The war in Ukraine, the cost-of-living crisis, looming recession and the climate emergency are conspiring to create a perfect storm of high-impact risks for business, throwing many into a permanent state of crisis, a new survey warns.
The Risk in Focus 2023 research report identifies the top risks facing organisations for the year ahead based on a poll of 834 chief audit executives (CAEs) conducted by the Chartered Institute of Internal Auditors (IIA).
Cybersecurity tops the annual business risk survey for the fifth year running, with 8 in 10 of the 834 CAEs citing it a top five risk, reflecting the rapidly weaponised cyber attack landscape.
Half cite human capital, diversity, and talent management a top five risk making it the second biggest risk faced by organisations, up two positions from fourth place last year – reflecting the severe recruitment and retention challenges facing organisations.
Meanwhile, geopolitical and macroeconomic uncertainty is the risk that has increased in severity the most according to Chief Audit Executives, elevating it from 7th to 3rd place in the risk rankings, marking a 44% year-on-year increase. And yet, despite the severity of this risk 92% of respondents say they are not spending major time or effort auditing the impacts of this risk on their business.
As the war in Ukraine rages on, it is accompanied by a resulting spike in global energy prices, soaring inflation, and growing tensions between the West and China, but the gap between awareness and action taken on this rising risk is alarming. Business leaders are being urged to act now to mitigate the risk of further unforeseen major geopolitical disruption in the future.
Changes in laws and regulations were cited as a top five risk by 44% of respondents, slightly down from 46% a year ago. Digital disruption, new technology and AI was cited by 38%, down from 45% and moving it from third to fifth biggest risk, as the aftermath of the COVID-19 pandemic and the war in Ukraine continue to push it down the risk rankings.
Rocketing inflation, pressure to increase pay, and supply chain disruption may mean that in 2023 many businesses do not have the funds to carry out their digitalisation plans.
And with record-breaking temperatures recorded across Europe this summer, 37% of CAEs now cite climate change as a top five risk, compared to 31% last year – marking the fifth year in a row that this risk has risen in the rankings.
John Wood, IIA Chief Executive, said: “Bearing in mind the perfect storm of high-impact interlocking risks combined with a looming recession and an accelerating cost-of-living catastrophe, we are urging businesses to harness their internal audit functions to navigate more risky, uncertain, and volatile times ahead.”
Gavin Hayes, Head of Policy and External Affairs at the IIA, said organisations should ensure risk assessment and risk management efforts provide the board with clear oversight of such risks.
“Boards and internal audit should also ask themselves whether the assumptions they have made about the nature of key risks are still valid today and fit for the circumstances likely to arise in 2023. With more risky, uncertain and turbulent times ahead it is vital that boards ensure they are prepared for further unforeseen disruptive risk events, internal audit has a vital role to play in supporting these efforts.”
The Risk in Focus report sets out a series of recommendations for how boards should work with their internal audit functions to tackle these risks. They include assessing whether the assumptions the organisation has made about the nature of key risk areas are still valid today and fit for the circumstances likely to arise in 2023.
Organisations should also ensure they have effective mechanisms in place to spread information on new cyber threats and countermeasures throughout the business. They should also make sure that goals and maturity on climate-related sustainability are reflected in the business and action plans on different levels.
The top 10 risks for Risk in Focus 2023
- Cybersecurity and data security (82%)
- Human capital, diversity and talent management (50%)
- Macroeconomic and geopolitical uncertainty (46%)
- Change in laws and regulations (44%)
- Digital disruption, new technology and AI (38%)
- Climate change and environmental sustainability (37%)
- Business continuity, crisis management and disasters response (36%)
- Supply chain, outsourcing and ‘nth’ party risk (34%)
- Financial, liquidity and insolvency risks (28%)
- Organisational governance and corporate reporting (25%)
Read the IIA’s Board briefing on the survey results.
Cybercrime Awareness Month 2022
ICAEW marks the global Cyber Security Awareness month with a series of webinars, videos, podcast, a panel discussion and other resources addressing cybercrime and how to protect your business. We will focus on the latest trend as well as supply chain risks and concerns.