AuditBoard Live Webinar banner advert Diligent One Platform World tour ad April 2024 TeamMate ESG advertising banner 2023

Press release: Risk in Focus 2023


  • Cybersecurity tops annual business risk survey, with 8 in 10 (82%) citing it a top five risk, reflecting the rapidly weaponised cyberattack landscape.
  • Half cite human capital, diversity, and talent management a top five risk making it the second biggest risk faced by organisations, up two positions from fourth place last year - reflecting the severe recruitment and retention challenges facing organisations.
  • Geopolitical and macroeconomic uncertainty is the risk that has increased in severity the most according to Chief Audit Executives, elevating it from 7th to 3rd place in the risk rankings (a 44% year on year increase) – but despite the severity of this risk around 9 in 10 (92%) are not spending major time or effort preparing for this threat now.
  • With the perfect storm of high-impact interlocking risks intensifying with a looming recession and an accelerating cost of living catastrophe, the Chartered Institute of Internal Auditors is urging businesses to harness their internal audit functions to navigate more risky, uncertain, and volatile times ahead.

A new business risk survey released today has found that the War in Ukraine, coupled with the cost-of-living crisis, has significantly changed business attitudes on the risks they face with geopolitical tensions exacerbating and intensifying a wide range of business-critical risks.

The research is revealed in the annual Risk in Focus 2023 report, which has been published by the Chartered Institute of Internal Auditors, in partnership with thirteen other Institutes of Internal Auditors across Europe. The report tracks the risks faced by organisations year-on-year and this year received a record-breaking 834 responses from Chief Audit Executives (CAEs) working in all sectors of the economy across Europe.
Cybersecurity has topped the business risk poll for the 5th year running, but the big story coming out of this year’s Risk in Focus research is that geopolitical and macroeconomic uncertainty is the newest and most dynamic risk rising-up the agenda. Rising four positions from seventh most severe risk last year, to third place this year. Yet despite its growing prominence and severity, only around one in ten (8.15%) are spending any major time or effort auditing the impacts of this risk on their business.

With the War in Ukraine raging on, the spike in global energy prices, soaring inflation, as well as growing tensions between the West and China, the Chartered Institute of Internal Auditors is alarmed by the gap between awareness and action taken on this rising risk and is urging business leaders to act now to mitigate the risk of further unforeseen major geopolitical disruption in the future.

Other key findings from Risk in Focus 2023 include the following:

  • Changes in laws and regulations was cited as a top five risk by 44%, slightly down on the 46% that said the same a year ago.
  • Digital disruption, new technology and AI was cited by 38% as a top five risk, down from 45% a year ago, moving it from third to fifth biggest risk, as the aftermath of the Covid-19 pandemic and the War in Ukraine continued to push it down the risk rankings. Rocketing inflation, pressure to increase pay and supply chain disruption, may mean that in 2023 many businesses do not have the funds to carry out their digitalisation plans.
  • With record-breaking temperatures recorded across Europe this summer and the consequent drought, 37% of CAEs now cite climate change a top five risk, compared to 31% last year – marking the fifth year in a row that this risk has risen the risk rankings.

John Wood, Chief Executive of the Chartered Institute of Internal Auditors, said: “Our latest Risk in Focus research highlights the perfect storm of high-impact interlocking risks now being faced by businesses, throwing many into a permanent state of crisis.

"Following hard on the heels of the pandemic, Russia’s invasion of Ukraine has intensified supply chain failures, caused a spike in energy prices and fuelled inflation, exacerbating geopolitical and macroeconomic risks. At the same time businesses are grappling with an increasingly weaponised cyber-attack landscape as well as major recruitment and retention challenges. Meanwhile, the climate emergency threatens to snowball into the next big crisis unless organisations prepare now for the impacts of climate change, with extreme weather events like the record-breaking heatwave this summer, likely to be the new normal in the future. 

"We urge boards to get a grip on the situation and seek the support of their internal audit functions to help them navigate more risky, uncertain, and volatile times ahead."

Risk in Focus 2023 sets out a series of recommendations for how organisations can tackle these risks including:

  • Boards should work with their internal audit functions to assess whether the assumptions the organisation has made about the nature of key risk areas are still valid today and fit for the circumstances likely to arise in 2023.
  • Boards should work with their internal audit function to focus on systemic risks that create vulnerabilities in many parts of the organisation simultaneously and ensure risk assessment and risk management efforts provide the board with clear oversight of such risks.
  • Boards should work with their internal audit function to assess whether the organisation has effective and timely mechanisms in place to spread information on new cyber threats, countermeasures, and advice throughout the business.
  • Boards should work with their internal audit functions to better understand the company’s goals and maturity on climate-related sustainability and assess how far this is reflected in the business and action plans on different levels.
  • Boards should work with their internal audit function to evaluate whether the organisation’s human resources strategies are aligned with its vision and mission, and whether they are suitable for these times of scarcity when it is key to attract and retain employees within the organisation.

The full report is available here.




Notes to editors

The top 10 risks for Risk in Focus 2023 are (with the associated %s indicating those CAEs that ranked each a top five risk – rounded up or down to the nearest percentage point)

  1. Cybersecurity and data security (82%)
  2. Human capital, diversity and talent management (50%)
  3. Macroeconomic and geopolitical uncertainty (46%)
  4. Change in laws and regulations (44%)
  5. Digital disruption, new technology and AI (38%)
  6. Climate change and environmental sustainability (37%)
  7. Business continuity, crisis management and disasters response (36%)
  8. Supply chain, outsourcing and 'nth' party risk (34%)
  9. Financial, liquidity and insolvency risks (28%)
  10. Organisational governance and corporate reporting (25%)

About Risk in Focus 2023

  • For the past seven years, Risk in Focus has sought to help Chief Audit Executives (CAEs) to understand how their peers view today’s risk landscape as they prepare their forthcoming audit plans for the year ahead.
  • Risk in Focus 2023 research was conducted in March and April 2022. Data was collected through a quantitative survey among CAEs across 15 European countries which included: Austria, Belgium, Bulgaria France, Germany, Greece, Italy, Luxembourg, the Netherlands, Slovenia, Spain, Sweden, Switzerland, and the UK & Ireland. The survey elicited a record-breaking 834 responses from CAEs across Europe.
  • Simultaneously, four roundtable discussions were organised with 39 Chief Audit Executives (CAEs) on each of the risk areas covered in the report. In addition, we also conducted 9 one-to-one interviews with subject matter experts that included CAEs, Audit Committee Chairs and industry experts to provide deeper insights into how these risks are manifesting and developing.

About the Chartered Institute of Internal Auditors

The Chartered IIA represents around 10,000 internal audit professionals in organisations spanning all sectors of the economy, across the UK and Ireland. It champions the contribution internal audit makes to good corporate governance, strong risk management and a rigorous control environment leading to the long-term success of organisations, including those in the public sector.