During Audit & Beyond, AuditBoard’s second annual user conference, more than five thousand audit, risk, and compliance professionals virtually convened for two days to discuss the dynamic state of risk in 2020 and its associated challenges, as well as opportunities to meet those challenges and deliver more valuable outcomes for the business this year and in the year ahead. In a series of surveys AuditBoard conducted throughout the conference sessions,* we found that the majority of those surveyed believe risk will continue to be dynamic and unpredictable in 2021 and beyond. 

In light of recent events such as the COVID-19 pandemic crisis, economic uncertainty, and the mass shift to remote working, survey respondents predict the most pressing risks for businesses in 2021 will be economic conditions impacting growth (27.6% of respondents) and cybersecurity threats (27% of respondents). Secondary to these risks, respondents expect business continuity/crisis response (12.8%), data/privacy protection (9%), and fraud (8%) will also be significant risks continuing into 2021. 

With regards to economic risks expected to have the most significant impact on business in the next 3 years, the majority surveyed believe the pandemic (23.1%), macroeconomics (20.3%), and the data revolution (18.3%) will have the most influence on business performance and decisions. 

Regarding cybersecurity risk, over 70% surveyed indicate that they have had a cybersecurity incident recently, and over 20% have had an incident that resulted in significant deficiency or material weakness. 

The Long-Term Technological Impact of 2020

Over one-third (35%) of those surveyed believe the most significant challenge audit teams face due to the 2020 pandemic is Technology, second to Finance (26.1%), underscoring the importance of technology in enabling business continuity and collaboration in a remote business environment. Significantly, nearly two-thirds (59%) of survey respondents report their teams will have the option to work remotely for all or part of the workweek once quarantines lift. 7.5% said they expect their team will work 100% remote on a permanent basis, highlighting the long-term impact the pandemic has made in fundamentally altering organizational approaches to remote work and telecommuting. 

50% of survey respondents report their current use of audit management solutions and GRC software has increased since January 1, 2020, with 37% reporting it has stayed at the same level, indicating that technology has become more critical to helping the audit function perform its essential activities and communicate internally and with audit stakeholders during this period. 

Regarding Sarbanes-Oxley (SOX), a majority (53.2%) of survey respondents are currently leveraging audit management software to manage their SOX compliance programs. 

Industry Professionals Are Embracing Change to Thrive

In addition to making long-term changes to their technological strategy, organizations are embracing a theme of change when it comes to overall business strategies and objectives. Nearly 80% of professionals polled have made changes to their business strategy in 2020: 43.1% of respondents report their business revised their strategy by making moderate changes, 29.3% of respondents report their business redirected its strategy in targeted areas while keeping their base strategy constant, and 7.1% of respondents report their business has increased its focus on strategy by making significant, broad-ranging changes. 

Room for Improvement: Maturing Enterprise Risk Management Practices

The surveys also reveal organizations are increasingly relying upon audit professionals to help the business identify and manage emerging risks. More than half (55%) of those surveyed state that internal audit has been involved in discussions of risk and response to the crisis, and nearly half (44%) state that communications with audit committees will increase slightly or significantly moving forward. In addition, 84.3% of respondents are likely to expand their risk assessment to new areas or processes to mitigate additional pandemic-related risks. Yet, these findings simultaneously reveal that the opportunity is ripe for audit professionals to gain a seat at the table by playing a more critical role in maturing risk management practices. 

Of the attendees surveyed, only 16.1% report having an advanced maturity enterprise risk management program that provides input into daily decision-making processes as well as internal audit planning. Most survey respondents (52.7%) have mid-level maturity ERM programs that assist in internal audit planning, but not other decision-making. 

The solution to providing more valuable risk insights that impact decision-making is to increase the frequency of risk assessments and advance the overall methodologies and systems for performing risk management. Fittingly, this aligns with the top three priorities for risk management in the coming year, which respondents identified as:

  1. Increase focus on strategic risks (24.6%) 
  2. Enhance the quality, availability, and timeliness of Risk Data (24.5%)
  3. Identify and manage new and emerging risks (23.8%)

Ultimately, these results point to the urgent need for audit, risk, and compliance functions to continue to strengthen enterprise risk management practices, build flexible and agile audit and compliance programs that can easily pivot to prioritize the most important, value-add work during shifting conditions, and coordinate closely with one another by moving toward combined assurance. To learn how AuditBoard can help your organization streamline its risk management, audit, and compliance programs in 2021, request a personalized walkthrough below. 

Survey Methodology

Attendees were presented with different sets of survey questions at select conference keynotes. As a result, the sample size of respondents varies from question to question. The percentages above represent the portion of attendees who responded a given way to a given question. Sample sizes for all response sets range from 700 to 2100 respondents.