AuditBoard Live Webinar banner advert Diligent One Platform World tour ad April 2024 TeamMate ESG advertising banner 2023

9 in 10 organisations are not spending major time and effort preparing for "existential risk" of climate change

  • The Chartered IIA’s latest Risk in Focus report shows that around 9 in 10 organisations are not committing major time and effort to preparing for the rising risk of climate change, and is calling on business to act now to avoid disruption in the future
  • Report shows an increase of 41% in Chief Audit Executives seeing climate change as a top-five risk when compared to last year - but only around one in 10 (12%) are spending significant time and effort preparing for this threat now      
  • New report identifies leading risks to business in 2022 as: cybersecurity and data security, change in laws and regulations, and digital disruption and AI.

While the coronavirus pandemic continues to disrupt the corporate landscape in the present, new research and a major survey projects climate change as the rising risk of the future, steadily gaining prominence in The Chartered Institute of Internal Auditors’ annual Risk in Focus report. Risk in Focus 2022, published today, tracks the risks facing organisations year-on-year as ranked by more than 700 Chief Audit Executives (CAEs) representing a range of organisations including leading businesses, public sector organisations and NGOs from across Europe.

Climate change has been steadily rising up the agenda, climbing four positions in the rankings since 2021 and seeing a 41% increase in CAEs who view it as a top five risk, putting it in the top ten for the first time. But, 7 in 10 (69%) of CAEs still don’t consider climate change as a ‘top five’ risk to business, and just one in 10 (12%) internal audit teams have said they are prioritising spending significant time and effort preparing for the ‘existential risk’ of climate change. The Chartered IIA is alarmed by the gap between awareness and action taken on this rising risk and encourages organisations to act now to avoid disruption in the future.

The Chartered IIA advises CAEs to follow the lead of prominent organisations which are already incorporating climate change risk into their plans:

Mike Ashley, Chair of the Audit Committee at Barclays, said:

“Climate change is extremely high on the government’s agenda, particularly with COP26 coming up, and business has a critical part to play.  At a minimum, companies should record and publish their activities related to climate risk and sustainability, using internationally recognised standards such as TCFD, and internal auditors have an important role to play in providing assurance on these performance metrics and that they are embedded in how the business actually operates. Fundamentally, we need to ensure that high level sustainability announcements by businesses are actually lived up to, so I think there is work that internal audit can do in that space to ensure that we do walk the talk.”

John Wood, Chief Executive of the Chartered IIA, said:

“The rapid and radical adaptation seen across the corporate landscape during the pandemic demonstrates what businesses are capable of when needs must. Now is the time for similar innovation in response to the growing risk posed by climate change.

Businesses should prepare for climate change risks now to avoid large-scale disruption in the coming years, and internal auditors must play crucial planning and monitoring roles here. Those that fail to do so put their continued existence in jeopardy.”

The Chartered IIA recommends that organisations consider climate change a ‘forever risk’, and act to defend against this now by:

  • Ensuring climate change and sustainability is central to the organisation’s values, mission and strategic goals
  • Establishing sustainability goals which align with the UN’s 17 Sustainable Development Goals
  • Investing in projects that will future proof products and services
  • Planning for any climate-related physical and political risks which may jeopardise an organisation’s future
  • Reducing organisational greenhouse emissions and moving away from harmful or unsustainable manufacturing processes or materials

Other key findings from Risk in Focus 2022 include:

  • Cybersecurity topped the list of risks for the fourth year running, with a majority (82%) of those surveyed placing it amongst their top five risks. This coincides with a material increase in cybercrime over the past 18 months, as criminals have sought to exploit the security weaknesses exposed by operational disruptions during the pandemic.
  • Changes in laws and regulations is among the top five risks for almost half (46%) of CAEs this year, although fewer than one in ten (8%) say it is their number one risk.
  • Digital disruption, new technology and AI remains a priority for CAEs, with close to half (45%) identifying it as one of their top five risks.
  • Almost half (40%) of CAEs listed human capital, diversity, and talent management as a top five risk, a knock-on impact of the workplace disruption caused by the ongoing pandemic, including changes to working patterns and expectations of what work means.
  • A third (33%) of CAEs view financial, liquidity and insolvency risk as among their top five risks, a significant fall on the 42% who said the same a year ago.
  • Almost a third (32%) of CAEs say that macroeconomic and geopolitical uncertainty is among their top five risks, while one in ten (10%) say it is their top risk. Current geopolitical instability could see this risk rise yet further up CAEs agenda by 2023.
  • Last, but by no means least, a third (30%) of CAEs have said that supply chains, outsourcing and ‘nth’ party risk is in their top five risk. With the pandemic, Brexit and the rising cost of importing from China continuing to cause supply chain challenges, this is another risk area that could potentially rise further up the list of business risks in the near future.

What are the top five risks that your organisation currently faces?

2022 vs 2021

View the full Risk in Focus 2022 report

Notes to editors

  1. The Chartered IIA has run its Risk in Focus research project for the last five years to help Chief Audit Executives understand how their peers view today’s risk landscape and assist in developing their forthcoming audit plans
  2. Risk in Focus 2022 research was conducted in March and April of 2021.  Data was collected through a quantitative survey among CAE members of 12 Institutes of Internal Auditors in Austria, Belgium, France, Germany, Greece, Italy, Luxembourg, the Netherlands, Spain, Sweden, Switzerland and the UK & Ireland. The survey elicited 738 responses
  3. Further insight was gathered through 50 interviews with a sample of 35 Chief Audit Executives, 12 Audit Committee Chairs, and 3 CEOs from across the above listed countries
  4. The Chartered IIA represents around 10,000 internal audit professionals in organisations spanning all sectors of the economy, across the UK and Ireland. It champions the contribution internal audit makes to good corporate governance, strong risk management and a rigorous control environment leading to the long-term success of organisations, including those in the public sector
  5. For further information, please contact Katie Neame of Atlas Patners. You can reach her on email at or via mobile on 07975684579