ESG is similar to another topic from not too long ago. Cybersecurity has been identified as a key risk area for several years. In late 2017, most internal auditors considered cyber as a high risk area (see 2018 IIA Pulse report), but devoted less than 10% of their effort to it. Since then, cyber risk is proving to be one of the largest issues for many organizations to handle. Internal audit saw the risk years ago, but spent very little time on it. Let’s not let this happen again with ESG.