No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Featured

Key Risk Themes for Internal Audit in 2017

by Malcolm Murray
February 27, 2017
in Featured, Internal Audit
hand pointing to caution sign

4 Areas Impacting the Entire Organization

Audit experts from CEB present the findings of the company’s annual Audit Plan Hot Spots report, which is based on interviews and surveys with more than 150 Chief Audit Executives.  This article outlines the major risks CAEs plan to track closely this year – both expected risks and new and surprising themes.

with co-author Barton Edgerton

For more than a decade, CEB has tracked the risks Chief Audit Executives (CAEs) watch closely. By interviewing and surveying CAEs at some of the world’s largest and most complex organizations, we’ve seen the way organizational risks have shifted over time.

Few risks are “easy” to manage. But while key risks in the past, such as financial misstatements, could often be addressed individually and largely managed through individual controls, today’s risks are multifaceted and interconnected. In fact, the risks CAEs are including on their audit plans in 2017 cover four broad themes that affect the entire organization. They have interdependencies between them and can only be addressed through coordinated remediation efforts. They include “diseconomies” of scale, digitization and the rapid proliferation of technology, volatility in the macro environment and heightened public scrutiny.

“Diseconomies” of Scale

Organizations today are larger than they were in the past, and although size brings organizations economies of scale, it also leads to greater complexity and an increased cost of coordinating activities. These so-called “diseconomies of scale,” or hidden costs of size, are often seen only by functions with a central viewpoint, such as audit. This year, they contribute to three risks CAEs are tracking: third-party relationships, strategic decision-making and execution and change fatigue.

Third-party relationships are a perennial risk, but one that continues to grow in importance. Third-party access to sensitive data and the lack of visibility into layers of third parties, often including a dense thicket of fourth and fifth parties, are key factors driving this risk as one to watch this year.

Size and complexity also make it more difficult to assimilate the right information for quick and effective strategic decision-making and execution. Core business activities, such as recruitment and procurement, now take on average 20 to 40 percent longer than five years ago. At the same time, large organizations change constantly. CEB found that the number of change events the average employee experiences toady has increased more than 70 percent since 2011. Executives expect this pace will only escalate, especially with high levels of M&A. This heightens the risk of employee change fatigue, which can lead to a 5 percent drop in productivity.

Given the fact that these risks aren’t often on management’s radar, audit should be sure to highlight them for senior leadership. From there, they should ensure the organization works toward establishing frameworks for third-party risk management and organizational effectiveness. Most organizations have plenty of room to improve – for instance, only 20 percent currently have an established or world-class third-party governance framework.

Digitization and the Rapid Proliferation of Technology

Every company is now a technology company, and the pace of technological innovation continues to increase. These technologies create opportunities for brand new industries like autonomous cars and augmented reality, but they also create risks for companies. Yet despite increasing awareness of cybersecurity and data risks, organizations are still underprepared to deal with new technologies – only half of data privacy functions say that their organizations are managing their data properly. Digitization and technology proliferation has led to a rise in external cybersecurity threats, internal cybersecurity vulnerabilities and risks related to the pace of innovation.

Our research shows that in addition to facing increasingly complex external cyberthreats, organizations are unknowingly making themselves more vulnerable. For instance, agile project management principles, now used pervasively, have less of a built-in focus on security than traditionally managed projects. Furthermore, organizations may open new internal cybersecurity vulnerabilities when connecting technology assets to the internet and to corporate IT systems.

Finally, large organizations have difficulty increasing their pace of innovation to capture the upside of digitization. Their efforts are often slowed by increased risk aversion resulting from years of cost-cutting – in fact, 77 percent of finance executives say there is currently more risk aversion in project funding.

To address these risks, Audit should keep the board adequately informed of new types of cyberthreats, review organizations’ IT governance frameworks and help map out organizationwide innovation efforts.

Volatility in the Macro Environment

The macro environment – the complex mix of political, social and economic forces in which firms operate – is facing seemingly unprecedented volatility. This volatility contributes to the risks of political uncertainty, strategic workforce planning and budgeting and forecasting.

