Internal Audit functions around the world are continuing to expand their impact and influence through the delivery of assurance around the most important risks impacting organizations.
Starting with the planning and scoping of the annual Internal Audit plan, the key question posed to every Head of Internal Audit is “are you aware of the risks concerning Internal Audit today and in the near future?” KPMG have identified some key areas of focus related to risks which the Internal Audit function should consider in developing the 2021 Internal Audit plan and the prioritization of audit topics for the year.
Key risks for 2021
Without a question, 2020 was defined by the global coronavirus pandemic and a series of unprecedented natural disasters and civil unrests, and is setting a scene for a new business “normal” for years to come. These new developments are accompanied by emerging risks that Internal Audit should take into consideration in its annual plan without neglecting key established risks. As a result, we believe the following risk areas will take the center stage in 2021.
Without a question, 2020 was defined by the global coronavirus pandemic...setting a scene for a new business “normal” for years to come.
Crisis management and planning will have to be updated for the potential for more waves of the coronavirus, not to mention other possible pandemics that follow a similarly rapid
Staff wellbeing and talent management
2020 saw new ways of working and organising personnel, more flexible working arrangements and greater autonomy driven by remote working during the pandemic. All businesses should have some degree of skills mapping and forecasting capability to understand and anticipate the organisation’s human capital requirements.
Fraud and the exploitation of operational disruption
Fraud risk, in particular, has changed significantly during the COVID‑19 pandemic. The control framework and monitoring of potential criminal activity may have become weakened due to reduced headcounts and remote working, leaving gaps in fraud detection and creating opportunities for malicious customers and staff. The pandemic also had a significant impact on short-term liquidity risk, which could also lead to a higher fraud risk being the consequence of cost cutting in the control environment and reduced monitoring activities.
Digitization and Intelligent Automation
Artificial intelligence, algorithms, cognitive computing and robotic process automation
(RPA) are among the top technologies that will continue to have a significant impact on the
way we conduct business in the future. As digitalisation continues to disrupt operations, business processes and business models, it ultimately brings new risks and challenges in
this digital age.
Third-party management: supply chain disruption and vendor solvency
Third-party risk management remains important
as organizations choose to outsource their business functions to third-party vendors emphasizing an existing need for contract management. As the pandemic is disrupting the supply chain and business service set-up of many companies, relationships with third parties are changing. Vendor insolvencies have the potential to cause massive disruption and few companies accounted for the risk of outsourcing to overseas territories such as India and parts of Southeast Asia and what this would mean in the event of a global pandemic lockdown.
Cyber security and data privacy in the expanded work environment
The wide-scale shift to homeworking arrangements rapidly increased the vulnerability
of organizations to cyber attacks as work laptops are now forced to share home WiFi networks. There is also a greater potential for controls and safety measures to soften or be circumvented when employees are unsupervised, as they are often overlooked and ignored to save time. Advancements of technology also increase the sophistication and frequency of cyber security attacks and frauds.
Climate change: the next crisis
Internal Audit increasingly recognises the challenge and risks companies face in achieving their sustainability goals and minimizing their contribution to climate change.
Culture and behaviour soft controls
Recent studies have shown that companies with a clear purpose and an explicit set of values are more successful; they instill trust from customers and promote comradery among employees.
Regulatory driven risk
Regulatory compliance is driven by ensuring compliance with a number of regulations, both domestically and abroad. Organisations, regardless of industry, are being inundated with new regulatory requirements. These new regulations place growing pressure on executive management and add complexity to the organisational governance and control structure.
Data management and data and analytics
Data collection and management is expanding extremely rapidly making the adoption of data and analytics crucial. Technological advances provide businesses with the opportunity to enhance productivity and make smart business decisions, and it is essential that organisations identify the possibilities and risks of integrating these technological capabilities into their business operations and strategies.