What are the hot risk topics everyone is discussing in Audit for 2018?

A wider group of European Institutes of Internal Auditors have taken an ambitious approach, interviewing Chief Audit Executives (CAEs) from major organizations in six European countries – France, Italy, the Netherlands, Spain, Switzerland and the UK – to home in on key themes requiring the attention of internal audit to mitigate risk and protect and add value in their organizations.

These Hot Topics were identified through in-depth, qualitative interviews with CAEs across a diverse range of critically important sectors – construction/infrastructure, financial services, IT, manufacturing, public sector, retail/ consumer, telecoms and utilities/energy – and from organizations that truly lead these industries. These topics are:

1.       GDPR and the Data Protection Challenge: The regulation foresees a strengthened role for security measures such as robust firewalls and encryption, and obliges companies (data controllers) to report any personal data breaches within 72 hours, even if it occurs at the third party (data processor) level. This will require enshrining data protection and governance measures into supplier contracts.

2.       Cybersecurity, a path to maturity: Organizations needs to view cybersecurity through a technical lens by investing in the latest security tools, and then seek assurance that these are working and controls and procedures are of a sufficiently high standard. However, while the behaviour of correctly configured and maintained software and technology is relatively predictable.

3.       Regulatory Complexity and Uncertainty: Assessing whether compliance functions are on top of the latest applicable regulations and that appropriate steps have been taken to ensure that the organization is compliant, and – where there is uncertainty or conflict with existing or other incoming rules – that dialogue with the relevant regulators has been established.

4.       Pace of Innovation: R&D and innovation projects should be audited to ensure they are effectively managed to mitigate project risk and, as they near commercial roll-out, delivery risk. All the while internal audit must strike a balance by not slowing or standing in the way of rapid innovation that will be crucial to the organization’s future success, but equally providing an assurance that projects deliver the promised benefits.

5.       Political Uncertainty, Brexit and other unknown: Given the unpredictability of Brexit, the future of the EU, the policy direction of the Trump administration and other political and geopolitical unknowns, it is difficult for internal audit and other assurance providers to give specific and detailed advice to their organization. Internal audit will be expected to provide an assurance that organizations are agile and responsive enough to swiftly adapt their operations to an uncertain, changing political landscape.

6.        Vendor Risk and Third Party Assurance: Internal audit can add value by reviewing the governance around procurement and contract management, checking that audit rights are written into supplier contracts, that suppliers have robust whistleblowing procedures in place and by working with the procurement function to ensure that due diligence processes are comprehensive and meet the risk mitigation needs of the organization.

7.       The Culture Conundrum: Internal audit has a critical role to play in assessing whether the existing culture and staff behaviour reflects the company’s stated ethos and values, whether it stands in the way of the organization achieving the transformation it seeks and how effective measures to reshape the culture are.

8.       Workforces – Planning for the future: Internal audit must be able to assess whether HR risk is being effectively managed and provide assurance that the organization’s workforce planning strategy is in line with its strategic vision. Where does the organization want to be five years from now and how do its recruitment and retention policies support that? IT, technology and digital skills are going to be in high demand for the foreseeable future, so internal audit should assess whether the organization is making efforts to reduce any IT skills gap that exists today and could widen in the coming years.

9.       Evolving the Internal audit function: With every audit, we’re constantly looking at whether the work we’re doing is going to be valuable to management a year down the track, or are we ticking a box and moving on? Are we really looking at what matters and then looking at it in a way that maintains audit’s relevance? Because you can look at the right topic area but if you’re looking at it in a static way when it’s a moving feast then people are going to start ignoring you.

Audit International are specialists in the recruitment of Internal Auditors and Corporate Governance Professionals across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us on 0041 4350 830 95.