Amid the ongoing aftermath of the pandemic, Russia's invasion of Ukraine has exacerbated supply chain failures, caused a spike in energy prices, fuelled inflation that has reached a 40-year high and led to higher interest rates. Furthermore, the Bank of England's recent announcement that the UK may be in the midst of its longest recession since records began, further adds to the long list of concerns for businesses to grapple with.
This backdrop means that internal audit, risk professionals and boards alike are facing a ‘perfect storm’ of interlocking risks as revealed in the Chartered Institute of Internal Auditors (Chartered IIA) Risk in Focus 2023 report. In partnership with thirteen other Institutes of Internal Auditors across Europe, this annual report examines the risks faced by organisations, and this year received a record-breaking 834 responses from Chief Audit Executives (CAEs) in all sectors of the economy across Europe.
The 2023 report saw Cybersecurity (82%) topping the risk poll for the fifth year in a row, with 82% of Chief Audit Executives citing it a top five risk. However, this year's most dynamic rising threat to watch out for is Geopolitical and Macroeconomic Uncertainty with 42% citing this as a top five risk, rising four positions from the seventh most severe risk last year, to third place this year.
Despite its rising prominence and severity, the Chartered IIA found only around one in ten businesses (8.15%) are spending any major time or effort auditing the impacts of this risk on their organisation. With the war in Ukraine raging on, as well as growing tensions between the West and China, the Chartered IIA is alarmed by the gap between awareness and action taken on this and is urging internal audit, risk professionals and boards to act now to mitigate the risk of further unforeseen major geopolitical disruption in the future.
At the same time, businesses are wrestling with an increasingly weaponised cyber-attack landscape as well as major recruitment and retention challenges. Meanwhile, the climate emergency threatens to snowball into the next big crisis unless organisations prepare now for the impacts of climate change, with extreme weather events like the record-breaking heatwave this summer, likely to be the new normal in the future.
Human Capital, Diversity and Talent Management was cited a top five risk by half of respondents, up from fourth biggest risk last year to second biggest risk this year. Meanwhile Digitalisation and Artificial Intelligence was cited by 38% a top five risk and 37% cited Climate Change a top five risk, marking the fifth year in a row it has moved up the risk rankings.
Chart: The top five risks that organisations face (Chartered IIA - Risk in Focus 2023)
Considering these risks, what should internal audit, risk professionals and boards do to navigate more risky, uncertain and volatile times ahead? The Chartered IIA is encouraging risk professionals and boards to look to their internal audit function for support. Risk in Focus 2023 sets out a series of recommendations for how organisations can tackle these risks including:
Risk professionals and boards should work with their internal audit functions to assess whether the assumptions the organisation has made about the nature of key risk areas are still valid today and fit for the circumstances likely to arise in 2023.
Risk professionals and boards should work with their internal audit function to focus on systemic risks that create vulnerabilities in many parts of the organisation simultaneously and ensure risk assessment and risk management efforts provide the board with clear oversight of such risks.
Risk professionals and boards should work with their internal audit function to assess whether the organisation has effective and timely mechanisms in place to spread information on new cyber threats, countermeasures, and advice throughout the business.
Risk professionals and boards should work with their internal audit functions to better understand the company’s goals and maturity on climate-related sustainability and assess how far this is reflected in the business and action plans on different levels.
Risk professionals and boards should work with their internal audit function to evaluate whether the organisation’s human resources strategies are aligned with its vision and mission and whether they are suitable for these times of scarcity when it is key to attract and retain employees within the organisation.
Internal audit, risk professionals and boards should stop thinking of these sudden, systematic organisation-wide risks as ‘Black Swan’ events. Instead, they should view them as interconnected components of a continuous storm that will sweep through Europe in 2023 and beyond. As such, internal audit, risk professionals and boards must rapidly adapt and get a grip on these ever-changing risks. If ever there was a time for internal audit and risk professionals to step up it is now.
The Chartered IIA’s ‘Risk in Focus 2023’ report and board briefing is available to download here. Emma Ekpo is Policy and External Affairs Coordinator at the Chartered Institute of Internal Auditors