News round-up: November/December 2021

Chartered IIA launches animation to explain and promote internal audit

The Chartered IIA has launched its first explainer video to introduce the institute’s reach, scope, influence, network and suite of services. “We are the Chartered IIA” is an accessible animated overview aimed at promoting both the institute and the purpose and work of the internal audit function.

The video is the first in a planned series of explainer videos that answer basic questions about who internal auditors are, what the institute does and the profession we represent. Two further videos will ask what is internal audit and will compare internal audit and external audit. 

The initiative began when research identified a need for rich content providing detailed answers to basic questions. The BEIS consultation on the future of audit and the challenges that internal auditors have worked to overcome in the past year only added to the need for short explanatory videos that members can refer to and use in their organisations, and that offer a simple overview to those unaware of our work. 


Compliance risks rise when controls are not embedded in routine processes

Compliance teams that fail to embed their controls into employee processes suffer from significantly higher rates of compliance failures than those that do, according to a recent survey by risk management consultancy Gartner.

The researchers found that organisations that put a heavier compliance burden on their employees create higher levels of risk, leading to increased control failures.

They warned that introducing new rules and obligations for employees without properly integrating them into the processes these people have to carry out, leads to multiple causes of control failure. Staff reported being unable to find or comprehend the information they needed, or said that they did not recognise or remember it when they needed it. 


Align risk management with AI

New guidance to help organisations align their risk management with their artificial intelligence (AI) initiatives has been published by COSO, the international body responsible for developing frameworks to improve internal controls.

The paper, called Realize the Full Potential of Artificial Intelligence, says that organisations that understand their AI-related risks may be better equipped to deliver strong return on investment and meet their stakeholder expectations. 

In addition, organisations that implement enterprise risk management can refine and adapt their innovation initiatives to support their strategies in a rapidly changing business environment. The research says that AI solutions need to be “trusted, tried, and true”. 


 

Resilience and risk rise up corporate agenda

The global pandemic has increased the importance of risk management and resilience in organisations, according to more than 90 per cent of European risk managers surveyed by European risk management association FERMA. More than half of those who were questioned said that it has made resilience planning “considerably more important” than it was in their organisation before.  

Overall, the majority of respondents said that they thought their organisations are well equipped to manage resilience. Most said that risk managers are involved in the process in a meaningful way and that they have further room to lead initiatives, especially in predictive capabilities such as scenario planning and stress testing.

Over 60 per cent of the participants in the survey acknowledged resilience as either a top priority or as “very relevant” in strategic decision-making.

Looking ahead, almost three-quarters of the risk managers surveyed said that there is a clear need for improving risk culture and integrating resilience more deeply into their organisation’s strategy. 


Bank of England report reviews global supply chain risks

A new report from the Bank of England examines the risks that are inherent in global supply chains. It asks whether initiatives to source goods and services locally are necessarily the best course of action to offset the risk of future economic shocks. 


BSI guidance offers whistleblower management best practices

The British Standards Institution (BSI) has published international guidance to help organisations set up an effective whistleblowing management system.

The guidelines aim to provide companies with help establishing, implementing, maintaining and improving whistleblowing policies and procedures.

According to the BSI, it has developed the standard to encourage and facilitate the reporting of wrongdoing; support and protect whistleblowers and other interested parties involved; ensure that reports of wrongdoing are dealt with in a proper and timely manner; improve organisational culture and governance; and reduce the risks of wrongdoing.

It explains that the guidance should enable a company to identify and address wrongdoing at the earliest opportunity to help prevent or minimise any loss of assets (and/or recover them). It should also help them to ensure compliance with policies and procedures, as well as legal, regulatory and social obligations.

The BSI stresses that any effective whistleblower management system needs top management leadership and commitment to succeed. It emphasises the importance of internal communication, training, and regular reviews to assess a system’s suitability, along with monitoring how well managers have assessed and responded to (and escalated) whistleblower reports. 


Survey highlights compliance priorities

Organisations’ efforts to improve internal controls are focused on enhancing regulatory and internal compliance assessments, introducing more compliance training to improve employee awareness, and elevating third-party management, according to a report by IT vendor MetricStream. 

Its 2021 State of Compliance Survey Report found that tracking third-party compliance was the primary concern for almost half the organisations in the survey, while two-thirds of organisations said that their top priority was to enhance regulatory and internal compliance assessments.

The report also found that 63 per cent of organisations are still using inadequate productivity and knowledge management software to manage compliance.


Data integrity cited as a key risk for FS firms

Legacy technology and manual processes are compromising the ability of financial services firms to manage and minimise risk, according to a report by data management organisation Duco.  

Its survey found that almost three-quarters of firms in the sector believe they are struggling with too many different formats and systems to manage their data risk. Over two-thirds said they find it hard to maintain data quality and integrity as it moves through the organisation.

Risk teams also complained that legacy systems and technology are not keeping up with requirements. Almost a third of those questioned said their existing technology is too slow or expensive, while a fifth said their risk data is too complex for current systems. As a result, around two-thirds of risk teams said they spend most of their time handling repetitive issues such as sourcing, reconciling and transforming data for use in risk management systems.

Despite this, many are still nervous about adopting more agile, automated solutions. More than a third of respondents said moving manual data processes on to new systems would be too expensive or time-consuming, and more than one in ten could not see any compelling business case for automating their processes. 


Pandemic has stifled innovation in one in three companies 

One third of businesses have failed to innovate during the pandemic, according to research by business performance consultancy Ayming Group.  

Market uncertainty and reduced R&D budgets are the main reasons why companies may be lagging behind, the researchers said.

More positively, 82 per cent of businesses agreed that the pandemic has demonstrated that a business must be able to identify and react to opportunities, and 76 per cent agreed that the pandemic has proved how important it is to innovate during a crisis.


IT teams fear remote working is creating a security breach “time bomb”

Three-quarters of IT teams admit that security took a back seat to business continuity during the pandemic, according to a report by IT vendor Hewlett Packard.

Many also told researchers that their attempts to increase or update security measures for remote workers have frequently been rejected, particularly by younger workers who feel frustrated when security gets in the way of their deadlines. This is causing many to circumvent controls.

The latest HP Wolf Security report also found that 83 per cent of IT teams believe the increase in home workers has created a “ticking time bomb” that will lead to a corporate network breach. 

This article was published in November 2021.