One in two companies believe the cost of a third-party risk incident – such as a supply chain failure, data privacy breach or disruption to IT services – has at least doubled in the past five years, according to research by professional services firm Deloitte.
In its Extended Enterprise Risk Management (EERM) survey (which it undertook before the outbreak of COVID-19), around one in six organisations admitted to researchers that they had faced a high-impact third-party risk incident in the past three years (an increase from 11 per cent in 2019).
When asked to predict the ways in which they could be financially affected by such risks in future, 30 per cent of respondents thought share prices could fall by ten per cent or more if a third-party incident was not adequately managed.
“Despite an increase in incidents, companies are not yet investing sufficiently in managing third-party risk,” said Kristian Park, risk advisory partner at Deloitte.
“The COVID-19 pandemic has only highlighted the need for investment in risk management. Companies experienced a wide range of third-party incidents at the peak of the pandemic, including supply chain, logistic and financial failures, as well as data breaches resulting in fines – all of which can have a significant impact on customer service, regulatory compliance and reputation.”
Only a quarter of UK business leaders say their organisations are fully ready for the end of the Brexit transition period, according to a new survey by the Institute of Directors (IoD).
Nearly half of the 978 company directors polled said they were currently unable to prepare. One in seven said they were too distracted by COVID-19 and almost a third said they needed details of changes to be clear before making adjustments.
Those in the financial sector were most likely to be ready, while manufacturers, in particular, were less well-prepared. Directors in services businesses felt especially unable to prepare at present, either because of the pandemic, or because they needed more clarity about changes.
The vast majority (69 per cent) said that a UK-EU deal was important for their organisation. Even more, (89 per cent) said they thought it was important for the economy as a whole.
The Financial Reporting Council (FRC), the UK’s corporate governance watchdog, has unveiled what it describes as “world leading” principles that will require the Big Four consultancy firms to separate their external audit units from the rest of their businesses by 2024.
The move – first mooted in a letter in February – is intended to ensure that the firms maintain audit independence and avoid potential conflicts of interest in organisations where they also conduct consultancy work.
The FRC hopes this will mean that the firms (Deloitte, EY, KPMG and PwC) will focus on driving their external audit businesses through quality, rather than relying on more profitable services in other divisions to subsidise the part of the business where profit margins have been harder to achieve.
The FRC’s 22 principles (not “rules”) are meant to encourage audit firms to act in the public interest, rather than being beholden to their clients. It hopes this will foster ethical behaviour, openness and teamwork, while also providing greater challenge and professional scepticism/judgment in the auditing of company accounts.
Lead audit partners will be held more directly accountable for audit work, in particular because remuneration and profit-sharing will be linked to the audit practice’s performance and the level of risk and difficulty involved in particular aspects of audit work. Firms will also need to report more transparently on how much fee income they generate from external audit work alone, to ensure both sides of the business are kept at “arms length”.
The FRC (or, more probably, its successor will provide an annual assessment from 2024 onwards about how well the firms have complied.
The Big Four have until 30 June 2024 to split their audit arms from their other consultancy services. They must submit their plans for this to the FRC by 23 October and the regulator will then agree a “transition timetable” with them.
A new white paper by IT standards-setter ISACA offers advice on approaches that organisations can implement to increase the resiliency of their supply chain.
Supply Chain Resilience and Continuity: Closing Gaps Exposed in a Global Pandemic outlines key steps that need to be addressed in the business continuity planning process. These include identifying and assessing risk associated with continued service from suppliers and third parties for providing services to customers; limiting geographical concentration and the single point of failure; and extending simulation models to the various scenarios presented, including global pandemic, to enhance the abilities of the business continuity plan.
Businesses around the world have had to collaborate with competitors in order to survive the COVID-19 pandemic, but sharing excessive amounts of information with rivals comes with risks.
A recent academic paper has examined “coopetition” – the practice of cooperating with competitors – and has made recommendations that business leaders should think about before embarking on such a project.
The report’s authors suggest that companies that choose to share resources such as information, data, expertise and other capabilities can yield higher levels of performance, meet unprecedented demand and operate efficient supply chains. Sharing can also help organisations to survive within a volatile market.
However, in addition to these substantial commercial benefits of coopetition, the paper also warns of the legal risks of collusion, which can include serious issues such as violating competition rules.
The latest Emerging Risks Monitor Report from technology consultancy Gartner reveals that senior executives see renewed outbreaks of the COVID-19 pandemic as their top emerging risk.
Respondents told researchers that their main worries focus on the financial implications of the pandemic. However, executives also expressed concerns about their organisations’ new working conditions and their strategic responses to the ongoing crisis.
Executives cited the outcome of the US presidential election and the US-China trade war as other key concerns for business.
Three-quarters of chief executives and chief financial officers at the largest companies in the world admit their firms are not fully prepared for potential adverse financial impacts from a changing climate.
A survey by insurer FM Global found that 76 per cent of senior executives who responded were aware that their organisations were exposed to climate risk in the form of floods, droughts and wildfires. They admitted that these threats could “negatively affect their financials.”
However, eight out of ten of those executives said they believe their companies have “somewhat to no control” over the impact of such events on their business.
The Internal Auditing Education Partnership (IAEP) programme at Birmingham City University (BCU) has been endorsed by IIA Global as one of only ten IAEP Centers of Excellence worldwide. IIA Global praised its “vision, dedication and collaboration” and said the programme should be a source of pride for the university and the audit community.
The most important emerging risk over the next three years will be “overstretched” cyber security defences, according to Swiss Re’s 2020 SONAR report. However, the report also highlighted risks that have been amplified by the Covid-19 pandemic, including supply chain disruptions and the fragility of public healthcare.
The authors warn that the pandemic will continue to prompt shifts as the economy recovers.
This article was first published in September 2020.