AuditBoard Live Webinar banner advert Diligent One Platform World tour ad April 2024 TeamMate ESG advertising banner 2023

News round-up A&R magazine May Jun 22

 

Disruption and change create perfect storm of fraud risks

Disruption over the past two years has created the perfect environment for fraud risks to grow and go undetected. Research by risk consultancy Kroll, the Internal Audit Foundation (IAF) and IIA Global found that shifting work practices and a sudden transition to remote working presented new opportunities for fraudsters and cyber criminals.

Over half (54 per cent) of survey respondents said they had noticed an increase in cyber and phishing fraud, while 40 per cent had seen an increase in fraud relating to asset misappropriation.

They said their organisations have been exposed to increased levels of cyber, social engineering and phishing attacks. They also reported more instances of criminals impersonating senior management to embezzle funds.

Over a third (36 per cent) of survey respondents said they had invested extra resources in internal controls, while 29 per cent said they had invested more in data analytics.

The report found that since the start of the pandemic business leaders have required internal audit to take a more proactive and flexible continuous assurance approach. 

 

BCI highlights key risks on the horizon

The British Continuity Institute (BCI) has released its annual Horizon Scan Report, which identifies the risks and threats that dominated organisations’ agendas over the past year, along with those it expects to cause an impact over the next 12 months.

This year’s report highlighted the continuing impact of Covid-19, with non-occupational disease remaining the primary risk for the coming year. Meanwhile, IT and telecoms outages, cyber attacks and data breaches are still critical considerations, particularly for organisations operating on a hybrid or remote-working model.

The key emerging threats listed by respondents were cyber security threats and climate risk. 

 

Tips to be more resilient

Breaking down silos to improve response times and building confidence are two important ways to improve organisational resilience highlighted in a new document by business continuity firm Castellan Solutions.

“Getting Started with Resilience Management” includes a five-step framework and worksheet to help map operations from suppliers to customers for each main product and service.

 

WHO and ILO highlight remote working risks

The World Health Organization and the International Labour Organization are calling for measures to protect workers’ health while remote working.

A new technical brief for healthy and safe teleworking published by the two UN agencies outlines the risks to staff of working from home/remote working, and suggests steps employers can take to reduce stress, burnout, depression, musculoskeletal and other injuries, eye strain and unhealthy weight gain.

Possible measures include ensuring that workers receive adequate equipment to complete the job, training managers in effective risk management and distance leadership, promoting workplace health, and establishing the “right to disconnect” and sufficient rest days. 

 

Gartner’s top challenges for internal audit

Attracting talent with skills in new technologies and cyber security is the biggest challenge for most internal audit leaders this year, according to consultancy Gartner. Its survey of 166 chief audit executives (CAEs) found that adopting advanced analytics applications, improving IT auditing practices and providing sufficient assurance over cyber security were also serious concerns.

More than half (57 per cent) of CAEs said that attracting talent with non-traditional skills was an important or extremely important issue for them in 2022, while many said they were struggling to retain staff because of the “hot” jobs market.

The survey suggests that technology presents a dual challenge for internal audit – both to innovate and to provide adequate risk coverage. Almost half of CAEs said their department was not ready to adopt more advanced analytics applications, while nearly a quarter said their function was not gaining adequate return on investment from robotic process automation.

Over a third had low levels of confidence in their ability to provide adequate assurance over cyber security and in their IT auditing practices. 

 

Organisations unprepared for “HEAT” risks

Web malware and ransomware head the list of security threats that most concern organisations. However, only a quarter have advanced threat protection for devices that can access corporate applications and resources, according to research by IT security firm Menlo Security.

It found that organisations are inadequately prepared for highly evasive adaptive threats (HEAT). Although two-thirds of organisations have had a device compromised by a browser-based attack in the past 12 months, most do not proactively mitigate the associated risks.

The report added that organisations have conflicting views about the most effective place to deploy security to prevent advanced threats. 

 

Boards failing to prioritise ESG risks

The boards of many global firms are failing to prioritise environmental, social and governance (ESG) risks, which is creating worrying gaps in their evaluation and mitigation of these hazards, according to research published by risk consultancy Marsh.

Differing levels of board engagement depend on where the company is listed. In its report, “Evaluating ESG and pandemic risk reporting trends: FTSE 100 and global exchanges risk analysis 2021”, Marsh found businesses listed on Euronext were the most concerned about ESG exposures, with 90 per cent of the sample citing ESG risk as a key priority in their annual reports.

However, only 35 per cent of the sampled companies listed on the New York Stock Exchange named ESG as a top risk, followed by 30 per cent of those on the Hong Kong Stock Exchange. Just 21 per cent of FTSE 100-listed companies viewed ESG as a principal risk in their annual reports.

The researchers found that 30 per cent of the FTSE-100 sample showed evidence of standalone reporting on climate change risk in line with the Task Force on Climate-related Financial Disclosures (TCFD), which advocates 11 disclosures around four core elements of climate-related risks. Since April, TCFD disclosure has been mandatory in the UK for the 1,300 largest UK-registered companies (including traded companies and private organisations). 

 

Governance is the primary ESG factor to impact bank ratings

Corporate governance is currently the most important environmental, social and governance (ESG) factor affecting bank ratings globally, according to a report by Fitch Ratings.

The agency warned that it expects environmental issues to start to affect bank ratings more in future, particularly for banks in countries with faster transition plans to a low-carbon economy or in regions more exposed to extreme weather events linked to climate change.

As a consequence, it expects banks to improve the way they manage environmental risks as regulators introduce more prescriptive disclosure requirements. This could trigger changes in strategy, business models and mitigation policies, all of which could lead to higher environmental relevance scores and implications for ratings. 

 

COSO releases agile ERM guidance 

Risk management standard-setter COSO has released guidance to help organisations make their enterprise risk management frameworks more agile.

The report, called “Enabling organizational agility in an age of speed and disruption”, discusses key points including the ways in which rapid change, risks and disruption drive organisations to rethink their vision and strategy, and why leaders should regularly assess their business environment and the ability of their strategy to succeed in it. 

 

This was first published in May 2022.