As coronavirus continues to disrupt the corporate landscape, a new survey suggests businesses across Europe have significantly shifted their attitudes towards risk. The Chartered IIA’s annual Risk in Focus 2021 report tracks the risks facing organisations year-on-year as ranked by 579 Chief Audit Executives (CAEs). For the third year running, cybersecurity has topped the list of risks, with almost four in five (79%) businesses citing it as one of the major risks they face. More than a quarter (27%) singled cybersecurity out as the number one risk, amid a heightened awareness of the IT and security threats posed by widespread remote working, including an increase in phishing attempts and malware infections. The report also points to ongoing concerns around companies’ ability to remain solvent as the world enters a recession. Amid depressed demand, financial, capital and liquidity risks have jumped up the agenda, with more than two in five (42%) of those surveyed including these within their top five risks – a 40% increase on last year.
Other key findings from Risk in Focus 2021 include the following:
- Disasters and crisis preparedness was cited as a top five risk by over a third of CAEs (34%), this was a new risk included for the first time in this year’s survey and reflects the increased focus on crisis management and business resilience as a result of the coronavirus.
- Bribery, fraud and other financial crime was cited by 25% of CAEs as a top five risk, a notable 19% increase on the 21% who said that same a year ago.
- Managing talent, staff wellbeing and diversity challenges has risen up the agenda, with more than one in three (35%) citing ‘Human capital and talent management’ as a top five risk, compared with around one in four (27%) who said the same a year ago.
- Health and safety saw a 70% year-on-year increase in the numbers of businesses citing it as a priority. Almost one in five participants (17%) said it was a top five risk, compared with only 10% a year ago.
- 22% of CAEs cited ‘Climate change and environmental sustainability’ as one of their company’s top five risks, a more than 50% increase on the 14% who said the same in last year’s Risk in Focus survey. Growing awareness of environmental concerns, highlighted nearly half of audit chiefs (41%) saying they expect it to be a priority risk three years from now. But despite this, only 6% of audit chiefs citing climate change as one of the top areas to spend time and effort on.
- With growing uncertainty on whether the UK can agree a trade deal with the EU following Brexit, 33% of CAEs said that ‘Macroeconomic and geopolitical uncertainty’ was a top five risk, an increase on the 29% who said the same a year ago.
John Wood, Chief Executive of the Chartered IIA UK commented:
“Businesses are operating in extraordinary times and have had to adapt to new challenges this year like never before. Coronavirus has exacerbated existing risks, forcing organisations to think from completely new angles or assign new levels of priority to them.
Cybersecurity is a case in point. Though a perennial front-of-mind risk for boards, the rise in remote working means cybersecurity issues have taken on a new dimension and IT infrastructure has had to adapt in record time.
“The longer-term implications of this exceptional scenario are still unclear, but we should expect disruption to continue into next year and beyond. Internal audit can and should help organisations manage these new challenges by identifying their blind spots and opportunities to improve their operations.”
Risk in Focus 2021 sets out a series of recommendations for how organisations can tackle these risks including:
- Protect against cybersecurity threats by introducing new IT protocols suited to the remote working environment, ensuring workers know how to spot cybercrime and avoid succumbing to phishing and spear phishing
- Address short-term financial risks via holistic assessment of enterprise-level operations (such as manufacturing, sales, advertising and marketing activities) to reveal areas to significantly improve efficiencies by driving up revenue and bringing down costs.
- Work with internal audit function to analyse business operations for gaps and inefficiencies that can be closed to deliver savings – as well as the knock-on effects and disruptive costs of any restructuring programme
The research for Risk in Focus 2021 combines both a quantitative survey and qualitative interviews with CAEs, from across 11 European countries and 10 institutes of internal auditors in Austria, Belgium, France, Germany, Italy, Luxembourg, the Netherlands, Spain, Sweden and the UK & Ireland. For the first time this year the process included interviews with Audit Committee Chairs to give a broader perspective on where key business risks lie. This interview cohort comprised 42 CAEs and Audit Committee Chairs (29 CAEs and 13 Audit Committee Chairs) and the quantitative survey saw 579 respondents, a 10% annual increase and the highest response rate since this research study began five years ago.
The top 10 risks for Risk in Focus 2021 were (with the associated %s indicating those CAEs that ranked each a top 5 risk):
Cybersecurity and data security (79%)
Regulatory change and compliance (59%)
Digitalisation, new technology and AI (51%)
Financial, capital and liquidity risks (42%)
Human capital and talent management (35%)
Disasters and crisis response (34%)
Macroeconomic and geopolitical uncertainty (33%)
Supply chains, outsourcing, and ‘nth’ party risk (26%)
Corporate governance and reporting (25%)
Communications, management and reputation (25%)
Source: Institute of Internal Auditors (IIA)