• About us
  • Raising the Bar
  • Raising your Game
  • The Extra G - Geopolitical
  • Risk Matters - Roundtables
  • Leadership Team
  • Events
  • Blog
  • Contact
  • Menu

The Risk Coalition

  • About us
  • Raising the Bar
  • Raising your Game
  • The Extra G - Geopolitical
  • Risk Matters - Roundtables
  • Leadership Team
  • Events
  • Blog
  • Contact

Boards, risk professionals and internal audit must work together to navigate the ‘perfect storm’ of high-impact interlocking risks urges Chartered IIA

December 13, 2022

Amid the ongoing aftermath of the pandemic, Russia's invasion of Ukraine has exacerbated supply chain failures, caused a spike in energy prices, fuelled inflation that has reached a 40-year high and led to higher interest rates.  Furthermore, the Bank of England's recent announcement that the UK may be in the midst of its longest recession since records began, further adds to the long list of concerns for businesses to grapple with.

This backdrop means that internal audit, risk professionals and boards alike are facing a ‘perfect storm’ of interlocking risks as revealed in the Chartered Institute of Internal Auditors (Chartered IIA) Risk in Focus 2023 report.  In partnership with thirteen other Institutes of Internal Auditors across Europe, this annual report examines the risks faced by organisations, and this year received a record-breaking 834 responses from Chief Audit Executives (CAEs) in all sectors of the economy across Europe.

The 2023 report saw Cybersecurity (82%) topping the risk poll for the fifth year in a row, with 82% of Chief Audit Executives citing it a top five risk.  However, this year's most dynamic rising threat to watch out for is Geopolitical and Macroeconomic Uncertainty with 42% citing this as a top five risk, rising four positions from the seventh most severe risk last year, to third place this year.

Despite its rising prominence and severity, the Chartered IIA found only around one in ten businesses (8.15%) are spending any major time or effort auditing the impacts of this risk on their organisation.  With the war in Ukraine raging on, as well as growing tensions between the West and China, the Chartered IIA is alarmed by the gap between awareness and action taken on this and is urging internal audit, risk professionals and boards to act now to mitigate the risk of further unforeseen major geopolitical disruption in the future.

At the same time, businesses are wrestling with an increasingly weaponised cyber-attack landscape as well as major recruitment and retention challenges.  Meanwhile, the climate emergency threatens to snowball into the next big crisis unless organisations prepare now for the impacts of climate change, with extreme weather events like the record-breaking heatwave this summer, likely to be the new normal in the future.

Human Capital, Diversity and Talent Management was cited a top five risk by half of respondents, up from fourth biggest risk last year to second biggest risk this year.  Meanwhile Digitalisation and Artificial Intelligence was cited by 38% a top five risk and 37% cited Climate Change a top five risk, marking the fifth year in a row it has moved up the risk rankings.

Chart: The top five risks that organisations face (Chartered IIA - Risk in Focus 2023)

Considering these risks, what should internal audit, risk professionals and boards do to navigate more risky, uncertain and volatile times ahead? The Chartered IIA is encouraging risk professionals and boards to look to their internal audit function for support.  Risk in Focus 2023 sets out a series of recommendations for how organisations can tackle these risks including:

  • Risk professionals and boards should work with their internal audit functions to assess whether the assumptions the organisation has made about the nature of key risk areas are still valid today and fit for the circumstances likely to arise in 2023.

  • Risk professionals and boards should work with their internal audit function to focus on systemic risks that create vulnerabilities in many parts of the organisation simultaneously and ensure risk assessment and risk management efforts provide the board with clear oversight of such risks.

  • Risk professionals and boards should work with their internal audit function to assess whether the organisation has effective and timely mechanisms in place to spread information on new cyber threats, countermeasures, and advice throughout the business.

  • Risk professionals and boards should work with their internal audit functions to better understand the company’s goals and maturity on climate-related sustainability and assess how far this is reflected in the business and action plans on different levels.

