The latest enterprise risk management news from around the world

Board members have greater confidence in their organizations' ability to manage key risks than members of management actually do, according to a survey of board members, executive management, and chief audit executives released by The Institute of Internal Auditors (IIA).

The survey report, ‘OnRisk 2020: A Guide to Understanding, Aligning, and Optimizing Risk’, offers a comprehensive view of organizational risk from those who manage it. Among the report's key findings are:

  • There is a critical misalignment between how executive management views an organization's capability to manage risks and what is communicated to boards, leading to board members believing risks are better managed than they are.
  • A perception of ‘acceptable misalignment’ on risk – some respondents believe some misalignment is to be expected – is prevalent.
  • Some industries are lagging in adopting a systematic approach to risk management. These include health care and retail/wholesale, as well as the public/municipal sector.
  • Among 11 key risks reviewed in the report, cybersecurity and data management and new technology are especially susceptible to critical knowledge deficits.
  • Data management/collection and new technology, data ethics, and sustainability risks are expected to grow in relevance in the next five years.

"Acceptable misalignment on risk is a risk itself that's shortsighted and simply unacceptable," said IIA President and CEO Richard F. Chambers, CIA, QIAL, CGAP, CCSA, CRMA. "The burden is on management to provide the board with an accurate picture of risks that may negatively impact the organization as well as those that present opportunities. But board members also must seek out informed and objective assurance on the information they receive, and internal audit is uniquely positioned to provide that truly independent and enterprise-wide perspective."

Read the report (PDF).


Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.