I would like to update everyone on the action I took following the Data Analytics session in September.
A fundamental belief I have is that we can all benefit more from greater interaction and collaboration and that between us we can answer just about any question or challenge that one of us may have. DA is a good example of this, and I am delighted to advise that 5 HIAs agree with me and are keen to support their peers in widening the use of DA across the profession.
The first public meeting will be on 24th or 26th November at which we will begin the journey. If you are interested in joining please let me know (firstname.lastname@example.org) and I will add you to the invitation list.
Chair: Derek Jamieson, Director of Regions
Speaker: Liz Sandwith, Chief Professional Practices Advisor, Chartered Institute
Risk in Focus 2021 represents the critical risk thinking of chief audit executives and their organisations in the UK and Ireland and across Europe. It is an essential read– highlighting key risk areas to help CAEs in their audit planning and all internal auditors in audit scoping and independent risk assessment activities. A copy of Liz Sandwith’s slides are attached.
We urge you to read it and share the content with your audit committee and board; or other governing bodies as appropriate to your sector.
A short board briefing of Risk in Focus 2021 is now available and can be accessed here.
• The global pandemic has exacerbated existing risks and forced respondents to think about them from different angles or assign them new levels of priority.
• The report shows clear examples of where internal audit spend a disproportionate amount of its time compared to the perceived priority of the risk. CAEs need to look in the mirror and ask are we are doing the right things in the right way; can we work differently going forward (automation, health checks) to target the priority risks and remain relevant?
• Gartner reported that 68% of share value is lost through the realisation of strategic risk yet only 6% of audit time was spent auditing it – that report was some years ago now but looking at where we spent our time has enough changed since then?
• The top three risks currently facing European businesses are: cybersecurity and data security (79%), regulatory change and compliance (59%) and digitalisation, new technology and artificial intelligence (50%).
• Despite a 50% increase on the year before and climate change/environmental sustainability becoming an increasing pressure for business only 22% of CAEs cite it as a top 5 risk. Looking ahead this will be a priority risk; are we ready for it?
• Now is the time for internal audit to prove its worth
Click here to access the slides from Liz's presentation on Risk in Focus 2021.
President/CEO of the IIA comments
You can only be proactive if you’re looking ahead. As a profession, we can be too comfortable looking behind and reporting on what has happened. In recent years, not just the immediate pandemic, there’s never been a more urgent priority for our profession than to take advantage of the disruptive environment and uncertainty, particularly looking ahead to a challenging 2021. The timing of Risk in Focus 2021 is helpful; now is the time we need to be thinking about what our organisations are going to need from us in the coming year.
To be consequential we are going to have to be proactive.
To be proactive we need to be comfortable providing foresight.
Foresight is the ability to speak about future risk; not predicting the future.
You need to be talking about the risks on the horizon for the next 12-18 months for two reasons. Firstly, to create board and management awareness, you might see something that is in their blind spot and secondly, critically, to make sure you are prepared to audit them having planned capacity and capability.
Looking ahead means no surprises; the worst phrase to hear is "where were the internal auditors?!"
Take time to read Risk in Focus 2021 and share your comments with us.
What’s going on around us right now is very dynamic, changing how we as individuals and our organisations need to react to the immediate threats of the pandemic and also in the longer term; uncertainty is here for the foreseeable future.
Internal audit needs to be proactive rather than reactive to be a valuable function.
I am delighted to see new faces today in addition to regular attendees. Future sessions will be more interactive, we have much to gain from being collaborative and sharing with one another.
Our next meeting on 21 October will feature three speakers at different stages in the agile internal audit journey. It will be relevant to all sectors taking insight from the speakers who are from Financial Services.
Colleagues in Ireland will, meanwhile, be running a presentation on Agile on that very date. CAEs and members of their team are invited to attend and can gain in-depth practical advice at this session.