AuditBoard Live Webinar banner advert Diligent One Platform World tour ad April 2024 TeamMate ESG advertising banner 2023

News round-up: March 2023 A&R magazine Mar Apr 23

Audit committee skills gaps in the spotlight

Organisations are focusing on their audit committee structures and practices to ensure they are able to deal with emerging corporate reporting areas and increased risks, according to a report from Deloitte’s Center for Board Effectiveness and the US Center for Audit Quality (CAQ).

According to the “Audit committee practices report: priorities and committee composition”, over the next 12 months a quarter of respondents expect to change the composition of their audit committee, with 25 per cent planning to increase the size of their audit committee, 28 per cent intending to replace their audit committee chair, and 42 per cent replacing one or more audit committee members.

While 92 per cent of audit committees reported that they have the expertise they need, respondents said their effectiveness would be enhanced with better cyber security and technology experience. Within the financial services sector, respondents said they would also benefit from more expertise in compliance, while those in other sectors identified their second most significant skills gap as industry experience. 


NIST publishes guide to managing AI risks

The US Department of Commerce’s National Institute of Standards and Technology (NIST) has released guidance to help organisations designing, developing, deploying or using artificial intelligence (AI) systems to manage the associated risks.

The “Artificial Intelligence Risk Management Framework” (AI RMF 1.0) provides a flexible, structured and measurable process to enable organisations to maximise the benefits of AI technologies while reducing the likelihood of negative effects on individuals, groups, communities, organisations and society. 

WEF releases annual Global Risks report

Conflict and geo-economic tensions have triggered a series of interconnected global risks, according to the World Economic Forum’s (WEF’s) “Global Risks Report 2023”.  These include energy and food supply crises that are likely to persist for the next two years along with sharp increases in the costs of living and servicing debt.

These crises could undermine efforts to tackle longer term problems, the report says, notably those related to climate change, biodiversity and investment in human capital.

It predicts that ongoing risks caused or exacerbated by the Covid pandemic and war in Ukraine will dominate the next two years. These include recession, growing debt, an ongoing cost-of-living crisis and increased societal polarisation.

Failure to mitigate and adapt to climate change, natural disasters, environmental degradation and biodiversity loss are five of the top ten risks it highlights for the next decade. Meanwhile, crises-driven leadership and geopolitical rivalries could lead to unprecedented levels of societal distress, as reduced investments in health, education and economic development erode social cohesion. 

CEOs rank threats to business survival

Two in five chief executives (CEOs) think their organisations will not be economically viable in a decade if they continue on their current path, according to research by professional services firm PwC. This belief is consistent across a range of sectors, including telecoms, manufacturing, healthcare and technology.

Respondents to PwC’s “Annual Global CEO Survey” said they expect to see multiple direct challenges to profitability in the next ten years. More than half (56 per cent) believe changing customer demand and preferences will reduce profitability, 53 per cent cited changes in regulation, while 52 per cent pointed to labour/skills shortages and 49 per cent feared technology disruption.

The impact of an economic downturn is the primary focus for CEOs this year, with inflation, macroeconomic volatility and geopolitical conflict risks not far behind. The threats associated with cybercrime and climate change have fallen in relative terms. 


FCA doubles number of fines in 2022

The number of fines issued to firms by the UK Financial Conduct Authority (FCA) more than doubled in 2022, rising to 25 from ten the previous year, according to a report by international law firm RPC.

The sharp rise in the number of fines is, in part, a response to the Treasury Select Committee’s 2021 report on the mini-bond scandal, which recommended that the FCA be more “decisive” and “proactive” to protect retail investors. The number of FCA fines levied against individuals also rose – from three in 2021 to ten in 2022.

In addition to its enforcement activities and issuing fines and other penalties, the FCA has also been more assertive in its approach to supervision. It has made more “interventions”, which include using its powers to impose requirements or variation of permissions, often on an urgent basis. 


Large enterprises are failing to implement zero-trust controls

Security measures that grant employees and devices the right amount of access to corporate data and systems to enable
them to operate are still exceptionally rare, according to
 research by consultancy Gartner.

Its researchers predict that just ten per cent of large enterprises will have a mature and measurable “zero-trust” programme (one that aims to reduce malware and fraud attacks in the workplace by, for example, preventing people from clicking on malicious weblinks) in place by 2026. Fewer than one per cent are in this position today.

Gartner suggests that slow progress towards full zero-trust maturity poses other risks – for example, that attackers will change tactics to target areas that most current zero-trust controls don’t yet cover. 


Fear of supply chain disruption triggers investment

Disruption in the supply chain is seen as the top risk to business growth for nine out of ten organisations – overtaking concerns about rising prices and energy shortages, according to a report by Capgemini Research Institute.

The report found supply chain resilience is a key priority; 43 per cent of businesses surveyed said they plan to increase investment to mitigate this, while 39 per cent intend to increase investment in technology to reduce costs and drive business transformation.

Respondents cited actions to reduce supply chain risks including onshoring or near-shoring to bring production bases closer to demand, regionalising supplier bases and diversifying their manufacturing base to reduce reliance on a single geographic region. 


FS firms expect a rise in financial crime

Financial institutions worldwide are preparing for increased financial crime in 2023, with 58 per cent planning to hire more staff, according to the “State of Financial Crime” survey by financial crime and fraud risk detection firm ComplyAdvantage. The survey found that 59 per cent of financial institutions expect financial crime to increase because of the uncertain global economic environment.

More than three-quarters of compliance teams questioned (83 per cent) said they filed more suspicious activity reports
(SARs) in 2022 than in
2021. However, most financial institutions believe their company could face enforcement action by a regulator.
Half of the firms surveyed said they consider the risk of incurring an anti-money-laundering fine all the time.” 


Cyber attacks cause substantial manufacturing losses

Nearly half of Britain’s manufacturers (42 per cent) were victims of cybercrime during 2022, according to a survey published by manufacturers’ organisation Make UK. According to the “Cyber security: UK manufacturing” report, a quarter of respondents reported “substantial financial loss” as the result of an attack, with losses ranging from £50,000 to £250,000.

The two most common consequences were production stoppages and damaged reputations. While two-thirds of respondents said the importance of cyber security has increased in the past 12 months, 54 per cent decided not to undertake additional cyber security action, although many had adopted new technology to boost production.

The top three cyber security vulnerabilities were identified as maintaining legacy IT, a lack of cyber skills in the company and providing access to third parties for monitoring and maintenance. 


This article was published in March 2023.