  • Risk professionals and boards should work with their internal audit function to evaluate whether the organisation’s human resources strategies are aligned with its vision and mission and whether they are suitable for these times of scarcity when it is key to attract and retain employees within the organisation.

Internal audit, risk professionals and boards should stop thinking of these sudden, systematic organisation-wide risks as ‘Black Swan’ events.  Instead, they should view them as interconnected components of a continuous storm that will sweep through Europe in 2023 and beyond.  As such, internal audit, risk professionals and boards must rapidly adapt and get a grip on these ever-changing risks. If ever there was a time for internal audit and risk professionals to step up it is now.

The Chartered IIA’s ‘Risk in Focus 2023’ report and board briefing is available to download here. Emma Ekpo is Policy and External Affairs Coordinator at the Chartered Institute of Internal Auditors

Tags: Emma Ekpo, Gavin Hayes
Prev / Next

Blog

Featured
Apr 15, 2025
Vera Cherepanova
The future of ESG: navigating a fragmented landscape
Apr 15, 2025
Vera Cherepanova
Apr 15, 2025
Vera Cherepanova
Mar 6, 2025
Mo Warsame, Gavin Hayes
Internal audit and risk management must work together to navigate uncertainty
Mar 6, 2025
Mo Warsame, Gavin Hayes
Mar 6, 2025
Mo Warsame, Gavin Hayes
Sep 4, 2024
Polly Williams, Mia Harris
Three key threats of phishing to be aware of
Sep 4, 2024
Polly Williams, Mia Harris
Sep 4, 2024
Polly Williams, Mia Harris
Aug 25, 2024
Felix Ritchie
Principles versus rules in data and corporate governance
Aug 25, 2024
Felix Ritchie
Aug 25, 2024
Felix Ritchie
Jul 16, 2024
Jane Hunter, Mia Harris
How can you maintain high standards in your business without suffering burnout?
Jul 16, 2024
Jane Hunter, Mia Harris
Jul 16, 2024
Jane Hunter, Mia Harris
Jun 2, 2024
Afshan Moeed
Enforcement of individual accountability in UK banking: a new boardroom recipe for change or continuity?
Jun 2, 2024
Afshan Moeed
Jun 2, 2024
Afshan Moeed
May 28, 2024
Craig Morris, Mia Harris
Three exciting new developments for AI in 2024 that you need to know about
May 28, 2024
Craig Morris, Mia Harris
May 28, 2024
Craig Morris, Mia Harris
May 24, 2024
Stefan Hunziker
The stuff of nightmares: risk management is shut down, and nobody notices
May 24, 2024
Stefan Hunziker
May 24, 2024
Stefan Hunziker
Mar 20, 2024
Neil Tinegate
What should boards know about digital technology?
Mar 20, 2024
Neil Tinegate
Mar 20, 2024
Neil Tinegate
Mar 15, 2024
Francis Kean
The insolvency risk for company directors - are you swimming naked?
Mar 15, 2024
Francis Kean
Mar 15, 2024
Francis Kean
Feb 29, 2024
Andy Watkins-Child
Are you sitting comfortably?  Cyber risk, board attestations and the implications for NEDs
Feb 29, 2024
Andy Watkins-Child
Feb 29, 2024
Andy Watkins-Child
Oct 24, 2023
Mamun Madaser
Risk management and internal audit should collaborate to navigate the poly-crisis of risk
Oct 24, 2023
Mamun Madaser
Oct 24, 2023
Mamun Madaser
Oct 18, 2023
Jim Watson
How to mitigate the risk of cyber security breaches – part 2
Oct 18, 2023
Jim Watson
Oct 18, 2023
Jim Watson
Oct 13, 2023
Nisha Sanghani
Risk management and internal controls: much (needed) work to do as a result of the proposed changes to the UK Corporate Governance Code
Oct 13, 2023
Nisha Sanghani
Oct 13, 2023
Nisha Sanghani
Oct 9, 2023
Jim Watson
How to mitigate the risk of cyber security breaches – part 1
Oct 9, 2023
Jim Watson
Oct 9, 2023
Jim Watson