Internal auditors are facing a host of risks during the COVID-19 pandemic in business continuity, crisis management, cybersecurity and other areas, according to a new report. Other risks discussed in the report include sustainability, disruptive innovation, economic and political volatility, third-party risks, board information, data governance, talent management, and culture.
"This is the second year we have done this survey," said IIA president and CEO Richard Chambers. "The most revealing headline was that boards thought their organization was in a lot better position to address risk than management. This year, the COVID-19 pandemic exposed risks to business continuity and crisis management in particular. "The most revealing insight was that COVID and the aftermath is front and center in how management, boards and auditors are seeing risks in their organizations," said Chambers.
"Business continuity and crisis management are very high on their list of the key risks. Two years do not make a trend, but it does not surprise me that there is closer alignment between management and auditors on the risks their companies are facing. From that standpoint, COVID and the crisis we are facing with the pandemic has allowed for management and auditors to see risks in much the same way". Talent management and innovation are seen as big risks by management. "Management has insights into the risks they face, but I also recognize that management is not always forthcoming about the risks they face because it could be a reflection on how well they are managing," said Chambers.
"You cannot always get a candid assessment". That is why it's especially important for internal auditors to keep corporate boards informed about such risks. "I have always been one who believes that internal auditors can be the eyes and ears for the board when they are not around," said Chambers. Cybercriminals can also take advantage of the remote access if it is not secured. "When the workforce is distributed, people are working from home, and people are not as careful with the data they are sharing," said Chambers.
The IIA issued the report at a time when many internal audit teams are making their audit plans for next year. "We think it will be very revealing to them and a good source of information as they look at their own risks in their companies," said Chambers.
Credit: Michael Cohn for accountingtoday.com (November, 2020)