Are Emerging Risk Warnings Being Missed?
IIA annual Pulse survey reveals weak confidence in ability to identify new threats
ALTAMONTE SPRINGS, Fla. (Feb. 24, 2015) — Increasingly brazen cyberattacks and other security issues are major concerns for companies, with nearly seven in 10 internal audit leaders ranking them as a high or critical priority, according to a new survey by The Institute of Internal Auditors (IIA).
However, despite the alarm, only about a third of those surveyed have a high degree of confidence in their organization’s ability to identify and adequately address emerging risks on a timely basis, according to The IIA Audit Executive Center’s 2015 North American Pulse of Internal Audit.
What’s more, the door may be open to even more trouble, with less than half of respondents to the Pulse survey identifying organizational sustainability as a high priority and few considering geopolitical instability as a priority.
“Our latest survey reveals disturbing gaps in both corporate awareness and responsiveness, based upon the views of those tasked with raising the red flags – the chief audit executives (CAEs),” said IIA President and CEO Richard F. Chambers, CIA, QIAL, CGAP, CCSA, CRMA. “It’s clear that organizations must improve how they identify emerging risks and related risk-mitigation strategies. At the same time, internal audit must improve how it addresses emerging risks and then engage with its stakeholders.”
A full report of the 2015 North American Pulse of Internal Audit will examine risk-assessment methodologies, flexible risk-based audit planning, and strategies for incorporating emerging risks into internal audit’s scope of work. The report will be released March 8 to an Audit Executive Center forum prior to The IIA’s annual General Audit Management (GAM) conference in Las Vegas.
The Pulse survey found that 45 percent of respondents placed a high priority on maintaining their organizations’ sustainability. Yet a dramatically lower percentage placed that level of importance on gauging the impact on sustainability of major geopolitical developments, global health threats or even social media.
For example, only 6 percent of those surveyed consider gauging the impact of major geopolitical developments, such as economic sanctions on Russia, as a high or critical priority, while 40 percent did not place any priority on such factors. This lack of attention to known risks could prove dangerous because an inability to fully understand the impact of existing conditions could raise concerns over an organization’s ability to identify new and emerging risks.
“This shortcoming is influenced by any number of factors,” Chambers said. “But whatever the cause, this is something CAEs must consider when developing annual audit plans that allocate resources to identifying and monitoring emerging risks.”
The problem in identifying and understanding emerging risks could be exacerbated by what appears to be a growing talent shortage in the profession due to a limited pool of skilled internal auditors. Indeed, 54 percent of respondents cited competition for qualified internal auditors as a reason for a gap in crucial skills, such as IT and data analytics. The survey also found that four in 10 respondents put a high priority on attracting and retaining talent.