Some examples of key risks to be considered include:
Digitalization, Industry 4.0 & the Internet of Things: Increasing investments in digitalization is driving a new form of business transformation, referred to as Industry 4.0. Benefits (i.e. efficiency) must be balanced against risks (i.e. data security) in the business plan. IA can provide assurance to the Board if the digitalization business plan is on track and meets targeted objectives of transformation.
Cloud Computing (CC): Cloud computing services are being widely adopted due to their flexible delivery models, scalability and customization. Alongside potential benefits, organizations must also consider increased risks relating to data security and regulations or exposure to the risks faced by the cloud vendors themselves. IA can provide assurance in auditing i.e. the CC concept, the implementation and roll-out project or the compliance of SLA agreements with IT security standards.
Cybersecurity: A KPMG Switzerland Survey of 60 companies found that 42% of respondents suffered from successful cyberattacks which resulted in financial losses. 82% of cyber response plans do not cover incidents such as attacks against suppliers or business partners and 44% of respondents have no instruments to enforce their control framework on their suppliers. IA can provide assurance along the lines of Penetration (PEN)-testing, concept review and roll-out, long-term sustainability of the program etc.
EU General Data Protection Regulation (EU-GDPR): The EU-GDPR is the biggest change to privacy and data protection requirements in recent history. It introduces a range of new requirements for data protection to which organizations need to comply to. IA can provide assurance in assessing the level of compliance, the completion of the roll-out and long-term sustainability of the internal EU-GDPR program.
Treasury Management: Due to the development of increasingly sophisticated payment systems; the introduction of new technology in payment processing (e.g. Blockchain and Instant Payments) and new financial market regulations such as FMIA, the role of Group Treasury is evolving towards that of a strategic business partner. To provide assurance over the expanding role of Group Treasury, IA can conduct independent reviews over financial risk management processes, payment systems, cash management and banking relationships.
Net working capital management (NWC): The effective management of NWC is a key measure of financial maturity. Whilst efficiency of NWC has long been a key success measure, growing focus may also be linked to increasing financing costs due to poor solvency ratios of many organizations and growing pressure to meet market analysts’ expectations. IA can provide assurance in conducting an initial assessment of the relevant indicators and variables that impact the NWC, how it is managed/processed and what checks and balances are in place.
Digitalization, cloud computing, cyber security, EU-GDPR, net working capital management, business continuity and crisis response are but a few of the trending, emerging topics that can represent significant risks and under-utilized opportunities within an organization.
To read more, please refer to our publication 20 key risks to consider by Internal Audit before 2020.