For the past five years Risk in Focus has sought to highlight the key risk areas identified by Chief Audit Executives (CAEs). The purpose of this publication is to help the internal audit profession prepare its independent risk assessment work, annual planning and even audit scoping by sharing the insights and learnings from the research. The board briefing is also available.
This publication also includes three practical guidances:
- Practical guidance on macroeconomic and geopolitical uncertainty
- Practical guidance on cybersecurity and data security
- Practical guidance on climate change and environmental sustainability
The report also points to ongoing concerns around companies’ ability to remain solvent as the world enters a recession. Amid depressed demand, financial, capital and liquidity risks have jumped up the agenda, with more than two in five (42%) of those surveyed including these within their top five risks – a 40% increase on last year.
The top 10 risks for Risk in Focus 2021 were *:
- Cybersecurity and data security (79%)
- Regulatory change and compliance (59%)
- Digitalisation, new technology and AI (51%)
- Financial, capital and liquidity risks (42%)
- Human capital and talent management (35%)
- Disasters and crisis response (34%)
- Macroeconomic and geopolitical uncertainty (33%)
- Supply chains, outsourcing, and ‘nth’ party risk (26%)
- Corporate governance and reporting (25%)
- Communications, management and reputation (25%)
*(with the associated %s indicating those CAEs that ranked each a top 5 risk)
- The top three risks currently facing businesses in 10 European countries are: cybersecurity and data security (79%), regulatory change and compliance (59%) and digitalisation, new technology and AI (50%).
- For the first time ever, disasters and crisis response has been included in our survey, with 34% of Chief Audit Executives (CAEs) voting for it as a top 5 risk priority for their organisation.
- Climate change and environmental sustainability is becoming an increasingly pressing issue for businesses, with 22% of CAEs citing it as a top 5 risk – an annual increase of 50% on the year before.
For the third year running, cybersecurity has topped the list of risks, with almost four in five (79%) businesses citing it as one of the major risks they face. More than a quarter (27%) singled cybersecurity out as the number one risk, amid a heightened awareness of the IT and security threats posed by widespread remote working, including an increase in phishing attempts and malware infections.
The press release is available here.