Diligent One Platform World tour ad April 2024 TeamMate ESG advertising banner 2023

Heads of Internal Audit Virtual Forum

7 October 2020

Please note:

  • All Institute responses are boxed and highlighted blue.
  • Where the chair comments in that capacity, this box is highlighted in yellow.
  • The comments from the President/CEO of IIA Global are highlighted in heather.
  • For confidentiality, the identities of all delegates/attendees are anonymised.

Chair's comments

I would like to update everyone on the action I took following the Data Analytics session in September. 

A fundamental belief I have is that we can all benefit more from greater interaction and collaboration and that between us we can answer just about any question or challenge that one of us may have. DA is a good example of this, and I am delighted to advise that 5 HIAs agree with me and are keen to support their peers in widening the use of DA across the profession.

The first public meeting will be on 24th or 26th November at which we will begin the journey. If you are interested in joining please let me know (derek.jamieson@iia.org.uk) and I will add you to the invitation list.


Participants

Chair: Derek Jamieson, Director of Regions

Speaker: Liz Sandwith, Chief Professional Practices Advisor, Chartered Institute

Institute's comments

Risk in Focus 2021 represents the critical risk thinking of chief audit executives and their organisations in the UK and Ireland and across Europe. It is an essential read– highlighting key risk areas to help CAEs in their audit planning and all internal auditors in audit scoping and independent risk assessment activities. A copy of Liz Sandwith’s slides are attached.

We urge you to read it and share the content with your audit committee and board; or other governing bodies as appropriate to your sector.

A short board briefing of Risk in Focus 2021 is now available and can be accessed here.

Key takeaways

• The global pandemic has exacerbated existing risks and forced respondents to think about them from different angles or assign them new levels of priority.

• The report shows clear examples of where internal audit spend a disproportionate amount of its time compared to the perceived priority of the risk. CAEs need to look in the mirror and ask are we are doing the right things in the right way; can we work differently going forward (automation, health checks) to target the priority risks and remain relevant?

• Gartner reported that 68% of share value is lost through the realisation of strategic risk yet only 6% of audit time was spent auditing it – that report was some years ago now but looking at where we spent our time has enough changed since then?

• The top three risks currently facing European businesses are: cybersecurity and data security (79%), regulatory change and compliance (59%) and digitalisation, new technology and artificial intelligence (50%).

• Despite a 50% increase on the year before and climate change/environmental sustainability becoming an increasing pressure for business only 22% of CAEs cite it as a top 5 risk. Looking ahead this will be a priority risk; are we ready for it?

Now is the time for internal audit to prove its worth

Click here to access the slides from Liz's presentation on Risk in Focus 2021.

President/CEO of the IIA comments

You can only be proactive if you’re looking ahead. As a profession, we can be too comfortable looking behind and reporting on what has happened. In recent years, not just the immediate pandemic, there’s never been a more urgent priority for our profession than to take advantage of the disruptive environment and uncertainty, particularly looking ahead to a challenging 2021. The timing of Risk in Focus 2021 is helpful; now is the time we need to be thinking about what our organisations are going to need from us in the coming year.

To be consequential we are going to have to be proactive.

To be proactive we need to be comfortable providing foresight.

Foresight is the ability to speak about future risk; not predicting the future.

You need to be talking about the risks on the horizon for the next 12-18 months for two reasons. Firstly, to create board and management awareness, you might see something that is in their blind spot and secondly, critically, to make sure you are prepared to audit them having planned capacity and capability.

Looking ahead means no surprises; the worst phrase to hear is "where were the internal auditors?!"

  

Chair's comments

Take time to read Risk in Focus 2021 and share your comments with us.

What’s going on around us right now is very dynamic, changing how we as individuals and our organisations need to react to the immediate threats of the pandemic and also in the longer term; uncertainty is here for the foreseeable future.

Internal audit needs to be proactive rather than reactive to be a valuable function.

I am delighted to see new faces today in addition to regular attendees. Future sessions will be more interactive, we have much to gain from being collaborative and sharing with one another.

Our next meeting on 21 October will feature three speakers at different stages in the agile internal audit journey. It will be relevant to all sectors taking insight from the speakers who are from Financial Services.

Colleagues in Ireland will, meanwhile, be  running a presentation on Agile on that very date. CAEs and members of their team are invited to attend and can gain in-depth practical advice at this session.

 

Chat box comments from attendees

  • Will the increased use of data analytics and continuous auditing allow us to reduce the amount of time we spend on operational risk areas and free up resources to allow us to focus on these emerging strategic risks?
  • Climate change is on the plan as a high priority for us in 2021 (Banking).
  • Climate change is critical for the whole industry and this along with the challenging net zero targets set will form an important of future audit plans (Utilities).
  • Climate change fundamental to our strategy so an organisational principal risk and on the audit plan this year -would expect for many years to come (Utilities).
  • Climate change is key to banking and financial services.
  • Post-COVID will there be pressure for corporates to be both profit-focused and societal-focused which will include climate change.? Will we see movement away from capitalism?  Will this leading to a strategic and objective shift and hence a risk shift?
  • Measurement of carbon usage seems very challenging if take holistic view including indirect from supply chain and operations.
  • Look at energy efficiency, have looked at co2 usage. Also look at supply chain - need to be able to respond to customer expectation too.