AuditBoard Live Webinar banner advert Diligent One Platform World tour ad April 2024 TeamMate ESG advertising banner 2023

Heads of Internal Audit Virtual Forum

08 March 2023

Please note:

  • All Institute responses are boxed and highlighted in blue
  • Where the chair comments in that capacity, the box is highlighted in yellow
  • For confidentiality, the identities of all delegates/attendees are anonymised


Chair opening comments | Liz Sandwith, Chief Professional Practices Advisor for the Institute in the UK and Ireland.

A warm welcome to those of you who are attending the forum for the first time today. I hope you all enjoy the session.

I am joined today by Anne Kiem, CEO of the Institute and Gavin Hayes Head of Policy for the Institute who will be our speaker today. 

Today’s session focusses on our recently published report “Navigating Geopolitical Risk” which was delivered in partnership with Airmic.

It is fair to say that only a few years ago most of us would not have considered global events such as we have seen over the last few years as relevant to our day-to-day work. They were infrequent, happened on the other side of the world and were felt to have no real direct impact on most of our organisations. They didn’t appear on the risk register and certainly didn’t get factored into internal audit’s planning.  

The situation has now changed beyond all recognition. It only takes 10-15 mins of research on the internet to identify how the political dynamics have changed over the last three years and to reflect on the impact these changes have affected us all to some extent. 

Perhaps now more than ever we genuinely feel the impact of the global dynamics at play, primarily because they are multiple, happening at great pace and are exposing the interrelationships all our organisations have across the world.

This background of a volatile and unpredictable global dynamic led us to initiate the project which resulted in our recent report which was launched at the House of Lords on 22nd February.

I would like to introduce you to Gavin Hayes, our Head of Policy who led the project for the Institute and who will take you through the key messages from the report.

Key Takeaways

Click here for the slides

Click here for the Navigating Geopolitical Risk report

  • Geopolitical risk is a strategic risk that is interconnected across the organisation.
  • Geopolitical events exacerbate and interlink with existing business-critical risks. For example, supply chains, cybersecurity, legal and compliance, reputation, and financial stability.
  • None of us has a crystal ball and can predict future events.
  • Internal auditors need to work closely with risk management functions to support organisations in navigating the perfect storm of interconnected risks in this new geopolitical era.
  • Internal audit can provide advice and assurance to ensure their organisation has robust scenario planning processes in place, for when the unexpected does happen.
  • Effective scenario planning will help to support greater organisational resilience.

The backbone of the research that supports the report was based on a series of six scenario-based roundtables attended by senior internal audit executives, senior risk management executives and geopolitical experts, that form case studies in the report. These are:

  • Economic meltdown: A global crisis on the horizon?
  • Conflict involving China: Taiwan and the South China Sea
  • War in Ukraine: Global implications
  • Climate change and geopolitics
  • US politics and democracy: Challenges to global stability
  • Cyber security and geopolitics

The key takeaways from the report are:

  1. Be agile in responding to the challenges of ‘once-in-a-generation events’ occurring with regular frequency.
  2. Scenario planning and horizon scanning are the keys to preparing for geopolitical risk.
  3. Stereotypical profiles of risk and internal audit professionals need to be reviewed to ensure they meet future needs.
  4. Take a long-term view of geopolitics.
  5. Stay true to the organisation’s purpose.
  6. Geopolitics is not just all about downside risk.
  7. Risk and internal audit need to operate as strategic enablers.

Chair closing comments

Interestingly, climate change features strongly currently, with the issue of ‘winter water shortage’; a significant drought is predicted for summer 2023 because of lack of rain during the winter months.

This signals that geopolitical risk is not a standalone risk, and management should be thinking about it in an interconnected way.

A big thank you to Gavin for his presentation, and making us think what we, as internal auditors might want to do to think differently, stepping outside the box and seizing opportunities around geopolitical risk.

Our next meeting on 5th April will focus on Culture. This is a subject that, for many is still a developing picture and we will aim to have a practical discussion on current practice. 

Dates for your diary 

  • 29th March| 2023 from an internal audit perspective| LA Forum
  • 30th March| Chartered by Experience 14:00-15:00  |register here
  • 5th April| HIA Forum – Culture Post Covid

Chat comments including Q&A

Question | What about geopolitical risk from a construction industry prospective?

         Answer | We are aware of geopolitical risk, but the challenge is translating this in a meaningful understanding of the relationship                 with other risks. The report makes me wonder how we may tackle this.

Question | Are you experiencing supply chain challenges?

         Answer | We have looked at it, in terms of modern slavery. We are quite protected as the bulk of materials are domestically                       produced.

Question | So if there is no current threat in this area, is this a risk that can be seen to offer opportunities in construction?

         Answer | Potentially, yes, like the use of renewables for example or more use of concrete bricks which are air drayed.

Question | What about geopolitical risk in the context of the public sector in Scotland?

         Answer | Scottish government is seeing the impact on many levels such as affordable homes, construction, assisting Ukrainian                   families, climate change and the drive to net zero. We have been focussing on setting up strong foundations for risk management                 and planning. We have also moved to a more assured risk plan. We set out key areas and a 3-month plan but things are already                 shifting, (Scotland’s First Minister resignation), so already we are seeing the need to adapt in the face of sudden shifts and change.             Assurance work around foundations is a priority.

Comment | Considering whether geopolitical is a standalone risk, compared to covid, it is clear it is not and it carries a multiplicity of impacts. From an internal audit plan point of view, a rolling plan needs to be an alternative. A practical, reactive approach, regular checks and from a business continuity perspective, assurance of reliance on supply chain. New ideas need to be considered, being on board with geopolitical risk and the real threats we are seeing like Taiwan.

Comment | Interestingly, at last year’s Audit Leaders’ Summit the projection of a timeline of ten years for the China/Taiwan conflict to escalate has now been reduced to two years!

Question | What is the Welsh government doing regarding geopolitical risk?

         Answer | Similar situation, there may not be the label of ‘geopolitical’ yet but the risks on the register are all there. Wales pledged             to be a safe nation for Ukrainian refugees, however the conflict is going on for longer than expected and we need to fund this                       area. So we are already dealing with impact. There is the climate issue on top of it, Wales has committed to carry out a ‘no                         road building’ policy.

Question | I have heard the term “polycrisis” recently, and seen it mentioned in page 10 of your report. Is there a simple definition of this? 
Just wondering if any of the 6 case studies are an example of that term, given the interrelationship between some of them?

         Answer | It refers to many crises taking place at the same time / concurrently and interacting with one another to such an extent               that the impact far exceeds the sum of each part. In the 6 case studies there is a degree of inter-connectivity. Looking at the US for             example  and interconnectivity with climate change. Ukraine war and China aligning with Russia, another interconnectivity. Cyber                 security rapidly weaponized the cyber landscape aggravated by the war in Ukraine, inter connectivity there too.

Comment | There is the human element too. Take people skipping meals, not looking after their physical and mental health because of the cost of living. How do organisations cope? How can they support their people?

         Answer | The human element was discussed with the economic and cost-of-living crisis, energy and food prices, fuel; that has been              part of discussion. As well as the post covid with the ‘great’ resignation and the recruitment challenges. Employers are struggling to              keep up with inflation and offering pay rises. Brexit is causing issues with supply chain.

Comment | Energy crisis, there is a need for people to change behaviour and mentality towards energy. There is an opportunity because of a crisis. Just like in the covid crisis. Which offered the opportunity to introduce working from home, with great results.

Comment | The cost-of-living crisis raises the risk of Fraud which interconnects with financial stability, staff turnover and culture within organisations.