logo-newlogo-newlogo-newlogo-new
  • Home
  • Blog
  • Audit Trail Academy
  • Advisory Services
  • Books
✕
  • Home
  • Chambers on Internal Audit
  • Internal Audit Trends and Priorities
  • New European IIA Report Offers Internal Auditors an Early Glimpse Into 2023

New European IIA Report Offers Internal Auditors an Early Glimpse Into 2023

Recession Clouds Are Forming – What Should Internal Audit Do To Get Ready?
September 15, 2022
Internal Auditors – Beware of Your Own Ethical Lapses
September 26, 2022
September 20, 2022

Each year, internal auditors can draw on a series of reports to augment their perspectives on the risks that are expected to confront their organizations in the months and years ahead. The first of these reports is the annual “Risk in Focus: Hot Topics for Internal Auditors,” compiled annually by the European Confederation of Institutes of Internal Auditors (ECIIA), and it never disappoints! The “2023 Risk in Focus” report was just released and, once again, it’s a must-read resource for internal auditors who are preparing to undertake their annual risk assessment and audit planning process.

While I strongly advocate a methodology for continuously monitoring risks and maintaining and refreshing a dynamic audit plan, I know that undertaking an annual risk assessment that fosters an initial calendar year audit plan is still the most common approach. For that reason, now is the time when CAEs and their teams are rolling up their sleeves to initiate the process for 2023.

The “2023 Risk in Focus” report is a collaboration of 14 IIA bodies in Europe and based on a survey of 834 CAEs from across the continent. In addition to the survey, roundtables were hosted with 39 CAEs and interviews were conducted with nine subject matter experts, including CAEs, audit committee chairs and a range of industry experts. Findings from that research provide valuable insights into how risk-induced disruptive events have impacted organizations. More importantly, the effort provides indications on risks that may lie ahead.

As the report aptly conveys, “Now a state of crisis is the new normality. Climate-related natural disasters, looming recession, an accelerating cost of living catastrophe in Europe, food shortages, employee welfare and skills deficits, and a rapidly industrializing cyberattack landscape are overlaid by intensifying geopolitical tensions and the very real threat of financial liquidity and solvency risks for businesses.”

As the sun begins to set on 2022, the report notes, “Internal auditors need to get a rapid grip on this situation and support their organizations to navigate more risky, uncertain and volatile times ahead. Instead of thinking about what individual risks might arise over the next year or two, chief audit executives need to be thinking over the coming decade. And be thinking big. How would we survive an overnight, permanent supply chain break with China? How would we cope if inflation hit 25% and stayed there, as it did in the 1970s? Are we prepared for the sudden, permanent increase in temperatures in every area in which we operate? Are we in a position to understand and help our clients and staff with the stresses and strains they face over the coming months and years?”

When looking ahead at 2023, the survey’s respondents provided an early window into 15 risks they believe their organizations will face. The top 5 are projected to be:

  • Cybersecurity and data security
  • Human capital, diversity, and talent management
  • Macroeconomic and geopolitical uncertainty
  • Changes in laws and regulations
  • Digital disruption, new technology and AI

Not surprisingly given the events of 2022, “macroeconomic and geopolitical uncertainty” is new to Top 5 compared with 2022, pushing “business continuity, crisis management and disasters response” down to seventh place. As is often the case when surveys such as these are conducted, the Top 5 risks are not always the top areas of focus in internal audit’s plan. The survey found that the Top 5 areas of focus in internal audit’s 2023 plans are likely to be:

  • Cybersecurity and data security
  • Organizational governance and corporate reporting
  • Changes in laws and regulations
  • Financial, liquidity and insolvency risks
  • Business continuity, crisis management and disasters response

As I often observe, gaps between an organization’s risks and internal audit’s coverage should be approached with a degree of caution. For example, “human capital, diversity and talent management” was seen as the second-highest risk facing organizations, but it comes in 10th in projected internal audit coverage. My fear is the difference reflects a lack of comfort for internal auditors in tackling non-traditional risks, such as human capital. It’s simply easier to audit the areas we know, but this can lead to potentially disastrous “where were the internal auditors?” moments.