Over the past year, political risk has spread from developing markets to developed markets. CAEs are now having to ask themselves how to incorporate a political dimension to audit planning and engagements. A variety of macro shifts also impact workforce planning. These include things like migration and immigration issues, automation and robotics and generational changes – areas where assurance functions have not historically focused, but where they are now forced to assess risk and controls.

Finally, macro volatility in global financial markets can disrupt planning efforts, and budgeting and forecasting often suffer. Organizations can experience swings in earnings of 2 percent from FX volatility and stand to lose 20 percent of their growth potential due to inefficient budgeting processes.

Audit can help organizations mitigate these risks by highlighting elements of political risk to management during audit engagements, partnering with HR to evaluate the impact of demographic shifts on strategic plans and reviewing the effectiveness of financial planning processes.

Heightened Public Scrutiny

The fourth risk theme for 2017 is both a force in its own right and a consequence of the three earlier themes. The increase in company size and complexity, rise of digital technology and macroeconomic shifts mean that organizations are facing an unprecedented amount of scrutiny from the public, be it regulators, consumers or bodies such as the OECD.

The risks under the heightened public scrutiny theme – data privacy, international tax planning and organizational sustainability – neatly demonstrate the wide range of demands on global organizations. As regulations come into place, audit departments often have to scramble to check their organizations’ readiness for everything from international frameworks such as the OECD’s BEPS (for international tax planning) and the EU’s upcoming General Data Protection Regulation (for data privacy) to demands from shareholders for sustainable practices in supply chains.

Given its position in the company, audit should take a bigger role in proactively ensuring sufficient planning for upcoming regulatory changes takes place across departments and that emerging issues among stakeholders are pre-emptively addressed.

The Challenge and Opportunity for Internal Audit

These wide-ranging risks vastly increase the difficulty for CAEs to provide comprehensive assurance to the board. At the same time, they present a great opportunity for audit to leverage its unique holistic view of the organization and long history of evidence-based guidance to spot risks earlier and find systemic risk trends that help fulfill their mandate.


Tags: Third Party Risk Management
Previous Post

Why You Really Need to Pay Attention to Money-Laundering Risks

Next Post

New Report from LRN Reveals Where Companies’ E&C Programs are Lacking

Malcolm Murray

Malcolm Murray

Malcolm Murray is Research VP and Fellow at Gartner. He works with heads of Audit at Fortune 500 companies to better leverage data analytics, automation and other assurance functions to drive actionable change within their organizations. A Chartered Financial Analyst, originally from Stockholm, Sweden, Malcolm holds an M.Sc. in Business and Economics from the Stockholm School of Economics, an MBA from INSEAD and a Master of International Management from HEC in Paris.

Related Posts

credit score gauge

Sales at All Costs? Unified Credit Risk Management Can Squash Bad Deals Before They Happen

by Matthew Debbage
March 15, 2023

The collapse of a business doesn’t usually happen all at once. There are warning signs. Late payments, legal filings and...

ProcessUnity Unify Third Party Risk and Cybersecurity Whitepaper-f

Unify Third Party Risk & Cybersecurity for Sustainable Resiliency

by Corporate Compliance Insights
March 14, 2023

Align risk reduction efforts by bringing together third-party and cybersecurity functions White Paper Unify Third-Party Risk & Cybersecurity for Sustainable...

risk cliff

Gartner: 84% of Enterprise Risk Management Teams Have Overlooked a Third-Party Issue

by Staff and Wire Reports
February 21, 2023

A staggering eight in 10 executive risk committee members say their organizations have experienced operations disruptions due to a third-party...

thread needle

Regulatory Clarity Is Coming, But Companies Still Need to Thread the Needle on ESG

by Dean Alms
February 15, 2023

A handful of ESG-related regulations are in the works or go into effect in 2023 targeting global supply chains. Despite...

Next Post
New Report from LRN Reveals Where Companies’ E&C Programs are Lacking

New Report from LRN Reveals Where Companies' E&C Programs are Lacking

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT