and board members, Protiviti cites 36 examples of high-risk audit areas across three dimensions — macroeconomic, strategic, and operational risks
Moving into 2021, macroeconomic, strategic, and operational risks — combined with increasing governance requirements, advancements in technology, and pandemic fatigue — will require internal auditors to continually expand the scope of their role by taking a holistic view to help businesses identify and manage a broader range of potential risks.
What Are the Top Risks Organizations Will Face this Year?
The Gartner Audit Plan Hot Spots report summarizes examples of high-risk audit areas into three groups: Heightened Focus on Organizational Resilience, Elevated Macro Environment Uncertainty, and Humanization vs. Dehumanization of the Workforce, all of which are a result of the global pandemic. Under these topics we find risks related to IT and Data Governance, Cybersecurity and Business Continuity both related to working from home, and Talent Resilience caused by declining employee well-being.
What Were the Top Risks Organizations Faced in 2020?
What are audit risk factors faced last year compared to this year? Comparing 2021 to 2020 is important since many of the risks are the same as last year — just with different drivers. Of those top audit risk areas mentioned, only Talent Resilience is new for 2021.
Macroeconomic Risks
Centered around broader local and international economic-based factors — issues covering financial and currency volatility, national and international political influence, global trade, and the availability of capital for growth are mentioned. General economic and geopolitical conditions, digital technology adoption, labor costs, and interest rates are also of concern.
Strategic Risks
Regulatory hurdles, the rapid pace of technology adoption, social media impact on business activities, and changes in environmental, social, and corporate governance came up as strategic issues — with competition from new entrants, mechanisms for growth, customer loyalty, and performance issues also high on the list.
Operational Risks
Operational concerns here involve leadership team behaviors, conduct, and succession planning — supplier scarcity or pricing of supplies, vendor outsourcing, cyber threat preparedness, and privacy concerns also surfaced. Transitioning from legacy systems to become more technologically advanced, leveraging analytics for increased productivity and agility, resistance to change, and having a culture that doesn’t embrace timely risk identification and escalation were also identified potential problems.
According to Protiviti’s Executive Vice President of Global Industry Program, Pat Scott, “As organizations across the globe strive to strengthen their competitive position by advancing their digital maturity and embracing the transformative potential of technology,” business leaders are concerned with balancing team and culture against technology and innovation.
This sentiment is further supported by the findings in Gartner’s 2020 Audit Plan Hot Spots report from interviews of Chief Audit Executives (CAEs) from around the world — citing 12 key risks, grouped by four key themes, that auditors will focus on this year.
Escalating Operational Complexity
With growth comes increased complexity and disruption — organizational resilience will be put to the test as the development or expansion of ecosystems takes place. Organizations will struggle to align talent, resources, and processes with their overall strategy — with increasing pressure to improve coordination and communication to improve agility.
- Internal Audit Action: Auditors can partner with organizations to help re-evaluate approaches to strategic workforce planning and to ensure that all strategic decision-making is built around a strong risk culture.
Increasing Impacts of Data Breaches
There’s no doubt that data is essential to running a business effectively these days. Collecting, managing, and especially protecting data remains critical. Data storage, management, and protection are significant areas of concern as organizations try to leverage relevant data for strategic decision-making. Many businesses will still struggle to adopt data governance frameworks or develop governance strategies in general.
- Internal Audit Action: Internal audit teams will need to work closely with the organization to establish processes to address growing regulatory requirements.
Digital Business Transformation
High competition, the rapid pace of technological advancement, and other environmental factors have placed a heavy burden on organizations to digitally transform their operations to stay competitive — potentially, even relevant. The trouble is, many digital transformation projects fail due to the lack of strategic focus or alignment, internal control gaps, or other governance issues. It’s easy for security gaps to surface or widen as processes and technologies change — cybersecurity vulnerabilities, human error, software integrations, and many other factors will create or increase risk points.
More organizations are also adopting Artificial Intelligence — offering tremendous benefits to improve productivity and streamline processes. In the process, “organizations risk unintended compliance and ethics violations and significant reputational damage,” according to Gartner’s findings. Project management is an area that’s front and center for organizations, with many projects focused on digital transformation. For projects to be successful, proven standardized project management practices need to be established and followed — without these, valuable financial and human resources will be misallocated and wasted.
- Internal Audit Action: As digital transformation projects increase, auditors will need to focus on stepping up governance, security, and IT asset management.
Elevated Geopolitical and Regulatory Volatility
As third party organizations become more intertwined with critical business functions, there will be a need for closer attention to changing regulations, reputational risks, and security issues that can have an impact upon them. If this wasn’t enough — around the world, natural disasters are becoming more frequent and devastating — while the global trade system also faces more volatility. These issues will force organizations to find new ways to secure their supply chains. Volatility will continue to play a role — trade tensions, environmental concerns, geopolitical alliances, and increased regulatory and public scrutiny will push organizations to find new ways to prepare for and adapt to unpredictable situations.
- Internal Audit Action: Audit professionals will need to keep increased corporate accountability and new regulatory requirements top of mind as they work to help organizations to address potential issues and the rising cost to organizations for compliance failures.
Many macroeconomic, strategic, and operational risks may not be within your organization’s control. By focusing on the risk areas mentioned, high performing internal audit teams provide tremendous value to organizations and help ensure strategic decision-making is built around a strong risk culture. This helps organizations prepare for challenges and also equip them to take advantage of opportunities.