While I found the projections of risks and audit coverage for 2023 to be very valuable, the most fascinating revelations in the report were once again the projections of where internal audit’s focus is likely to be three years beyond – in 2026:

  • Cybersecurity and data security
  • Digital disruption, new technology and AI
  • Business continuity, crisis management and disasters response
  • Climate change and environmental sustainability
  • Changes in laws and regulations

The most significant change in the three-year outlook from last year’s report is the swift (and long overdue) emergence of “climate change and environmental sustainability” on internal audit’s projected radar. The report offers valuable advice for CAEs on the risks that climate change presents and the role internal audit should play. It includes a call-to-action of seven ways internal auditors can help their organizations in the face of this critical risk.

Given the events of the past few months, it is not surprising that this year’s “Risk in Focus” also deals extensively with geopolitical risks, particularly the ongoing war in Ukraine. As the report notes, “The war in Ukraine took many by surprise, including those with deep commercial interests in the region.” Survey respondents were asked which risks the war in Ukraine had impacted the most in 2022:

  • Macroeconomic and geopolitical uncertainty
  • Cybersecurity and data security
  • Business continuity, crisis management and disasters response
  • Supply chain, outsourcing and “nth” party risks
  • Financial liquidity and insolvency risks

The 48-page report has a wealth of insight and key takeaways for internal auditors. The only way to truly appreciate it is to read it cover to cover. I urge all of my readers to put it at the top of your to-do list.

I welcome your thoughts.

Share

Related posts

March 20, 2023

New Report Reveals Surprising Insights from Internal Audit Executives


Read more
March 13, 2023

New IIA Report Is a Timely Benchmarking Resource for Internal Auditors


Read more
December 8, 2022

Here Comes 2023! What’s Keeping the C-suite Awake?


Read more

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

What’s Trending

03-20-23

New Report Reveals Surprising Insights from Internal Audit Executives


03-13-23

New IIA Report Is a Timely Benchmarking Resource for Internal Auditors


03-02-23

6 Things Audit Committee Members Often Won’t Say to Internal Audit


Read More

Archive

  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • February 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
  • February 2016
  • January 2016
  • December 2015
  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • May 2015
  • April 2015
  • March 2015
  • February 2015
  • January 2015
  • December 2014
  • November 2014
  • October 2014
  • September 2014
  • August 2014
  • July 2014
  • June 2014
  • May 2014
  • April 2014
  • March 2014
  • February 2014
  • January 2014
  • December 2013
  • November 2013
  • October 2013
  • September 2013
  • August 2013
  • July 2013
  • June 2013
  • May 2013
  • April 2013
  • March 2013
  • February 2013
  • January 2013
  • December 2012
  • November 2012
  • October 2012
  • September 2012
  • August 2012
  • July 2012
  • June 2012
  • May 2012
  • April 2012
  • March 2012
  • February 2012
  • January 2012
  • December 2011
  • November 2011
  • October 2011
  • September 2011
  • August 2011
  • July 2011
  • June 2011
  • May 2011
  • April 2011
  • March 2011
  • February 2011
  • January 2011
  • December 2010
  • October 2010
  • September 2010
  • August 2010
  • July 2010
  • June 2010
  • May 2010
  • April 2010
  • March 2010
  • February 2010
  • January 2010
  • December 2009
  • November 2009
  • October 2009
  • September 2009
  • August 2009
  • July 2009
  • June 2009
  • May 2009
  • April 2009
  • March 2009
  • February 2009

Contact Us

PO Box 1441
New Smyrna Beach, FL 32170

+1-407-463-9389
rchambers@richardchambers.com

About AuditBeacon.com

AuditBeacon.com is a resource center for internal auditors and risk professionals from around the world. In addition to more than 500 blogs authored by Richard Chambers, the site includes links to news and insights on internal audit and other information that illuminates the value of this important profession. AuditBeacon.com is provided as a service by Richard F. Chambers and Associates, LLC.

Copyright © 2023 Richard F. Chambers & Associates. All Rights Reserved.
  • Home
  • Blog
  • Audit Trail Academy
  • Advisory Services
  • Books