The report Risks in Focus is an annual report published by the European voice of Internal Auditing (ECIIA). It consists of a survey among CAE:s from eight European countries as well as and in-debt interviews. The result is a list of “hot topics” for internal auditors. While the topics are not news in themselves, the report does give a unique internal audit perspective, helpful statistics and real-life examples.
The report lists ten different hot topics, here is a summary for each:
Cyber security & data privacy: rising expectations of internal audit
78 % of CAE:s in the survey cited it as one of the top five risks that their organisations face, 21 % singled it out as the top risk. New risks include the organisations’ expanding and fractured IT architecture, and migration to cloud platforms. Finding expertise to bolster internal audit’s cyber security capabilities remains a concern, something that might find its solution in co-sourcing and (partial) outsourcing.
The increasing regulatory burden
The European regulators are producing more and more legislation and the authorities are not afraid to enforce them. Adding secondary sanctions and extraterritoriality into the mix does not make it any less complicated. Key for internal audit is to maintain a risk-based approach manage the “blurring” between the compliance and internal audit functions. There is a legitimate assurance risk that internal audit’s capacity is being absorbed by mandatory compliance audits, undermining a true risk-based approach.
Digitalisation & business model disruption
58 % of CAE:s listed this as a top five and 18 % named it the number one risk. However, only 30 % of CAE:s reported that this is one of the top five areas where they spend most of their time and effort. Internal auditors should offer its unique risk-control perspective in the development of digital initiatives and assess the ability of the organisation to exploit digitalisation opportunities. With increasing digitalisation efforts, internal audit can add value by assessing the validity and functioning of agile controls – the trick is to do this without getting in the way of innovation.
Looking beyond third parties
“Outsourcing, supply chains and third-party risks” is a top five risk according to 36% of the CAEs.