Thank you for joining. Welcome to a special edition of the Local Authority Internal Audit Virtual Forum focused on the Chartered IIA’s Risk in Focus 2022 report.
Organisations and their internal audit functions face a dizzying pace of change and unprecedented uncertainty. The pandemic has destabilised operations and labour, disrupted supply and demand, and undermined previously sound business models to an extent few would have thought possible.
As a result, this year’s Risk in Focus report has once again found that the coronavirus pandemic has continued to transform the risk landscape and has significantly influenced organisation’s attitudes towards key risks.
Chair's opening comments
Welcome to our Local Authority Internal Audit Forum.
Whether you audit in the private sector or the public sector, the UK, Ireland or elsewhere, risk is our common currency. But this wasn’t always the case, as historically there have been instances with local authorities where their notion of risk equated to business continuity with fire, flooding and building evacuations being the main areas of concern. As auditors in local authorities, we have moved on significantly since then.
Our understanding of risks and particularly the risks faced by our councils is, of course, key to determining the work that we undertake and so the Risk in Focus report is an excellent resource for discussion with management in our organisations, particularly after the 18 months of the pandemic when challenges and the landscape has shifted.
Liz Sandwith, Chief Professional Practice Adviser, Chartered IIA said:
Institute's closing comments
Internal audit is auditing amid rapid change
While the economic recovery is promising following the deepest global recession in living memory, businesses are contending with critical supply chain issues and inflation risks
Production costs have risen at a rate not seen for decades. Businesses are struggling to forecast demand for their products as virus infection rates and consumption continues to wax and wane. This uncertainty and disruption is being felt end-to-end through supply chain
Organisation that do not take immediate action regarding climate change face the genuine risk of extinction
The world has changed. Internal audit must change too.
Thank you for attending. As always, if you have any ideas or suggestions for what we might include in future agendas, please contact Liz Sandwith at firstname.lastname@example.org
Q Regarding the amount of time spent on fraud - I think that there is maybe a traditional view of internal audit that we should be focused on fraud risks. Personally, I worry that a fear of fraud occurring could lead to question of where internal audit was. This, in turn, could lead to a disproportionate amount of time spent on fraud risk.
A Sometimes our stakeholders tend to go with some of the more obvious risks and look for assurance in those risks. But if the controls in a particular area are good and they mitigate the risks, then the same areas may not need to be audited time and time again. Risk in Focus 2022 is a useful report for understanding which risks need your time and attention, from an independent source i.e. the Chartered IIA.
Q Does anyone have any examples of Fraud risk assessments that they would be prepared to share? I'm having to start from scratch.
A If anyone has any examples that they are willing to share, please send them to us at Liz.Sandwith@iia.org.uk. We would also recommend raising them in our newly developed fraud forum.
Q Would members be willing to share suitably anonymised fraud incidents that they have been involved with? For example, values and outcomes eg criminal prosecutions
A It would be interesting to know if your organisation prosecutes in the case of internal fraud incidents.
Q Slide 5 - is it correct that IA - or some teams - are spending nearly 80% of their time on cyber security? I cannot imagine anyone in local government spending anywhere near that amount of time on this. Unless I have read the slide incorrectly?
A The slide shows how closely internal audit’s time, attention and resources are being matched to what CAEs consider to be the biggest risks to their organisations. There are numerous reasons why these differentials may exist and a direct correlation between risk priority and time spent auditing should not necessarily be expected.
Q How confident and skilled do we feel in auditing cyber risks - is there a skills gap?
A This is an area that we are not, as internal auditors, particularly familiar with. We are all still learning. Do have a look at the cyber security report referenced above as it has some great suggestions.