The era of digital advancement has increased both opportunity and uncertainty for many organizations around the globe. As a result, the role of internal auditors has evolved — now becoming an essential partner for organizational oversight and risk management.
Moving into 2020, macroeconomic, strategic, and operational risks — combined with increasing governance requirements and advancements in technology — will require internal auditors to continually expand the scope of their role by taking a holistic view to help businesses identify and manage a broader range of potential risks.
What are the risks organizations face this year? Protiviti’s 2020 Top Risks and Gartner’s 2020 Audit Plan Hot Spots reports highlight the top risk areas auditors should target. Based on global responses from 1,063 C-Suite and board members, Protiviti cites 30 risks across three dimensions — macroeconomic, strategic, and operational risks.
Centered around broader local and international economic-based factors — issues covering financial and currency volatility, national and international political influence, global trade, and the availability of capital for growth are mentioned. General economic and geopolitical conditions, digital technology adoption, labor costs, and interest rates are also of concern.
Regulatory hurdles, the rapid pace of technology adoption, social media impact on business activities, and changes in environmental, social, and corporate governance came up as strategic issues — with competition from new entrants, mechanisms for growth, customer loyalty, and performance issues also high on the list.
Operational concerns here involve leadership team behaviors, conduct, and succession planning — supplier scarcity or pricing of supplies, vendor outsourcing, cyber threat preparedness, and privacy concerns also surfaced. Transitioning from legacy systems to become more technologically advanced, leveraging analytics for increased productivity and agility, resistance to change, and having a culture that doesn’t embrace timely risk identification and escalation were also identified potential problems.
According to Protiviti’s Executive Vice President of Global Industry Program, Pat Scott, “As organizations across the globe strive to strengthen their competitive position by advancing their digital maturity and embracing the transformative potential of technology,” business leaders are concerned with balancing team and culture against technology and innovation.
This sentiment is further supported by the findings in Gartner’s 2020 Audit Plan Hot Spots report from interviews of Chief Audit Executives (CAEs) from around the world — citing 12 key risks, grouped by four key themes, that auditors will focus on this year.
Escalating Operational Complexity
With growth comes increased complexity and disruption — organizational resilience will be put to the test as the development or expansion of ecosystems takes place. Organizations will struggle to align talent, resources, and processes with their overall strategy — with increasing pressure to improve coordination and communication to improve agility.
- Internal Audit Action: Auditors can partner with organizations to help re-evaluate approaches to strategic workforce planning and to ensure that all strategic decision-making is built around a strong risk culture.
Increasing Impacts of Data Breaches
There’s no doubt that data is essential to running a business effectively these days. Collecting, managing, and especially protecting data remains critical. Data storage, management, and protection are significant areas of concern as organizations try to leverage relevant data for strategic decision-making. Many businesses will still struggle to adopt data governance frameworks or develop governance strategies in general.
- Internal Audit Action: Internal audit teams will need to work closely with the organization to establish processes to address growing regulatory requirements.
Digital Business Transformation
High competition, the rapid pace of technological advancement, and other environmental factors have placed a heavy burden on organizations to digitally transform their operations to stay competitive — potentially, even relevant. The trouble is, many digital transformation projects fail due to the lack of strategic focus or alignment, internal control gaps, or other governance issues. It’s easy for security gaps to surface or widen as processes and technologies change — cybersecurity vulnerabilities, human error, software integrations, and many other factors will create or increase risk points.
More organizations are also adopting Artificial Intelligence — offering tremendous benefits to improve productivity and streamline processes. In the process, “organizations risk unintended compliance and ethics violations and significant reputational damage,” according to Gartner’s findings. Project management is an area that’s front and center for organizations, with many projects focused on digital transformation. For projects to be successful, proven standardized project management practices need to be established and followed — without these, valuable financial and human resources will be misallocated and wasted.
- Internal Audit Action: As digital transformation projects increase, auditors will need to focus on stepping up governance, security, and IT asset management.
Elevated Geopolitical and Regulatory Volatility
As third party organizations become more intertwined with critical business functions, there will be a need for closer attention to changing regulations, reputational risks, and security issues that can have an impact upon them. If this wasn’t enough — around the world, natural disasters are becoming more frequent and devastating — while the global trade system also faces more volatility. These issues will force organizations to find new ways to secure their supply chains. Volatility will continue to play a role — trade tensions, environmental concerns, geopolitical alliances, and increased regulatory and public scrutiny will push organizations to find new ways to prepare for and adapt to unpredictable situations.
- Internal Audit Action: Audit professionals will need to keep increased corporate accountability and new regulatory requirements top of mind as they work to help organizations to address potential issues and the rising cost to organizations for compliance failures.
Many macroeconomic, strategic, and operational risks may not be within your organization’s control. By focusing on the risk areas mentioned, high performing internal audit teams provide tremendous value to organizations and help ensure strategic decision-making is built around a strong risk culture. This helps organizations prepare for challenges and also equip them to take advantage of opportunities.