Boards must harness internal auditors as essential assets to help them manage a burgeoning, economic ‘poly-crisis,’ according to a recent report from the European Confederation of Institutes of Internal Auditing (ECIIA).
The report Risk in Focus 2024: Hot Topics for Internal Auditors, published in September, warns of a “perfect storm of interlocking risks” that requires businesses to put an “unwavering focus” on resilience and adopt a growth mindset to endure rising challenges.
“Growing geopolitical turmoil has weakened the bonds of globalisation that made the flow of goods, services and customer behaviour predictable,” it says.
Disruptive technologies such as artificial intelligence (AI) and blockchain are evolving at lightning speed, with the potential to overturn business strategies and operating systems, even as they seek to make improvements, the report warns. Meanwhile, staff and customers have “decoupled from traditional corporate values”, creating both an HR crisis and a scramble to understand changing market forces.
In the more immediate realm of cash-management woes, the report notes that Germany’s slide into recession following last year’s energy price shock has left some organisations with declining cash balances and higher net debt.
It stresses that corporates “must successfully steer through the ongoing poly-crisis if they are to thrive when conditions improve”.
‘Mired in compliance’
Compiled from a survey of almost 800 chief audit executives (CEAs), plus five roundtable events and 11 one-to-one interviews, the report pinpoints the main areas of concern that are preoccupying senior auditors amid the mounting turbulence.
Cyber and data security has retained its longstanding top position from previous editions of the report, with risk and internal audit effort well balanced at 84% and 79% respectively. While those percentages have apparently settled at pandemic-fuelled highs, the report notes that disruptive technologies such as AI could drive them even higher by 2027.
Human capital, diversity, talent management and retention Similarly, HR issues are holding on to their established slot of second place, as many businesses “find themselves out of sync with post-pandemic culture.” The report cites issues around people management as “vital” to tackle, as strategic goals and risk management both require a “broad and deep base of talent and skills for success.”
Macroeconomic and geopolitical uncertainty ties with changes in laws and regulations for the bronze medal. This year, weathering the effects of higher inflation and interest rates, along with the market changes they engender (now introduced as a brand new risk category) cuts across a range of critical areas, from financial liquidity and insolvency risk to business continuity and supply chain resilience.
While the risk area of climate change, biodiversity and environmental sustainability has slipped to seventh place, it is unlikely to remain there for long. Given the emergence of several major pieces of new regulation – including the EU’s Corporate Sustainability Reporting Directive – CAEs expect this risk category to be their third biggest by 2027. According to the report, if CAEs are to avoid being “mired in compliance”, maintaining a “strategic, entrepreneurial attitude” to sustainability will be key.
In eighth place, the report highlights supply chain, outsourcing and ‘nth party’ risk as an area in which dynamic, fast-moving, interconnected challenges – such as economic headwinds, deglobalisation, climate-related weather events and new regulations – make strategic and operational innovation essential.
Clear metrics
The report warns that tackling the poly-crisis will be hugely challenging for CAEs. “Not only are experienced, qualified people hard to attract and retain during a cost-of-living crisis, but the growing compliance effort is soaking up internal audit time just when it needs to focus more on building processes that can help engender success,” it says.
Amid this storm of challenges, it says: “CAEs must continue to work with boards to ensure the long-term sustainability of their organisations, at the same time as responding rapidly to immediate, fast-moving threats.” Showing courage while imparting advice, bravely initiating conversations in areas where answers don’t yet exist and collaborating across their entire businesses will be critical success strategies for CAEs going forward, the report notes.
With this in mind, it urges boards to:
Work together with internal auditors to build greater organisational resilience. That process should include testing risk and mitigation strategies, and carrying out exercises to identify interrelated risks that could otherwise remain hidden.
- Ensure that internal auditors evaluate the organisation’s cyber security awareness and training programmes and assess whether they are effective.
- Ask internal auditors whether the assumptions they have made in financial stress tests align with reality, and whether economic scenario and simulation exercises are alert to emerging risks.
- Harness the skills of internal auditors to assess whether the organisation’s values and objectives are not just aligned, but clearly communicated internally and externally to engage with existing and potential talent.
- Ask internal auditors to assess whether the company’s environmental sustainability goals support the broader business strategy and have clear metrics.
The Chartered Institute of Internal Auditors CEO, Anne Kiem OBE, says: “Our Risk in Focus research highlights the significant challenges businesses are facing given the velocity and variety of interconnected risks. With the economy still in a fragile state, boards will be focused on the increased climate-related pressures, geopolitical uncertainties, a dangerous cyber risk landscape, inflationary pressures and attracting and retaining the skills and talent needed to navigate more risky and volatile times ahead.
“In these unique and challenging times, boards and their internal auditors will need to respond rapidly to immediate, fast-moving threats and have an unwavering focus on resilience,” Kiem adds.
ICAEW Director, Corporate Governance and Stewardship, Peter van Veen says: “Internal audit plays a critical role in ensuring risk management processes are fit for purpose and aligned with the company’s strategy and its efforts to ensure business resilience.
“It is key for other functions – such as finance and HR – to do their bit to support the work of internal audit and ensure that any concerns raised are dealt with in a timely, adequate fashion and risks are mitigated. It is important that those functions also have regular dialogue with internal audit so it has a voice beyond the audit committee,” he adds.